@licenseseat/js 0.2.0 → 0.2.1

package/README.md

@@ -121,7 +121,7 @@ const sdk = new LicenseSeat({
   apiKey: 'your-api-key',
 
   // API Configuration
-  apiBaseUrl: 'https://api.licenseseat.com',  // Default
+  apiBaseUrl: 'https://licenseseat.com/api',  // Default
 
   // Storage
   storagePrefix: 'licenseseat_',              // localStorage key prefix
@@ -151,7 +151,7 @@ const sdk = new LicenseSeat({
 | Option | Type | Default | Description |
 |--------|------|---------|-------------|
 | `apiKey` | `string` | `null` | API key for authentication (required for most operations) |
-| `apiBaseUrl` | `string` | `'https://api.licenseseat.com'` | API base URL |
+| `apiBaseUrl` | `string` | `'https://licenseseat.com/api'` | API base URL |
 | `storagePrefix` | `string` | `'licenseseat_'` | Prefix for localStorage keys |
 | `autoValidateInterval` | `number` | `3600000` | Auto-validation interval in ms (1 hour) |
 | `autoInitialize` | `boolean` | `true` | Auto-initialize and validate cached license |
@@ -296,6 +296,15 @@ Clear all cached data and reset SDK state.
 sdk.reset();
 ```
 
+#### `sdk.destroy()`
+
+Destroy the SDK instance and release all resources. Call this when you no longer need the SDK to prevent memory leaks. After calling `destroy()`, the SDK instance should not be used.
+
+```javascript
+// When unmounting a component or closing an app
+sdk.destroy();
+```
+
 #### `sdk.initialize()`
 
 Manually initialize the SDK (only needed if `autoInitialize: false`).
@@ -335,6 +344,7 @@ sdk.off('activation:success', handler);
 | **Lifecycle** | | |
 | `license:loaded` | Cached license loaded on init | `CachedLicense` |
 | `sdk:reset` | SDK was reset | – |
+| `sdk:destroyed` | SDK was destroyed | – |
 | `sdk:error` | General SDK error | `{ message, error? }` |
 | **Activation** | | |
 | `activation:start` | Activation started | `{ licenseKey, deviceId }` |
@@ -723,7 +733,7 @@ This project follows [Semantic Versioning](https://semver.org/):
 
 | Change | Before | After | Migration |
 |--------|--------|-------|-----------|
-| `apiBaseUrl` default | `/api` | `https://api.licenseseat.com` | Set `apiBaseUrl` explicitly if using a relative URL |
+| `apiBaseUrl` default | `/api` | `https://licenseseat.com/api` | Set `apiBaseUrl` explicitly if using a relative URL |
 | `offlineFallbackEnabled` default | `true` | `false` | Set `offlineFallbackEnabled: true` if you need offline fallback |
 
 ### New Features in v0.2.0

package/dist/index.js

@@ -221,8 +221,6 @@ function parseActiveEntitlements(payload = {}) {
   const raw = payload.active_ents || payload.active_entitlements || [];
   return raw.map((e) => ({
     key: e.key,
-    name: e.name ?? null,
-    description: e.description ?? null,
     expires_at: e.expires_at ?? null,
     metadata: e.metadata ?? null
   }));
@@ -314,7 +312,7 @@ function getCsrfToken() {
 
 // src/LicenseSeat.js
 var DEFAULT_CONFIG = {
-  apiBaseUrl: "https://api.licenseseat.com",
+  apiBaseUrl: "https://licenseseat.com/api",
   storagePrefix: "licenseseat_",
   autoValidateInterval: 36e5,
   // 1 hour
@@ -352,6 +350,8 @@ var LicenseSeatSDK = class {
     this.connectivityTimer = null;
     this.offlineRefreshTimer = null;
     this.lastOfflineValidation = null;
+    this.syncingOfflineAssets = false;
+    this.destroyed = false;
     if (ed && ed.etc && sha512) {
       ed.etc.sha512Sync = (...m) => sha512(ed.etc.concatBytes(...m));
     } else {
@@ -488,7 +488,7 @@ var LicenseSeatSDK = class {
   async validateLicense(licenseKey, options = {}) {
     try {
       this.emit("validation:start", { licenseKey });
-      const response = await this.apiCall("/licenses/validate", {
+      const rawResponse = await this.apiCall("/licenses/validate", {
         method: "POST",
         body: {
           license_key: licenseKey,
@@ -496,6 +496,10 @@ var LicenseSeatSDK = class {
           product_slug: options.productSlug
         }
       });
+      const response = {
+        valid: rawResponse.valid,
+        ...rawResponse.license || {}
+      };
       const cachedLicense = this.cache.getLicense();
       if ((!response.active_entitlements || response.active_entitlements.length === 0) && cachedLicense?.validation?.active_entitlements?.length) {
         response.active_entitlements = cachedLicense.validation.active_entitlements;
@@ -769,10 +773,36 @@ var LicenseSeatSDK = class {
    */
   reset() {
     this.stopAutoValidation();
+    this.stopConnectivityPolling();
+    if (this.offlineRefreshTimer) {
+      clearInterval(this.offlineRefreshTimer);
+      this.offlineRefreshTimer = null;
+    }
     this.cache.clear();
     this.lastOfflineValidation = null;
+    this.currentAutoLicenseKey = null;
     this.emit("sdk:reset");
   }
+  /**
+   * Destroy the SDK instance and release all resources
+   * Call this when you no longer need the SDK to prevent memory leaks.
+   * After calling destroy(), the SDK instance should not be used.
+   * @returns {void}
+   */
+  destroy() {
+    this.destroyed = true;
+    this.stopAutoValidation();
+    this.stopConnectivityPolling();
+    if (this.offlineRefreshTimer) {
+      clearInterval(this.offlineRefreshTimer);
+      this.offlineRefreshTimer = null;
+    }
+    this.eventListeners = {};
+    this.cache.clear();
+    this.lastOfflineValidation = null;
+    this.currentAutoLicenseKey = null;
+    this.emit("sdk:destroyed");
+  }
   // ============================================================
   // Event Handling
   // ============================================================
@@ -907,10 +937,16 @@ var LicenseSeatSDK = class {
   // ============================================================
   /**
    * Fetch and cache offline license and public key
+   * Uses a lock to prevent concurrent calls from causing race conditions
    * @returns {Promise<void>}
    * @private
    */
   async syncOfflineAssets() {
+    if (this.syncingOfflineAssets || this.destroyed) {
+      this.log("Skipping syncOfflineAssets: already syncing or destroyed");
+      return;
+    }
+    this.syncingOfflineAssets = true;
     try {
       const offline = await this.getOfflineLicense();
       this.cache.setOfflineLicense(offline);
@@ -936,6 +972,8 @@ var LicenseSeatSDK = class {
       }
     } catch (err) {
       this.log("Failed to sync offline assets:", err);
+    } finally {
+      this.syncingOfflineAssets = false;
     }
   }
   /**
@@ -1016,6 +1054,7 @@ var LicenseSeatSDK = class {
   }
   /**
    * Quick offline verification using only local data (no network)
+   * Performs signature verification plus basic validity checks (expiry, license key match)
    * @returns {Promise<import('./types.js').ValidationResult|null>}
    * @private
    */
@@ -1032,7 +1071,21 @@ var LicenseSeatSDK = class {
       if (!ok) {
         return { valid: false, offline: true, reason_code: "signature_invalid" };
       }
-      const active = parseActiveEntitlements(signed.payload || {});
+      const payload = signed.payload || {};
+      const cached = this.cache.getLicense();
+      if (!cached || !constantTimeEqual(payload.lic_k || "", cached.license_key || "")) {
+        return { valid: false, offline: true, reason_code: "license_mismatch" };
+      }
+      const now = Date.now();
+      const expAt = payload.exp_at ? Date.parse(payload.exp_at) : null;
+      if (expAt && expAt < now) {
+        return { valid: false, offline: true, reason_code: "expired" };
+      }
+      const lastSeen = this.cache.getLastSeenTimestamp();
+      if (lastSeen && now + this.config.maxClockSkewMs < lastSeen) {
+        return { valid: false, offline: true, reason_code: "clock_tamper" };
+      }
+      const active = parseActiveEntitlements(payload);
       return {
         valid: true,
         offline: true,

package/dist/types/LicenseSeat.d.ts

@@ -97,6 +97,18 @@ export class LicenseSeatSDK {
      * @private
      */
     private lastOfflineValidation;
+    /**
+     * Flag to prevent concurrent syncOfflineAssets calls
+     * @type {boolean}
+     * @private
+     */
+    private syncingOfflineAssets;
+    /**
+     * Flag indicating if SDK has been destroyed
+     * @type {boolean}
+     * @private
+     */
+    private destroyed;
     /**
      * Initialize the SDK
      * Loads cached license and starts auto-validation if configured.
@@ -182,6 +194,13 @@ export class LicenseSeatSDK {
      * @returns {void}
      */
     reset(): void;
+    /**
+     * Destroy the SDK instance and release all resources
+     * Call this when you no longer need the SDK to prevent memory leaks.
+     * After calling destroy(), the SDK instance should not be used.
+     * @returns {void}
+     */
+    destroy(): void;
     /**
      * Subscribe to an event
      * @param {string} event - Event name
@@ -231,6 +250,7 @@ export class LicenseSeatSDK {
     private stopConnectivityPolling;
     /**
      * Fetch and cache offline license and public key
+     * Uses a lock to prevent concurrent calls from causing race conditions
      * @returns {Promise<void>}
      * @private
      */
@@ -249,6 +269,7 @@ export class LicenseSeatSDK {
     private verifyCachedOffline;
     /**
      * Quick offline verification using only local data (no network)
+     * Performs signature verification plus basic validity checks (expiry, license key match)
      * @returns {Promise<import('./types.js').ValidationResult|null>}
      * @private
      */

package/dist/types/LicenseSeat.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"LicenseSeat.d.ts","sourceRoot":"","sources":["../../src/LicenseSeat.js"],"names":[],"mappings":"AAomCA;;;;GAIG;AACH,2CAHW,OAAO,YAAY,EAAE,iBAAiB,GACpC,cAAc,CAO1B;AAED;;;;;GAKG;AACH,kCAJW,OAAO,YAAY,EAAE,iBAAiB,UACtC,OAAO,GACL,cAAc,CAW1B;AAED;;;GAGG;AACH,uCAFa,IAAI,CAOhB;AAplCD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH;IACE;;;OAGG;IACH,qBAFW,OAAO,YAAY,EAAE,iBAAiB,EAiFhD;IA9EC;;;OAGG;IACH,QAFU,OAAO,YAAY,EAAE,iBAAiB,CAK/C;IAED;;;;OAIG;IACH,uBAAwB;IAExB;;;;OAIG;IACH,wBAA2B;IAE3B;;;;OAIG;IACH,cAAwD;IAExD;;;;OAIG;IACH,eAAkB;IAElB;;;;OAIG;IACH,8BAAiC;IAEjC;;;;OAIG;IACH,0BAA6B;IAE7B;;;;OAIG;IACH,4BAA+B;IAE/B;;;;OAIG;IACH,8BAAiC;IAiBnC;;;;;OAKG;IACH,cAFa,IAAI,CAkDhB;IAED;;;;;;OAMG;IACH,qBALW,MAAM,YACN,OAAO,YAAY,EAAE,iBAAiB,GACpC,OAAO,CAAC,OAAO,YAAY,EAAE,aAAa,CAAC,CA4CvD;IAED;;;;;OAKG;IACH,cAJa,OAAO,KAAQ,CA+B3B;IAED;;;;;;OAMG;IACH,4BALW,MAAM,YACN,OAAO,YAAY,EAAE,iBAAiB,GACpC,OAAO,CAAC,OAAO,YAAY,EAAE,gBAAgB,CAAC,CAkF1D;IAED;;;;OAIG;IACH,iCAHW,MAAM,GACJ,OAAO,YAAY,EAAE,sBAAsB,CA6BvD;IAED;;;;;;OAMG;IACH,+BAHW,MAAM,GACJ,OAAO,CAInB;IAED;;;;;OAKG;IACH,qBAJa,OAAO,CAAC,OAAO,YAAY,EAAE,oBAAoB,CAAC,CAmC9D;IAED;;;;;OAKG;IACH,oBAJW,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAwB3B;IAED;;;;;;;OAOG;IACH,wCANW,OAAO,YAAY,EAAE,oBAAoB,gBACzC,MAAM,GACJ,OAAO,CAAC,OAAO,CAAC,CAuD5B;IAED;;;OAGG;IACH,aAFa,OAAO,YAAY,EAAE,aAAa,CA6C9C;IAED;;;;;;OAMG;IACH,YAJa,OAAO,KAAQ,CAoB3B;IAED;;;OAGG;IACH,SAFa,IAAI,CAOhB;IAMD;;;;;OAKG;IACH,UAJW,MAAM,YACN,OAAO,YAAY,EAAE,aAAa,GAChC,OAAO,YAAY,EAAE,gBAAgB,CAQjD;IAED;;;;;OAKG;IACH,WAJW,MAAM,YACN,OAAO,YAAY,EAAE,aAAa,GAChC,IAAI,CAQhB;IAED;;;;;;OAMG;IACH,aAWC;IAMD;;;;;OAKG;IACH,4BAqBC;IAED;;;;OAIG;IACH,2BAMC;IAED;;;;OAIG;IACH,iCA4BC;IAED;;;;OAIG;IACH,gCAKC;IAMD;;;;OAIG;IACH,0BA+BC;IAED;;;;OAIG;IACH,+BAMC;IAED;;;;OAIG;IACH,4BA0EC;IAED;;;;OAIG;IACH,sCAsBC;IAMD;;;;;;;;;;OAUG;IACH,gBAiFC;IAED;;;;;OAKG;IACH,yBAsBC;IAMD;;;OAGG;IACH,gBAFa,MAAM,CAIlB;IAED;;;;;OAKG;IACH,YAIC;CACF"}
+{"version":3,"file":"LicenseSeat.d.ts","sourceRoot":"","sources":["../../src/LicenseSeat.js"],"names":[],"mappings":"AAwrCA;;;;GAIG;AACH,2CAHW,OAAO,YAAY,EAAE,iBAAiB,GACpC,cAAc,CAO1B;AAED;;;;;GAKG;AACH,kCAJW,OAAO,YAAY,EAAE,iBAAiB,UACtC,OAAO,GACL,cAAc,CAW1B;AAED;;;GAGG;AACH,uCAFa,IAAI,CAOhB;AAxqCD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH;IACE;;;OAGG;IACH,qBAFW,OAAO,YAAY,EAAE,iBAAiB,EA+FhD;IA5FC;;;OAGG;IACH,QAFU,OAAO,YAAY,EAAE,iBAAiB,CAK/C;IAED;;;;OAIG;IACH,uBAAwB;IAExB;;;;OAIG;IACH,wBAA2B;IAE3B;;;;OAIG;IACH,cAAwD;IAExD;;;;OAIG;IACH,eAAkB;IAElB;;;;OAIG;IACH,8BAAiC;IAEjC;;;;OAIG;IACH,0BAA6B;IAE7B;;;;OAIG;IACH,4BAA+B;IAE/B;;;;OAIG;IACH,8BAAiC;IAEjC;;;;OAIG;IACH,6BAAiC;IAEjC;;;;OAIG;IACH,kBAAsB;IAiBxB;;;;;OAKG;IACH,cAFa,IAAI,CAkDhB;IAED;;;;;;OAMG;IACH,qBALW,MAAM,YACN,OAAO,YAAY,EAAE,iBAAiB,GACpC,OAAO,CAAC,OAAO,YAAY,EAAE,aAAa,CAAC,CA4CvD;IAED;;;;;OAKG;IACH,cAJa,OAAO,KAAQ,CA+B3B;IAED;;;;;;OAMG;IACH,4BALW,MAAM,YACN,OAAO,YAAY,EAAE,iBAAiB,GACpC,OAAO,CAAC,OAAO,YAAY,EAAE,gBAAgB,CAAC,CAyF1D;IAED;;;;OAIG;IACH,iCAHW,MAAM,GACJ,OAAO,YAAY,EAAE,sBAAsB,CA6BvD;IAED;;;;;;OAMG;IACH,+BAHW,MAAM,GACJ,OAAO,CAInB;IAED;;;;;OAKG;IACH,qBAJa,OAAO,CAAC,OAAO,YAAY,EAAE,oBAAoB,CAAC,CAmC9D;IAED;;;;;OAKG;IACH,oBAJW,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAwB3B;IAED;;;;;;;OAOG;IACH,wCANW,OAAO,YAAY,EAAE,oBAAoB,gBACzC,MAAM,GACJ,OAAO,CAAC,OAAO,CAAC,CAuD5B;IAED;;;OAGG;IACH,aAFa,OAAO,YAAY,EAAE,aAAa,CA6C9C;IAED;;;;;;OAMG;IACH,YAJa,OAAO,KAAQ,CAoB3B;IAED;;;OAGG;IACH,SAFa,IAAI,CAahB;IAED;;;;;OAKG;IACH,WAFa,IAAI,CAehB;IAMD;;;;;OAKG;IACH,UAJW,MAAM,YACN,OAAO,YAAY,EAAE,aAAa,GAChC,OAAO,YAAY,EAAE,gBAAgB,CAQjD;IAED;;;;;OAKG;IACH,WAJW,MAAM,YACN,OAAO,YAAY,EAAE,aAAa,GAChC,IAAI,CAQhB;IAED;;;;;;OAMG;IACH,aAWC;IAMD;;;;;OAKG;IACH,4BAqBC;IAED;;;;OAIG;IACH,2BAMC;IAED;;;;OAIG;IACH,iCA4BC;IAED;;;;OAIG;IACH,gCAKC;IAMD;;;;;OAKG;IACH,0BAwCC;IAED;;;;OAIG;IACH,+BAMC;IAED;;;;OAIG;IACH,4BA0EC;IAED;;;;;OAKG;IACH,sCA+CC;IAMD;;;;;;;;;;OAUG;IACH,gBAiFC;IAED;;;;;OAKG;IACH,yBAsBC;IAMD;;;OAGG;IACH,gBAFa,MAAM,CAIlB;IAED;;;;;OAKG;IACH,YAIC;CACF"}

package/dist/types/types.d.ts

@@ -141,20 +141,13 @@ export type CachedLicense = {
 };
 /**
  * Entitlement object
+ * Note: API returns only key, expires_at, and metadata. Name/description are not provided.
  */
 export type Entitlement = {
     /**
      * - Unique entitlement key
      */
     key: string;
-    /**
-     * - Human-readable name
-     */
-    name: string | null;
-    /**
-     * - Description of the entitlement
-     */
-    description: string | null;
     /**
      * - ISO8601 expiration timestamp
      */
@@ -251,26 +244,50 @@ export type LicenseStatus = {
  * Offline license payload
  */
 export type OfflineLicensePayload = {
+    /**
+     * - Payload version (currently 1)
+     */
+    v?: number;
     /**
      * - License key
      */
     lic_k?: string;
     /**
-     * - ISO8601 expiration timestamp
+     * - Product slug
+     */
+    prod_s?: string;
+    /**
+     * - License plan key
      */
-    exp_at?: string;
+    plan_k?: string;
     /**
-     * - Key ID for signature verification
+     * - ISO8601 expiration timestamp (null for perpetual)
+     */
+    exp_at?: string | null;
+    /**
+     * - Seat limit (null for unlimited)
+     */
+    sl?: number | null;
+    /**
+     * - Key ID for public key lookup
      */
     kid?: string;
     /**
      * - Active entitlements
      */
-    active_ents?: Array<any>;
+    active_ents?: Array<{
+        key: string;
+        expires_at: string | null;
+        metadata: any | null;
+    }>;
     /**
      * - Active entitlements (alternative key)
      */
-    active_entitlements?: Array<any>;
+    active_entitlements?: Array<{
+        key: string;
+        expires_at: string | null;
+        metadata: any | null;
+    }>;
     /**
      * - Additional metadata
      */
@@ -310,7 +327,11 @@ export type APIErrorData = {
      */
     error?: string;
     /**
-     * - Error code
+     * - Machine-readable reason code (e.g., "license_not_found", "expired", "revoked")
+     */
+    reason_code?: string;
+    /**
+     * - Legacy error code (deprecated, use reason_code)
      */
     code?: string;
     /**

package/dist/types/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.js"],"names":[],"mappings":";;;;;;;iBASc,MAAM;;;;aACN,MAAM;;;;oBACN,MAAM;;;;2BACN,MAAM;;;;6BACN,MAAM;;;;iBACN,MAAM;;;;iBACN,MAAM;;;;YACN,OAAO;;;;oCACP,MAAM;;;;6BACN,OAAO;;;;qBACP,MAAM;;;;qBACN,MAAM;;;;qBACN,OAAO;;;;;;;;;uBAMP,MAAM;;;;0BACN,MAAM;;;;;;;;;;;;;uBAON,MAAM;;;;kBACN,MAAM;;;;;;;;;QAMN,MAAM;;;;iBACN,MAAM;;;;uBACN,MAAM;;;;kBACN,MAAM;;;;;;;;;;;;;iBAON,MAAM;;;;uBACN,MAAM;;;;iBACN,kBAAkB;;;;kBAClB,MAAM;;;;oBACN,MAAM;;;;iBACN,gBAAgB;;;;;;;;;SAMhB,MAAM;;;;UACN,MAAM,GAAC,IAAI;;;;iBACX,MAAM,GAAC,IAAI;;;;gBACX,MAAM,GAAC,IAAI;;;;cACX,MAAO,IAAI;;;;;;;;;WAMX,OAAO;;;;cACP,OAAO;;;;aACP,MAAM;;;;kBACN,MAAM;;;;0BACN,WAAW,EAAE;;;;iBACb,OAAO;;;;;;;;;YAMP,OAAO;;;;aACP,MAAM;;;;iBACN,MAAM;;;;kBACN,WAAW;;;;;;;;;YAMX,MAAM;;;;cACN,MAAM;;;;cACN,MAAM;;;;aACN,MAAM;;;;mBACN,MAAM;;;;qBACN,MAAM;;;;mBACN,WAAW,EAAE;;;;;;;;;YAMb,MAAM;;;;aACN,MAAM;;;;UACN,MAAM;;;;kBACN,KAAK,KAAQ;;;;0BACb,KAAK,KAAQ;;;;;;;;;;;;;aAOb,qBAAqB;;;;oBACrB,MAAM;;;;UACN,MAAM;;;;;mCAMT,GAAC,KACC,IAAI;;;;qCAMJ,IAAI;;;;;;;;YAMH,MAAM;;;;WACN,MAAM"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.js"],"names":[],"mappings":";;;;;;;iBASc,MAAM;;;;aACN,MAAM;;;;oBACN,MAAM;;;;2BACN,MAAM;;;;6BACN,MAAM;;;;iBACN,MAAM;;;;iBACN,MAAM;;;;YACN,OAAO;;;;oCACP,MAAM;;;;6BACN,OAAO;;;;qBACP,MAAM;;;;qBACN,MAAM;;;;qBACN,OAAO;;;;;;;;;uBAMP,MAAM;;;;0BACN,MAAM;;;;;;;;;;;;;uBAON,MAAM;;;;kBACN,MAAM;;;;;;;;;QAMN,MAAM;;;;iBACN,MAAM;;;;uBACN,MAAM;;;;kBACN,MAAM;;;;;;;;;;;;;iBAON,MAAM;;;;uBACN,MAAM;;;;iBACN,kBAAkB;;;;kBAClB,MAAM;;;;oBACN,MAAM;;;;iBACN,gBAAgB;;;;;;;;;;SAOhB,MAAM;;;;gBACN,MAAM,GAAC,IAAI;;;;cACX,MAAO,IAAI;;;;;;;;;WAMX,OAAO;;;;cACP,OAAO;;;;aACP,MAAM;;;;kBACN,MAAM;;;;0BACN,WAAW,EAAE;;;;iBACb,OAAO;;;;;;;;;YAMP,OAAO;;;;aACP,MAAM;;;;iBACN,MAAM;;;;kBACN,WAAW;;;;;;;;;YAMX,MAAM;;;;cACN,MAAM;;;;cACN,MAAM;;;;aACN,MAAM;;;;mBACN,MAAM;;;;qBACN,MAAM;;;;mBACN,WAAW,EAAE;;;;;;;;;QAMb,MAAM;;;;YACN,MAAM;;;;aACN,MAAM;;;;aACN,MAAM;;;;aACN,MAAM,GAAC,IAAI;;;;SACX,MAAM,GAAC,IAAI;;;;UACX,MAAM;;;;kBACN,KAAK,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,GAAC,IAAI,CAAC;QAAC,QAAQ,EAAE,MAAO,IAAI,CAAA;KAAC,CAAC;;;;0BACpE,KAAK,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,GAAC,IAAI,CAAC;QAAC,QAAQ,EAAE,MAAO,IAAI,CAAA;KAAC,CAAC;;;;;;;;;;;;;aAOpE,qBAAqB;;;;oBACrB,MAAM;;;;UACN,MAAM;;;;;mCAMT,GAAC,KACC,IAAI;;;;qCAMJ,IAAI;;;;;;;;YAMH,MAAM;;;;kBACN,MAAM;;;;WACN,MAAM"}

package/dist/types/utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/utils.js"],"names":[],"mappings":"AAQA;;;;GAIG;AACH,wDAFa,OAAO,YAAY,EAAE,WAAW,EAAE,CAW9C;AAED;;;;;GAKG;AACH,sCAJW,MAAM,MACN,MAAM,GACJ,OAAO,CASnB;AAED;;;;;GAKG;AACH,kDAFa,MAAM,CAuBlB;AAED;;;;GAIG;AACH,iDAHW,MAAM,GACJ,UAAU,CAatB;AAED;;;;GAIG;AACH,8BAHW,MAAM,GACJ,MAAM,CAUlB;AAED;;;GAGG;AACH,wCAFa,MAAM,CAalB;AAED;;;GAGG;AACH,oCAFa,MAAM,CAgBlB;AAED;;;;GAIG;AACH,0BAHW,MAAM,GACJ,OAAO,CAAC,IAAI,CAAC,CAIzB;AAED;;;GAGG;AACH,gCAFa,MAAM,CAMlB"}
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/utils.js"],"names":[],"mappings":"AAQA;;;;GAIG;AACH,wDAFa,OAAO,YAAY,EAAE,WAAW,EAAE,CAS9C;AAED;;;;;GAKG;AACH,sCAJW,MAAM,MACN,MAAM,GACJ,OAAO,CASnB;AAED;;;;;GAKG;AACH,kDAFa,MAAM,CAuBlB;AAED;;;;GAIG;AACH,iDAHW,MAAM,GACJ,UAAU,CAatB;AAED;;;;GAIG;AACH,8BAHW,MAAM,GACJ,MAAM,CAUlB;AAED;;;GAGG;AACH,wCAFa,MAAM,CAalB;AAED;;;GAGG;AACH,oCAFa,MAAM,CAgBlB;AAED;;;;GAIG;AACH,0BAHW,MAAM,GACJ,OAAO,CAAC,IAAI,CAAC,CAIzB;AAED;;;GAGG;AACH,gCAFa,MAAM,CAMlB"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@licenseseat/js",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "description": "Official JavaScript SDK for LicenseSeat – simple, secure software licensing.",
   "main": "dist/index.js",
   "module": "dist/index.js",

package/src/LicenseSeat.js

@@ -37,7 +37,7 @@ import {
  * @type {import('./types.js').LicenseSeatConfig}
  */
 const DEFAULT_CONFIG = {
-  apiBaseUrl: "https://api.licenseseat.com",
+  apiBaseUrl: "https://licenseseat.com/api",
   storagePrefix: "licenseseat_",
   autoValidateInterval: 3600000, // 1 hour
   networkRecheckInterval: 30000, // 30 seconds
@@ -145,6 +145,20 @@ export class LicenseSeatSDK {
      */
     this.lastOfflineValidation = null;
 
+    /**
+     * Flag to prevent concurrent syncOfflineAssets calls
+     * @type {boolean}
+     * @private
+     */
+    this.syncingOfflineAssets = false;
+
+    /**
+     * Flag indicating if SDK has been destroyed
+     * @type {boolean}
+     * @private
+     */
+    this.destroyed = false;
+
     // Enable synchronous SHA512 for noble-ed25519
     if (ed && ed.etc && sha512) {
       ed.etc.sha512Sync = (...m) => sha512(ed.etc.concatBytes(...m));
@@ -312,7 +326,7 @@ export class LicenseSeatSDK {
     try {
       this.emit("validation:start", { licenseKey });
 
-      const response = await this.apiCall("/licenses/validate", {
+      const rawResponse = await this.apiCall("/licenses/validate", {
         method: "POST",
         body: {
           license_key: licenseKey,
@@ -321,6 +335,13 @@ export class LicenseSeatSDK {
         },
       });
 
+      // Normalize response: API returns { valid, license: { active_entitlements, ... } }
+      // SDK expects flat structure { valid, active_entitlements, ... }
+      const response = {
+        valid: rawResponse.valid,
+        ...(rawResponse.license || {}),
+      };
+
       // Preserve cached entitlements if server response omits them
       const cachedLicense = this.cache.getLicense();
       if (
@@ -643,11 +664,38 @@ export class LicenseSeatSDK {
    */
   reset() {
     this.stopAutoValidation();
+    this.stopConnectivityPolling();
+    if (this.offlineRefreshTimer) {
+      clearInterval(this.offlineRefreshTimer);
+      this.offlineRefreshTimer = null;
+    }
     this.cache.clear();
     this.lastOfflineValidation = null;
+    this.currentAutoLicenseKey = null;
     this.emit("sdk:reset");
   }
 
+  /**
+   * Destroy the SDK instance and release all resources
+   * Call this when you no longer need the SDK to prevent memory leaks.
+   * After calling destroy(), the SDK instance should not be used.
+   * @returns {void}
+   */
+  destroy() {
+    this.destroyed = true;
+    this.stopAutoValidation();
+    this.stopConnectivityPolling();
+    if (this.offlineRefreshTimer) {
+      clearInterval(this.offlineRefreshTimer);
+      this.offlineRefreshTimer = null;
+    }
+    this.eventListeners = {};
+    this.cache.clear();
+    this.lastOfflineValidation = null;
+    this.currentAutoLicenseKey = null;
+    this.emit("sdk:destroyed");
+  }
+
   // ============================================================
   // Event Handling
   // ============================================================
@@ -799,10 +847,18 @@ export class LicenseSeatSDK {
 
   /**
    * Fetch and cache offline license and public key
+   * Uses a lock to prevent concurrent calls from causing race conditions
    * @returns {Promise<void>}
    * @private
    */
   async syncOfflineAssets() {
+    // Prevent concurrent syncs
+    if (this.syncingOfflineAssets || this.destroyed) {
+      this.log("Skipping syncOfflineAssets: already syncing or destroyed");
+      return;
+    }
+
+    this.syncingOfflineAssets = true;
     try {
       const offline = await this.getOfflineLicense();
       this.cache.setOfflineLicense(offline);
@@ -832,6 +888,8 @@ export class LicenseSeatSDK {
       }
     } catch (err) {
       this.log("Failed to sync offline assets:", err);
+    } finally {
+      this.syncingOfflineAssets = false;
     }
   }
 
@@ -931,6 +989,7 @@ export class LicenseSeatSDK {
 
   /**
    * Quick offline verification using only local data (no network)
+   * Performs signature verification plus basic validity checks (expiry, license key match)
    * @returns {Promise<import('./types.js').ValidationResult|null>}
    * @private
    */
@@ -947,7 +1006,32 @@ export class LicenseSeatSDK {
         return { valid: false, offline: true, reason_code: "signature_invalid" };
       }
 
-      const active = parseActiveEntitlements(signed.payload || {});
+      /** @type {import('./types.js').OfflineLicensePayload} */
+      const payload = signed.payload || {};
+      const cached = this.cache.getLicense();
+
+      // License key match check
+      if (
+        !cached ||
+        !constantTimeEqual(payload.lic_k || "", cached.license_key || "")
+      ) {
+        return { valid: false, offline: true, reason_code: "license_mismatch" };
+      }
+
+      // Expiry check
+      const now = Date.now();
+      const expAt = payload.exp_at ? Date.parse(payload.exp_at) : null;
+      if (expAt && expAt < now) {
+        return { valid: false, offline: true, reason_code: "expired" };
+      }
+
+      // Clock tamper detection
+      const lastSeen = this.cache.getLastSeenTimestamp();
+      if (lastSeen && now + this.config.maxClockSkewMs < lastSeen) {
+        return { valid: false, offline: true, reason_code: "clock_tamper" };
+      }
+
+      const active = parseActiveEntitlements(payload);
       return {
         valid: true,
         offline: true,

package/src/types.js

@@ -7,7 +7,7 @@
 /**
  * SDK Configuration options
  * @typedef {Object} LicenseSeatConfig
- * @property {string} [apiBaseUrl="https://api.licenseseat.com"] - Base URL for the LicenseSeat API
+ * @property {string} [apiBaseUrl="https://licenseseat.com/api"] - Base URL for the LicenseSeat API
  * @property {string} [apiKey] - API key for authentication (required for most operations)
  * @property {string} [storagePrefix="licenseseat_"] - Prefix for localStorage keys
  * @property {number} [autoValidateInterval=3600000] - Interval in ms for automatic license validation (default: 1 hour)
@@ -60,10 +60,9 @@
 
 /**
  * Entitlement object
+ * Note: API returns only key, expires_at, and metadata. Name/description are not provided.
  * @typedef {Object} Entitlement
  * @property {string} key - Unique entitlement key
- * @property {string|null} name - Human-readable name
- * @property {string|null} description - Description of the entitlement
  * @property {string|null} expires_at - ISO8601 expiration timestamp
  * @property {Object|null} metadata - Additional metadata
  */
@@ -103,11 +102,15 @@
 /**
  * Offline license payload
  * @typedef {Object} OfflineLicensePayload
+ * @property {number} [v] - Payload version (currently 1)
  * @property {string} [lic_k] - License key
- * @property {string} [exp_at] - ISO8601 expiration timestamp
- * @property {string} [kid] - Key ID for signature verification
- * @property {Array<Object>} [active_ents] - Active entitlements
- * @property {Array<Object>} [active_entitlements] - Active entitlements (alternative key)
+ * @property {string} [prod_s] - Product slug
+ * @property {string} [plan_k] - License plan key
+ * @property {string|null} [exp_at] - ISO8601 expiration timestamp (null for perpetual)
+ * @property {number|null} [sl] - Seat limit (null for unlimited)
+ * @property {string} [kid] - Key ID for public key lookup
+ * @property {Array<{key: string, expires_at: string|null, metadata: Object|null}>} [active_ents] - Active entitlements
+ * @property {Array<{key: string, expires_at: string|null, metadata: Object|null}>} [active_entitlements] - Active entitlements (alternative key)
  * @property {Object} [metadata] - Additional metadata
  */
 
@@ -136,7 +139,8 @@
  * API Error data
  * @typedef {Object} APIErrorData
  * @property {string} [error] - Error message
- * @property {string} [code] - Error code
+ * @property {string} [reason_code] - Machine-readable reason code (e.g., "license_not_found", "expired", "revoked")
+ * @property {string} [code] - Legacy error code (deprecated, use reason_code)
  * @property {Object} [details] - Additional error details
  */
 

package/src/utils.js

@@ -15,8 +15,6 @@ export function parseActiveEntitlements(payload = {}) {
   const raw = payload.active_ents || payload.active_entitlements || [];
   return raw.map((e) => ({
     key: e.key,
-    name: e.name ?? null,
-    description: e.description ?? null,
     expires_at: e.expires_at ?? null,
     metadata: e.metadata ?? null,
   }));