@xcript-dev/sdk
v0.1.4
Published
License validation SDK for Xcript — validate license keys with Ed25519 signature verification and offline caching
Maintainers
xcript-devReadme
@xcript-dev/sdk
Stop building license systems. Start shipping.
Validate licenses, control activations, gate features — in 5 lines of code.
Why?
You built software. You sell it. But:
- ❌ Someone buys one license, shares it with 10 people
- ❌ A client stops paying and keeps using your app
- ❌ You can't disable access remotely
- ❌ Building auth + licensing from scratch = weeks of work
With Xcript: install, configure, done. Licensing solved forever.
Quick Start — 60 Seconds
npm install @xcript-dev/sdkimport { XcriptClient } from '@xcript-dev/sdk'
const xcript = new XcriptClient({
apiKey: 'xk_your_api_key',
licenseKey: 'XCR-XXXX-XXXX-XXXX',
})
const license = await xcript.validate()
if (license.valid) {
const maxUsers = license.config['max_users']
// Your app runs ✅
} else {
// License expired, revoked, or invalid ❌
console.log('Status:', license.status)
}That's it. Your app now validates licenses automatically.
What You Get
| Feature | What it does |
|---------|-------------|
| License validation | One call to know if the user paid |
| Machine tracking | SHA-256 fingerprint — control how many devices per license |
| Feature flags | config['max_users'] — change limits from your dashboard, no redeploy |
| Kill switch | Revoke any license instantly from the dashboard |
| Offline mode | Works without internet for 72 hours (cached) |
| Anti-tampering | Ed25519 signed responses — impossible to fake |
| Tiny footprint | 5 KB gzipped, 1 dependency |
Real-World Example: Protecting a CLI Tool
#!/usr/bin/env node
import { XcriptClient } from '@xcript-dev/sdk'
const xcript = new XcriptClient({
apiKey: process.env.XCRIPT_API_KEY!,
licenseKey: process.env.LICENSE_KEY!,
publicKey: process.env.XCRIPT_PUBLIC_KEY, // Optional: verify signatures
})
// ── Validate on startup ────────────────────────
const license = await xcript.validate()
if (!license.valid) {
console.error(`❌ License ${license.status}. Purchase at https://yourapp.com/pricing`)
process.exit(1)
}
console.log(`✅ Licensed — ${license.config['plan_name']} plan`)
console.log(` Machine: ${xcript.machineId.slice(0, 8)}...`)
// ── Use dynamic config from dashboard ──────────
const maxProjects = parseInt(license.config['max_projects'] || '3')
const features = (license.config['features'] || '').split(',')
if (features.includes('export')) {
// Premium feature unlocked
}
// ── Deactivate on uninstall ────────────────────
process.on('SIGINT', async () => {
await xcript.deactivate() // Frees the activation slot
process.exit(0)
})API Reference
new XcriptClient(config)
| Option | Type | Required | Default | Description |
|--------|------|----------|---------|-------------|
| apiKey | string | ✅ | — | Your API key (xk_...) |
| licenseKey | string | ✅ | — | License key (XCR-XXXX-XXXX-XXXX) |
| publicKey | string | — | — | Ed25519 public key for signature verification |
| baseUrl | string | — | https://api.xcript.dev | API base URL |
| gracePeriod | number | — | 259200 (72h) | Offline cache TTL in seconds |
| cachePath | string | — | ~/.cache/xcript/ | Custom cache file path |
Methods
| Method | Returns | Description |
|--------|---------|-------------|
| validate() | Promise<ValidationResponse> | Validate license (with offline fallback) |
| deactivate() | Promise<void> | Deactivate this machine |
| isValid() | boolean | Last known state (sync, no network) |
| machineId | string | SHA-256 fingerprint of this machine |
ValidationResponse
{
valid: boolean
licenseId: string | null
productId: string | null
status: 'active' | 'expired' | 'revoked' | 'killed' | 'not_found'
config: Record<string, string> // Dynamic config from dashboard
signature: string // Ed25519 signature
validatedAt: string // ISO 8601
}Works With
Node.js ≥18 · Bun · Deno · Express · Fastify · NestJS · Electron · Tauri · Any JS/TS runtime
Using Next.js?
→ @xcript-dev/next — middleware + hooks + server utilities. Zero boilerplate.
Links
MIT © Xcript