@invonetwork/web-sdk 0.4.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +122 -116
  2. package/README.md +9 -18
  3. package/package.json +76 -76
package/CHANGELOG.md CHANGED
@@ -1,116 +1,122 @@
1
- # Changelog
2
-
3
- All notable changes to `@invonetwork/web-sdk` are documented here. This project follows
4
- [Semantic Versioning](https://semver.org/). Releases are managed with
5
- [changesets](https://github.com/changesets/changesets).
6
-
7
- ## [0.4.0] — 2026-06-30
8
-
9
- Additive releasemore server reads, edge-ready webhooks, cancellation, and tooling.
10
-
11
- - **`getInboundPending({ playerEmail | playerPhone })`** live, unclaimed inbound
12
- sends/transfers for a player (the source of truth behind the "you have X to collect"
13
- badge; pairs with `transfer.claim_pending`).
14
- - **`verifyWebhookAsync`** — Web Crypto variant of `verifyWebhook` that runs on
15
- Cloudflare Workers / Deno / Vercel+Netlify Edge / Bun / browsers; and
16
- **`createWebhookHandler`** — a zero-dep Fetch-API `(Request) => Promise<Response>`
17
- webhook route handler (Next.js App Router, Workers, Deno, Hono, Bun).
18
- - **`iterateItemPurchaseHistory`** async iterator that pages through a player's
19
- full item-purchase history.
20
- - **Per-call `AbortSignal`** — every method accepts an optional `{ signal }`; an
21
- aborted call throws `InvoError` code `ABORTED` and is never retried.
22
- - **Tooling**: ESLint (+ lint in CI), changesets release automation, `SECURITY.md`,
23
- and `CODEOWNERS`.
24
-
25
- ## [0.3.0] — 2026-06-30
26
-
27
- Additive release new server capabilities plus transport resilience/observability.
28
-
29
- - **Webhook verification** (`/server`): `verifyWebhook(rawBody, signatureHeader, secret | secrets, opts?)`
30
- — constant-time HMAC-SHA256 over `${t}.${rawBody}`, 5-minute replay window,
31
- multi-secret rotation; returns a typed `InvoWebhookEvent` discriminated union
32
- (`purchase.*`, `item.purchased`, `transfer.*`, `payout.status_changed`, `webhook.test`).
33
- Throws `InvoError` (`WEBHOOK_SIGNATURE_INVALID` / `WEBHOOK_TIMESTAMP_EXPIRED` /
34
- `WEBHOOK_MALFORMED` / `WEBHOOK_SECRET_MISSING`). Server-only; the browser bundle
35
- stays crypto-free. Independently security-audited.
36
- - **`getPlayerBalance({ playerEmail | playerId })`** (`/server`): typed `player` / `balances` / `summary`.
37
- - **Automatic retries**: network errors/timeouts, `429` (honoring `retry_after`), and
38
- `5xx` are retried with exponential backoff + jitter. New config `maxRetries`
39
- (default 2, `0` disables) and `retryBaseDelayMs` (default 250).
40
- - **Observability hooks**: optional `onRequest` / `onResponse` / `onError` on both
41
- entries (best-effort/non-throwing); `InvoError.requestId` carries the backend
42
- request id for support/tracing.
43
- - **Typed reads**: `confirmPayment` `ConfirmPaymentResult`; `getOrderDetails` /
44
- `getItemOrderDetails` `OrderDetailsResult`; `getItemPurchaseHistory`
45
- `ItemHistoryResult` (previously untyped `Record`). All keep `raw`.
46
- - **Light validation**: `mintPlayerToken` and `createCheckout` require a non-blank
47
- `playerEmail` (throws `INVALID_INPUT` before the network call).
48
- - **License**: `package.json` `license` is now `SEE LICENSE IN LICENSE` (was
49
- `UNLICENSED`); `LICENSE` rewritten as an explicit install-and-use grant for
50
- building INVO integrations.
51
-
52
- ## [0.2.1] 2026-06-30
53
-
54
- Docs only no code change (republished so the npm page README is current).
55
-
56
- - Rewrote the README into a complete integration/deployment guide: capability
57
- overview, architecture, deployment prerequisites, per-flow sections (currency
58
- purchase, item purchase, sends, transfers, passkeys), webhooks, errors, and a
59
- full API reference for both entries.
60
- - Added INVO console onboarding: `https://console.invo.network` (production) and
61
- `https://dev.console.invo.network` (testing/sandbox), mapped to their API base URLs.
62
-
63
- ## [0.2.0] 2026-06-30
64
-
65
- Adds **item purchase** (spend existing game currency on an in-game item, §4.8) — an
66
- additive, server-only surface.
67
-
68
- - `InvoServer` (`/server`): `purchaseItem`, `getItemPurchaseHistory`, `getItemOrderDetails`.
69
- - Server-side, game-secret auth no passkey, no real money, no payment rail (it's a
70
- balance debit). Grant the item off the `item.purchased` webhook.
71
- - Client-side guards: required fields (trim-checked), `itemQuantity` integer `1..1000`,
72
- prices `> 0` and `<= 999999.99` (magnitude-safe 2-decimal check), and
73
- `totalPrice == unitPrice × itemQuantity (±0.01)` compared in integer cents.
74
- - Load-bearing response fields (`transaction_id`, `order_id`) throw `INVALID_RESPONSE`
75
- if missing on a 200.
76
- - `InvoError` helpers: `isInsufficientBalance` (gated to 400; not the `429` throttle),
77
- `isDuplicateRequest` (409), `retryAfter` (numeric or string `retry_after`); all
78
- null-safe against non-JSON error bodies.
79
- - Independently audited (2 agents) against handoff doc §4.8/§6/§8; contract verified,
80
- error-classification edge cases fixed.
81
-
82
- ## [0.1.0] 2026-06-30
83
-
84
- Initial scaffold.
85
-
86
- - `InvoServer` (`/server`): `mintPlayerToken`, `initiateSend`, `initiateTransfer`,
87
- `createCheckout`, `purchaseCurrency`, `confirmPayment`, `getOrderDetails`.
88
- - Client-side purchase guards (§4.7): USD amount `0 < x ≤ 999.99`, required
89
- `purchaseReference`, and `rail:"steam"` rejected before the network call
90
- (`INVALID_INPUT` / `MISSING_PURCHASE_REFERENCE` / `WRONG_RAIL_ENDPOINT`).
91
- - `InvoClient` (browser): `enrollPasskey`, `approveSend`/`approveTransfer`,
92
- `confirmReceiptSend`/`confirmReceiptTransfer`, and `linkDevice` for the
93
- interchangeable-methods flow (§4.6).
94
- - Optional `refreshToken` hook: transparently re-mints and retries once on
95
- `SDK_TOKEN_EXPIRED` (§11.2).
96
- - Shared: typed `InvoError`, isomorphic HTTP client, WebAuthn JSON⇄binary helpers.
97
- - Tests: HTTP layer, server request mapping + purchase guards, browser client
98
- flows (enroll/approve/link/token-refresh), and WebAuthn serialization.
99
- - Contracts extracted + auditor-verified against the INVO backend.
100
-
101
- ### Hardening (independent red-team pass)
102
-
103
- - **Guardian/minor `202` path no longer mismapped to `verificationMethod:"sms"`**
104
- `initiateSend`/`initiateTransfer` now return `verificationMethod: undefined` and a
105
- `guardianApproval` block on the guardian path, so callers don't route into the
106
- PIN UI by mistake (§4.3).
107
- - `usdAmount` validation tightened: rejects non-plain-decimal strings
108
- (`"0x10"`, `"1e2"`, whitespace) and >2 decimal places before any network call.
109
- - Load-bearing response fields (`token`, `checkout_url`) now throw `INVALID_RESPONSE`
110
- instead of silently surfacing as empty strings.
111
- - `getOrderDetails` requires at least one of `orderId`/`transactionId`.
112
- - Token refresh now re-runs the **whole** passkey ceremony on `SDK_TOKEN_EXPIRED`
113
- (never replays a single-use assertion) and single-flights concurrent refreshes.
114
- - `baseUrl` must be `https://` (localhost exempt) so the token/secret can't travel
115
- in cleartext.
116
- - Published tarball excludes sourcemaps (no proprietary source shipped).
1
+ # Changelog
2
+
3
+ All notable changes to `@invonetwork/web-sdk` are documented here. This project follows
4
+ [Semantic Versioning](https://semver.org/). Releases are managed with
5
+ [changesets](https://github.com/changesets/changesets).
6
+
7
+ ## [0.4.1] — 2026-06-30
8
+
9
+ Docs onlyreplaced the README's internal-leaking "Deployment prerequisites"
10
+ (backend flag names, DB columns, gating mechanics) with a partner-facing
11
+ "Before you go live"; republished so the npm page README is current.
12
+
13
+ ## [0.4.0] 2026-06-30
14
+
15
+ Additive release more server reads, edge-ready webhooks, cancellation, and tooling.
16
+
17
+ - **`getInboundPending({ playerEmail | playerPhone })`** live, unclaimed inbound
18
+ sends/transfers for a player (the source of truth behind the "you have X to collect"
19
+ badge; pairs with `transfer.claim_pending`).
20
+ - **`verifyWebhookAsync`** — Web Crypto variant of `verifyWebhook` that runs on
21
+ Cloudflare Workers / Deno / Vercel+Netlify Edge / Bun / browsers; and
22
+ **`createWebhookHandler`** a zero-dep Fetch-API `(Request) => Promise<Response>`
23
+ webhook route handler (Next.js App Router, Workers, Deno, Hono, Bun).
24
+ - **`iterateItemPurchaseHistory`** — async iterator that pages through a player's
25
+ full item-purchase history.
26
+ - **Per-call `AbortSignal`** — every method accepts an optional `{ signal }`; an
27
+ aborted call throws `InvoError` code `ABORTED` and is never retried.
28
+ - **Tooling**: ESLint (+ lint in CI), changesets release automation, `SECURITY.md`,
29
+ and `CODEOWNERS`.
30
+
31
+ ## [0.3.0] 2026-06-30
32
+
33
+ Additive release new server capabilities plus transport resilience/observability.
34
+
35
+ - **Webhook verification** (`/server`): `verifyWebhook(rawBody, signatureHeader, secret | secrets, opts?)`
36
+ — constant-time HMAC-SHA256 over `${t}.${rawBody}`, 5-minute replay window,
37
+ multi-secret rotation; returns a typed `InvoWebhookEvent` discriminated union
38
+ (`purchase.*`, `item.purchased`, `transfer.*`, `payout.status_changed`, `webhook.test`).
39
+ Throws `InvoError` (`WEBHOOK_SIGNATURE_INVALID` / `WEBHOOK_TIMESTAMP_EXPIRED` /
40
+ `WEBHOOK_MALFORMED` / `WEBHOOK_SECRET_MISSING`). Server-only; the browser bundle
41
+ stays crypto-free. Independently security-audited.
42
+ - **`getPlayerBalance({ playerEmail | playerId })`** (`/server`): typed `player` / `balances` / `summary`.
43
+ - **Automatic retries**: network errors/timeouts, `429` (honoring `retry_after`), and
44
+ `5xx` are retried with exponential backoff + jitter. New config `maxRetries`
45
+ (default 2, `0` disables) and `retryBaseDelayMs` (default 250).
46
+ - **Observability hooks**: optional `onRequest` / `onResponse` / `onError` on both
47
+ entries (best-effort/non-throwing); `InvoError.requestId` carries the backend
48
+ request id for support/tracing.
49
+ - **Typed reads**: `confirmPayment` `ConfirmPaymentResult`; `getOrderDetails` /
50
+ `getItemOrderDetails` `OrderDetailsResult`; `getItemPurchaseHistory` →
51
+ `ItemHistoryResult` (previously untyped `Record`). All keep `raw`.
52
+ - **Light validation**: `mintPlayerToken` and `createCheckout` require a non-blank
53
+ `playerEmail` (throws `INVALID_INPUT` before the network call).
54
+ - **License**: `package.json` `license` is now `SEE LICENSE IN LICENSE` (was
55
+ `UNLICENSED`); `LICENSE` rewritten as an explicit install-and-use grant for
56
+ building INVO integrations.
57
+
58
+ ## [0.2.1] 2026-06-30
59
+
60
+ Docs only no code change (republished so the npm page README is current).
61
+
62
+ - Rewrote the README into a complete integration/deployment guide: capability
63
+ overview, architecture, deployment prerequisites, per-flow sections (currency
64
+ purchase, item purchase, sends, transfers, passkeys), webhooks, errors, and a
65
+ full API reference for both entries.
66
+ - Added INVO console onboarding: `https://console.invo.network` (production) and
67
+ `https://dev.console.invo.network` (testing/sandbox), mapped to their API base URLs.
68
+
69
+ ## [0.2.0]2026-06-30
70
+
71
+ Adds **item purchase** (spend existing game currency on an in-game item, §4.8) an
72
+ additive, server-only surface.
73
+
74
+ - `InvoServer` (`/server`): `purchaseItem`, `getItemPurchaseHistory`, `getItemOrderDetails`.
75
+ - Server-side, game-secret auth — no passkey, no real money, no payment rail (it's a
76
+ balance debit). Grant the item off the `item.purchased` webhook.
77
+ - Client-side guards: required fields (trim-checked), `itemQuantity` integer `1..1000`,
78
+ prices `> 0` and `<= 999999.99` (magnitude-safe 2-decimal check), and
79
+ `totalPrice == unitPrice × itemQuantity (±0.01)` compared in integer cents.
80
+ - Load-bearing response fields (`transaction_id`, `order_id`) throw `INVALID_RESPONSE`
81
+ if missing on a 200.
82
+ - `InvoError` helpers: `isInsufficientBalance` (gated to 400; not the `429` throttle),
83
+ `isDuplicateRequest` (409), `retryAfter` (numeric or string `retry_after`); all
84
+ null-safe against non-JSON error bodies.
85
+ - Independently audited (2 agents) against handoff doc §4.8/§6/§8; contract verified,
86
+ error-classification edge cases fixed.
87
+
88
+ ## [0.1.0] 2026-06-30
89
+
90
+ Initial scaffold.
91
+
92
+ - `InvoServer` (`/server`): `mintPlayerToken`, `initiateSend`, `initiateTransfer`,
93
+ `createCheckout`, `purchaseCurrency`, `confirmPayment`, `getOrderDetails`.
94
+ - Client-side purchase guards (§4.7): USD amount `0 < x ≤ 999.99`, required
95
+ `purchaseReference`, and `rail:"steam"` rejected before the network call
96
+ (`INVALID_INPUT` / `MISSING_PURCHASE_REFERENCE` / `WRONG_RAIL_ENDPOINT`).
97
+ - `InvoClient` (browser): `enrollPasskey`, `approveSend`/`approveTransfer`,
98
+ `confirmReceiptSend`/`confirmReceiptTransfer`, and `linkDevice` for the
99
+ interchangeable-methods flow (§4.6).
100
+ - Optional `refreshToken` hook: transparently re-mints and retries once on
101
+ `SDK_TOKEN_EXPIRED` (§11.2).
102
+ - Shared: typed `InvoError`, isomorphic HTTP client, WebAuthn JSON⇄binary helpers.
103
+ - Tests: HTTP layer, server request mapping + purchase guards, browser client
104
+ flows (enroll/approve/link/token-refresh), and WebAuthn serialization.
105
+ - Contracts extracted + auditor-verified against the INVO backend.
106
+
107
+ ### Hardening (independent red-team pass)
108
+
109
+ - **Guardian/minor `202` path no longer mismapped to `verificationMethod:"sms"`** —
110
+ `initiateSend`/`initiateTransfer` now return `verificationMethod: undefined` and a
111
+ `guardianApproval` block on the guardian path, so callers don't route into the
112
+ PIN UI by mistake (§4.3).
113
+ - `usdAmount` validation tightened: rejects non-plain-decimal strings
114
+ (`"0x10"`, `"1e2"`, whitespace) and >2 decimal places before any network call.
115
+ - Load-bearing response fields (`token`, `checkout_url`) now throw `INVALID_RESPONSE`
116
+ instead of silently surfacing as empty strings.
117
+ - `getOrderDetails` requires at least one of `orderId`/`transactionId`.
118
+ - Token refresh now re-runs the **whole** passkey ceremony on `SDK_TOKEN_EXPIRED`
119
+ (never replays a single-use assertion) and single-flights concurrent refreshes.
120
+ - `baseUrl` must be `https://` (localhost exempt) so the token/secret can't travel
121
+ in cleartext.
122
+ - Published tarball excludes sourcemaps (no proprietary source shipped).
package/README.md CHANGED
@@ -22,7 +22,7 @@ The **game secret stays on your server**; the browser only ever holds a short-li
22
22
 
23
23
  - [Install](#install)
24
24
  - [Architecture & the two entry points](#architecture--the-two-entry-points)
25
- - [Deployment prerequisites](#deployment-prerequisites)
25
+ - [Before you go live](#before-you-go-live)
26
26
  - [Configuration](#configuration)
27
27
  - [Currency purchase (real money in)](#currency-purchase-real-money-in)
28
28
  - [Item purchase (spend game currency)](#item-purchase-spend-game-currency)
@@ -78,25 +78,16 @@ Build and test against the **dev console + sandbox** first, then switch to the *
78
78
 
79
79
  **Never import `/server` into browser code** — it carries the game secret. The two entries are built separately for exactly this reason.
80
80
 
81
- ## Deployment prerequisites
81
+ ## Before you go live
82
82
 
83
- INVO provisions these per tenant before the flows go live (most are super_admin-only, set by INVO coordinate with your INVO contact):
83
+ INVO enables each flow for your tenant in the [console](#get-your-account--game-secret-invo-console). What you need to do:
84
84
 
85
- **For sends/transfers + passkeys**
86
- - `SDK_TRANSFER_VERIFICATION_ENABLED` (master) — on.
87
- - `SDK_WEBAUTHN_ENABLED` (master) on.
88
- - `SDK_TRANSFER_CONFIRM_RECEIPT_ENABLED`required for **transfer** self-claim.
89
- - Tenant migrated (`games.sdk_verification_enabled`).
90
- - **Per-tenant RP ID + origins** (`webauthn_rp_id`, `webauthn_origins`). There's no separate "webauthn on" flag — *the presence of a valid RP ID is the gate*. Until it's set, WebAuthn endpoints return `403 WEBAUTHN_NOT_ENABLED_FOR_TENANT`. **You must serve your integration from an origin listed in `webauthn_origins`,** or passkeys won't validate.
85
+ - **Store the game secret server-side** and expose a small endpoint that calls `mintPlayerToken` so the browser can fetch/refresh its token. Never ship the secret to the browser.
86
+ - **For passkeys (sends/transfers):** give INVO the **web origin(s)** you'll serve from. Passkeys only validate on approved origins if a call returns `WEBAUTHN_NOT_ENABLED_FOR_TENANT`, your origins aren't set up yet; contact INVO. (Until enrolled, the sender falls back to the SMS-PIN path automatically.)
87
+ - **For currency purchase:** card checkout works out of the box; ask INVO to enable the `game`/`steam` rails if you need them.
88
+ - **For item purchase:** nothing extra it's a currency-balance debit.
91
89
 
92
- **For currency purchase**
93
- - `platform` (card) rail is always on; `game`/`steam` rails are off by default and each gated by their own flag + per-game config.
94
- - Honors the platform `purchases` kill switch (`503 flow_paused` when paused).
95
-
96
- **For item purchase**
97
- - The game must be in `live` or `testing` state (else `403`). No passkey/payment flags involved — it's a balance debit.
98
-
99
- **On your side:** store the game secret in server-side config/secrets (never ship it to the browser), and expose a small endpoint that calls `mintPlayerToken` so the browser can fetch/refresh its token.
90
+ If a flow isn't enabled for your tenant yet, calls return a clear `InvoError` (e.g. `TENANT_NOT_MIGRATED`, `WEBAUTHN_NOT_ENABLED_FOR_TENANT`, or `flow_paused`) — coordinate with your INVO contact to turn it on.
100
91
 
101
92
  ## Configuration
102
93
 
@@ -292,7 +283,7 @@ try {
292
283
  - **`verificationMethod`** (from initiate): `"in_app"` → passkey approve; `"sms"` → un-enrolled, PIN sent; `undefined` + `guardianApproval` → minor/guardian (HTTP 202), do **not** show the PIN UI.
293
284
  - **Claim codes** are returned only by `approveTransfer`; they're the out-of-band fallback when the recipient isn't enrolled.
294
285
  - **`err.isReceiverNotEnrolled`** on `confirmReceipt*` is the explicit signal to switch to claim-code entry.
295
- - Transfer self-claim additionally requires `SDK_TRANSFER_CONFIRM_RECEIPT_ENABLED`; if it's off, surface the claim-code path.
286
+ - Transfer self-claim may be disabled for your tenant; if it is, surface the claim-code path instead.
296
287
 
297
288
  **"You have X to collect"** — to render a collect badge, list a player's live, unclaimed inbound sends/transfers (the source of truth behind the `transfer.claim_pending` webhook):
298
289
 
package/package.json CHANGED
@@ -1,76 +1,76 @@
1
- {
2
- "name": "@invonetwork/web-sdk",
3
- "version": "0.4.0",
4
- "description": "INVO Web SDK — currency purchase + passkey (WebAuthn) verification for partner web platforms.",
5
- "license": "SEE LICENSE IN LICENSE",
6
- "private": false,
7
- "repository": {
8
- "type": "git",
9
- "url": "git+https://github.com/Invo-Technologies/invo-web-sdk.git"
10
- },
11
- "homepage": "https://docs.invo.network",
12
- "bugs": {
13
- "url": "https://github.com/Invo-Technologies/invo-web-sdk/issues"
14
- },
15
- "type": "module",
16
- "engines": {
17
- "node": ">=18"
18
- },
19
- "sideEffects": false,
20
- "files": [
21
- "dist",
22
- "!dist/**/*.map",
23
- "README.md",
24
- "LICENSE",
25
- "CHANGELOG.md"
26
- ],
27
- "exports": {
28
- ".": {
29
- "types": "./dist/index.d.ts",
30
- "import": "./dist/index.js",
31
- "require": "./dist/index.cjs"
32
- },
33
- "./server": {
34
- "types": "./dist/server.d.ts",
35
- "import": "./dist/server.js",
36
- "require": "./dist/server.cjs"
37
- }
38
- },
39
- "main": "./dist/index.cjs",
40
- "module": "./dist/index.js",
41
- "types": "./dist/index.d.ts",
42
- "scripts": {
43
- "build": "tsup",
44
- "dev": "tsup --watch",
45
- "typecheck": "tsc --noEmit",
46
- "lint": "eslint .",
47
- "test": "vitest run",
48
- "test:watch": "vitest",
49
- "clean": "rimraf dist",
50
- "changeset": "changeset",
51
- "version-packages": "changeset version",
52
- "release": "npm run build && changeset publish",
53
- "prepublishOnly": "npm run clean && npm run build"
54
- },
55
- "keywords": [
56
- "invo",
57
- "webauthn",
58
- "passkey",
59
- "payments",
60
- "game-currency",
61
- "sdk"
62
- ],
63
- "publishConfig": {
64
- "access": "public"
65
- },
66
- "devDependencies": {
67
- "@changesets/cli": "^2.31.0",
68
- "@eslint/js": "^10.0.1",
69
- "eslint": "^10.6.0",
70
- "rimraf": "^5.0.5",
71
- "tsup": "^8.0.1",
72
- "typescript": "^5.4.5",
73
- "typescript-eslint": "^8.62.1",
74
- "vitest": "^1.5.0"
75
- }
76
- }
1
+ {
2
+ "name": "@invonetwork/web-sdk",
3
+ "version": "0.4.1",
4
+ "description": "INVO Web SDK — currency purchase + passkey (WebAuthn) verification for partner web platforms.",
5
+ "license": "SEE LICENSE IN LICENSE",
6
+ "private": false,
7
+ "repository": {
8
+ "type": "git",
9
+ "url": "git+https://github.com/Invo-Technologies/invo-web-sdk.git"
10
+ },
11
+ "homepage": "https://docs.invo.network",
12
+ "bugs": {
13
+ "url": "https://github.com/Invo-Technologies/invo-web-sdk/issues"
14
+ },
15
+ "type": "module",
16
+ "engines": {
17
+ "node": ">=18"
18
+ },
19
+ "sideEffects": false,
20
+ "files": [
21
+ "dist",
22
+ "!dist/**/*.map",
23
+ "README.md",
24
+ "LICENSE",
25
+ "CHANGELOG.md"
26
+ ],
27
+ "exports": {
28
+ ".": {
29
+ "types": "./dist/index.d.ts",
30
+ "import": "./dist/index.js",
31
+ "require": "./dist/index.cjs"
32
+ },
33
+ "./server": {
34
+ "types": "./dist/server.d.ts",
35
+ "import": "./dist/server.js",
36
+ "require": "./dist/server.cjs"
37
+ }
38
+ },
39
+ "main": "./dist/index.cjs",
40
+ "module": "./dist/index.js",
41
+ "types": "./dist/index.d.ts",
42
+ "scripts": {
43
+ "build": "tsup",
44
+ "dev": "tsup --watch",
45
+ "typecheck": "tsc --noEmit",
46
+ "lint": "eslint .",
47
+ "test": "vitest run",
48
+ "test:watch": "vitest",
49
+ "clean": "rimraf dist",
50
+ "changeset": "changeset",
51
+ "version-packages": "changeset version",
52
+ "release": "npm run build && changeset publish",
53
+ "prepublishOnly": "npm run clean && npm run build"
54
+ },
55
+ "keywords": [
56
+ "invo",
57
+ "webauthn",
58
+ "passkey",
59
+ "payments",
60
+ "game-currency",
61
+ "sdk"
62
+ ],
63
+ "publishConfig": {
64
+ "access": "public"
65
+ },
66
+ "devDependencies": {
67
+ "@changesets/cli": "^2.31.0",
68
+ "@eslint/js": "^10.0.1",
69
+ "eslint": "^10.6.0",
70
+ "rimraf": "^5.0.5",
71
+ "tsup": "^8.0.1",
72
+ "typescript": "^5.4.5",
73
+ "typescript-eslint": "^8.62.1",
74
+ "vitest": "^1.5.0"
75
+ }
76
+ }