npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

aiap-local-validator

v1.0.2

Published

Apple's in-app purchase local, on-device, receipt validator

Downloads

17

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

olehkulykovolehkulykov

Keywords

Receipt validationApp Store receipt validationApple in-app purchases

Readme

Apple's in-app purchases local(on-device) receipt validator module for Node.js.

npm node-current Build Status

This module implements in-app purchases local receipt validation. The module has no external dependencies and implemented as a native module. For more info check: https://developer.apple.com/library/archive/releasenotes/General/ValidateAppStoreReceipt/Chapters/ValidateLocally.html

Node.js native module API reference.

ErrorCode

Exported object with exception error codes. Use the 'code' property of the Error object.

ErrorCode.internal ⇒ Number

The required amount of memory can't be alocated or can't instantiate some object.

ErrorCode.input ⇒ Number

The provided argument has unsupported type or incorrect value.

ErrorCode.format ⇒ Number

The receipt has unsupported type of the data or property version. Need update the code, report npm module and update project to use the latest version.

ErrorCode.validation ⇒ Number

Any validation error.

InAppReceiptField

Represents bit-mask values of the 'InAppReceiptField' fields. The name of the emum values are same as in ouput.

Validator

Exported validator.

new Validator()

Constructs new validator.

Validator.version ⇔ String|Undefined

Default: undefined. Provide the application's version to check with the receipt. If this value exists and the receipt contains different version ⇒ Exception(ErrorCode.validation).

// From the iOS client app.
let version = Bundle.main.infoDictionary?["CFBundleShortVersionString"] as? String

Validator.bundleIdentifier ⇔ String|Undefined

Default: undefined. Provide the application's bundle identifier to check with the receipt. If this value exists and the receipt contains different bundle identifier ⇒ Exception(ErrorCode.validation).

// From the iOS client app.
let bundleIdentifier = Bundle.main.bundleIdentifier

Validator.GUID ⇒ ArrayBuffer, ⇐ ArrayBuffer|String

Default: undefined. Provide the application's GUID as a Base64 string or as ArrayBuffer of raw GUID data to check with the receipt. If this value exists and the receipt contains different GUID ⇒ Exception(ErrorCode.validation).

// From the iOS client app.
var deviceIdentifier = UIDevice.current.identifierForVendor?.uuid
let rawDeviceIdentifierPointer = withUnsafePointer(to: &deviceIdentifier) {
    return UnsafeRawPointer($0)
}
let rawGUID = NSData(bytes: rawDeviceIdentifierPointer, length: 16) // send as raw data via 'POST' request
let base64GUID = rawGUID.base64EncodedString() // send as Base64 string via 'GET' request or any other

Validator.inAppReceiptFields ⇔ Number

Default: InAppReceiptField.all. Bit-mask value of the 'In App Receipt' fields. To reset to a default 'all' value, provide undefined value or any unsupported combination of the bit-mask value.

Validator.rootCertificate ⇔ ArrayBuffer

Default: bundled raw data of the 'Apple Inc Root Certificate' as ArrayBuffer. Instead of using bundled 'Apple Inc Root Certificate' you can provide and use your own updated. To reset to a default bundled certificate, provide undefined value.

https://www.apple.com/appleca/AppleIncRootCertificate.cer

Validator.validate(receipt) ⇔ Object

Validates the provided receipt as a Base64 String or as ArrayBuffer of raw data and returns the decrypted App Receipt and array of In-App Purchase Receipt's. If the 'version' and/or 'bundleIdentifier' and/or 'GUID' was provided and the decrypted receipt contains different values ⇒ Exception(ErrorCode.validation).

https://developer.apple.com/library/archive/releasenotes/General/ValidateAppStoreReceipt/Chapters/ReceiptFields.html

Installation via npm package.json

{
  "engines": {
    "node": ">=10.0.0",
    "npm": ">=6.0.0"
  },
  "dependencies": {
    "aiap-local-validator": "^1.0.2"
  }
}

Example

const { Validator, ErrorCode, InAppReceiptField } = require('aiap-local-validator');

try {
    const validator = new Validator();
    
    // Optinaly select fields of the 'In App Receipt', otherwise all fields.
    validator.inAppReceiptFields = InAppReceiptField.expires_date | InAppReceiptField.product_id | ...;
    
    // Optionaly, but recommended, validate the receipt with 'bundleIdentifier', 'version' and 'GUID'.
    validator.bundleIdentifier = 'my.cool.app'; // If validation was failed, the receipt was created by another app -> invalid.
    validator.version = '123'; // If validation was failed, the receipt was created by another version of the app -> invalid.
    validator.GUID = '<Base64 GUID>' | ArrayBuffer; // If validation was failed, the receipt was created on another device -> invalid.
    
    const receipt = validator.validate('<Base64 receipt>' | ArrayBuffer); 
} catch (error) {
    switch (error.code) {
        case ErrorCode.input: break;
        case ErrorCode.validation: break;
        ...
    }
}

Supported fields

All fields of 'App Receipt' and 'In-App Purchase Receipt' which are described and have a valid 'ASN.1 Field Type' are supported.

https://developer.apple.com/library/archive/releasenotes/General/ValidateAppStoreReceipt/Chapters/ReceiptFields.html

Experimantal 'In-App Purchase Receipt' fields

If the field of the 'In-App Purchase Receipt' was selected for output and has a 'RFC 3339 date' string format. Then the extra field with '_ms' prefix will be added with parsed date value in milliseconds(similar to an Apple's online validation).

License

MIT License

Copyright (c) 2020 - 2021 OlehKulykov [email protected]

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.