npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

divinerapier-license-client

v1.0.3

Published

Official Client SDK for Divine Rapier License Server

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

einhvereinhver

Keywords

divinerapierlicensejwteddsa

Readme

divinerapier-license-client

The official, zero-dependency (except jose) Client SDK for integrating with the Divine Rapier License Server. This SDK enables robust cryptographic offline JWT verification to protect your Next.js, Node.js, Electron, or React applications against software piracy.

Installation

npm install divinerapier-license-client

Quick Start

1. Initialization

Grab your server URL and the LIC_PUBLIC_KEY from your server's .env.local file. Hardcode this Public Key directly into your client application.

import { DivineRapierClient } from 'divinerapier-license-client';

const licensing = new DivineRapierClient({
    serverUrl: 'https://divinerapier.vercel.app',
    publicKey: `-----BEGIN PUBLIC KEY-----\nMCOwBQYDK2VwAyEAtMD1FZRTCmaoOw/ARP6fcWFXBpO8tOsvFDDjPNPr9uQ=\n-----END PUBLIC KEY-----`
});

2. Activating a License (Online)

When the user installs your software for the first time, ask them for their License Key and register their machine's Domain or Hardware ID. Note: Due to anti-fraud measures, activations are strictly permanent. A license bound to a specific HWID/Domain cannot be deactivated or transferred by the user.

try {
    const activation = await licensing.activate('XYZZ-ABCD-1234', 'client-domain.com');
    
    // Save the offline token locally (localStorage, File System, Database)
    localStorage.setItem('license_token', activation.offline_token);
    console.log("Success! You are now activated.");

} catch (error) {
    console.error("Activation Failed:", error.message);
}

3. Verifying the License (Offline & Instant)

Run this check every time your application boots or a protected route is requested. Because it relies on Asymmetric EdDSA Cryptography, it runs entirely locally in exactly 1-2 milliseconds without pinging the server.

try {
    const savedToken = localStorage.getItem('license_token');
    
    // Validates the cryptographic signature, the expiration date, and the bound domain.
    const payload = await licensing.verifyOffline(savedToken, {
        expectedDomain: 'client-domain.com'
    });
    
    console.log("License is Valid! Launching App...");

} catch (error) {
    // Throws an error if expired, tampered with, or domain mismatches.
    console.error("Access Denied:", error.message);
    // Redirect to activation page / shut down app
}

4. Hardware Fingerprinting (Security Best Practice)

To prevent device spoofing, combine multiple hardware serials into a single deterministic SHA-256 hash using the built-in SDK utility.

import { generateFingerprint } from 'divinerapier-license-client';

// Example: Gather serials from your application environment (e.g. via systeminformation/wmi)
const cpuSerial = "CPU-12345";
const macAddress = "00:1B:44:11:3A:B7";
const diskSerial = "WD-WCC6Y6X";

const secureHwid = await generateFingerprint([cpuSerial, macAddress, diskSerial]);
// Returns: "a1b2c3d4..."

// Use this secureHwid during Activation
const response = await licensing.activate('XYZZ-ABCD-1234', null, secureHwid);

// Use this secureHwid during Offline Validation
const payload = await licensing.verifyOffline(offlineToken, {
  expectedHwid: secureHwid
});

TypeScript Support

This SDK provides first-class TypeScript support. The verifyOffline method strictly returns a LicensePayload interface, ensuring you get autocomplete for licenseId, domain, and hwid.

Security Best Practices

  • Do NOT put your LIC_PRIVATE_KEY inside the client application. Only the LIC_PUBLIC_KEY belongs here.
  • Obfuscate your client application code before distributing it to customers to prevent them from simply removing the verifyOffline() function call.