@nile-squad/nylonpay-ts 1.0.7 → 1.0.8

package/dist/index.d.ts

@@ -149,6 +149,14 @@ type VerifyWebhookInput = {
     payload: string | Uint8Array;
     signature: string;
     secret: string;
+    /**
+     * Replay-protection window in seconds. After the signature is verified, the
+     * timestamp carried inside the signed body must be within this many seconds of
+     * now, or verification fails. Defaults to 300 (5 minutes). Set to `0` to
+     * disable the freshness check (not recommended — a captured webhook then
+     * verifies forever).
+     */
+    toleranceSeconds?: number;
 };
 /**
  * Full transaction record returned by lookups, event handlers, and the
@@ -245,16 +253,39 @@ type AfterPayoutHook = (result: Result<{
     reference: string;
     status: string;
 }, string>, input: MakePayoutInput) => void | Promise<void>;
+/**
+ * Wrapper applied to every lifecycle hook. The SDK runs `fn` inside `safeTry`,
+ * so a throw or rejection in merchant code never bubbles into the payment flow —
+ * it is routed to `onError` instead.
+ *
+ * WHY `onError` is required: an unhandled hook failure in a payments SDK is the
+ * worst kind of silent bug (the payment "succeeds" while a wallet credit or
+ * fulfillment side-effect was lost). Forcing the merchant to declare what
+ * happens on failure replaces both the old "throw and maybe crash" behaviour and
+ * a silent `catch {}` with an explicit, type-enforced decision.
+ */
+type SdkHook<TFn> = {
+    /** Set `false` to disable this hook without removing its config. Default: true. */
+    enabled?: boolean;
+    /** The hook implementation. */
+    fn: TFn;
+    /**
+     * Required. Receives the thrown/rejected value if `fn` fails. Runs inside
+     * `safeTry` too, so an error here is contained as well.
+     */
+    onError: (error: unknown) => void | Promise<void>;
+};
 /**
  * Lifecycle hooks registered once at SDK creation. Each hook fires on every
  * matching operation — use them for cross-cutting concerns like logging,
- * audit trails, and payload enrichment.
+ * audit trails, and payload enrichment. Every hook is wrapped in {@link SdkHook}
+ * so merchant code can never crash the payment flow.
  */
 type SdkHooks = {
-    beforeCollect?: BeforeCollectHook;
-    afterCollect?: AfterCollectHook;
-    beforePayout?: BeforePayoutHook;
-    afterPayout?: AfterPayoutHook;
+    beforeCollect?: SdkHook<BeforeCollectHook>;
+    afterCollect?: SdkHook<AfterCollectHook>;
+    beforePayout?: SdkHook<BeforePayoutHook>;
+    afterPayout?: SdkHook<AfterPayoutHook>;
 };
 /**
  * SDK configuration supplied by the merchant at initialization.
@@ -273,12 +304,6 @@ type NylonPayConfig = {
     maxPollIntervalMs?: number;
     maxPollDurationMs?: number;
     maxPollAttempts?: number;
-    /**
-     * Receive status updates over an SSE stream (default `true`), falling back to
-     * polling automatically when the stream is unavailable. Set `false` to poll
-     * only.
-     */
-    streaming?: boolean;
     fetch?: typeof globalThis.fetch;
     /** Force a new instance even if one already exists for this key+url pair. */
     force?: boolean;
@@ -595,9 +620,9 @@ interface PaymentInstance {
  * Factory function to create a Nylon Pay SDK instance.
  * This is the main entry point for merchants.
  *
- * Calling createNylonPay with the same apiKey and baseUrl returns the same
- * instance (singleton per key+url pair). Pass { force: true } to create a
- * fresh instance and replace the cached one.
+ * Calling createNylonPay with the same apiKey, apiSecret and baseUrl returns the
+ * same instance (singleton per key+secret+url). Rotating the secret yields a
+ * fresh instance. Pass { force: true } to force a new instance regardless.
  *
  * @example
  * ```ts
@@ -613,9 +638,9 @@ interface PaymentInstance {
 /**
  * Create a Nylon Pay SDK instance.
  *
- * Returns the same instance for the same apiKey + baseUrl combination unless
- * { force: true } is passed. Use your test keys for sandbox, production keys
- * for live.
+ * Returns the same instance for the same apiKey + apiSecret + baseUrl
+ * combination unless { force: true } is passed. Use your test keys for sandbox,
+ * production keys for live.
  *
  * @param config - SDK configuration with apiKey and apiSecret
  * @returns SDK instance with all payment operations
@@ -663,13 +688,19 @@ declare function parseError(error: string): SdkError;
  */
 
 /**
- * Verify that a webhook payload was signed by Nylon Pay.
- * Operates on raw payload bytes, NOT parsed JSON (spec invariant #8).
+ * Verify that a webhook payload was genuinely sent by Nylon Pay.
+ *
+ * Two checks, both must pass:
+ * 1. **Authenticity** — HMAC-SHA256 over the raw payload bytes (NOT parsed
+ *    JSON, spec invariant #8) matches the provided signature.
+ * 2. **Freshness** — the `timestamp` carried inside the signed body is within
+ *    `toleranceSeconds` of now (default 300s). This is what stops a replay: a
+ *    captured `(body, signature)` pair stays cryptographically valid forever,
+ *    but its embedded timestamp goes stale. Every genuine delivery, including
+ *    retries hours later, is re-stamped and re-signed, so this never rejects
+ *    legitimate traffic. Pass `toleranceSeconds: 0` to skip this check.
  *
- * @param input.payload - Raw request body as string or Uint8Array
- * @param input.signature - Signature from the webhook header
- * @param input.secret - Merchant's webhook secret
- * @returns True when the signature is valid
+ * @returns True when the signature is valid and (when enforced) the webhook is fresh
  */
 declare function verifyWebhookSignature(input: VerifyWebhookInput): boolean;
 

package/dist/index.js

@@ -2,7 +2,7 @@ import { createHash, createHmac, timingSafeEqual, randomBytes } from 'crypto';
 import { Ok, Err, safeTry } from 'slang-ts';
 import { type, platform, arch, release, hostname } from 'os';
 
-// src/sdk.ts
+// src/create-nylon-pay.ts
 
 // src/pubsub.ts
 function createEmitter() {
@@ -61,9 +61,7 @@ var DEFAULT_MAX_RETRIES = 3;
 var DEFAULT_MAX_POLL_INTERVAL_MS = 2e3;
 var DEFAULT_MAX_POLL_DURATION_MS = 3e5;
 var DEFAULT_MAX_POLL_ATTEMPTS = 150;
-var DEFAULT_STREAMING = true;
-var STREAM_PATH = "/sse/transaction";
-var MAX_STREAM_RECONNECTS = 2;
+var POLL_JITTER_MS = 250;
 var SDK_SERVICE = "sdk";
 var SDK_ACTIONS = {
   collectPayment: "sdk-collect-payment",
@@ -91,13 +89,22 @@ function generateFingerprint() {
 function generateNonce(length = 16) {
   return randomBytes(length).toString("hex");
 }
+function compareByCodePoint(first, second) {
+  if (first < second) {
+    return -1;
+  }
+  if (first > second) {
+    return 1;
+  }
+  return 0;
+}
 function sortValue(value) {
   if (Array.isArray(value)) {
     return value.map((entry) => sortValue(entry));
   }
   if (value && typeof value === "object") {
     const sortedEntries = Object.entries(value).sort(
-      ([firstKey], [secondKey]) => firstKey.localeCompare(secondKey)
+      ([firstKey], [secondKey]) => compareByCodePoint(firstKey, secondKey)
     );
     return Object.fromEntries(
       sortedEntries.map(([entryKey, entryValue]) => [
@@ -121,42 +128,6 @@ function createSignature(input) {
 function createTimestamp() {
   return Date.now().toString();
 }
-
-// src/sse-parse.ts
-function parseBlock(block) {
-  let event = "message";
-  const dataLines = [];
-  for (const rawLine of block.split("\n")) {
-    const line = rawLine.replace(/\r$/, "");
-    if (line.startsWith(":")) {
-      continue;
-    }
-    if (line.startsWith("event:")) {
-      event = line.slice("event:".length).trim();
-    } else if (line.startsWith("data:")) {
-      dataLines.push(line.slice("data:".length).trim());
-    }
-  }
-  if (dataLines.length === 0) {
-    return null;
-  }
-  return { event, data: dataLines.join("\n") };
-}
-function parseSseBuffer(buffer) {
-  const messages = [];
-  let rest = buffer;
-  let separator = rest.indexOf("\n\n");
-  while (separator !== -1) {
-    const block = rest.slice(0, separator);
-    rest = rest.slice(separator + 2);
-    const message = parseBlock(block);
-    if (message) {
-      messages.push(message);
-    }
-    separator = rest.indexOf("\n\n");
-  }
-  return { messages, rest };
-}
 function verifyResponseSignature(data, signature, secret) {
   const expectedSignature = createHmac("sha256", secret).update(createCanonicalPayload(data)).digest("hex");
   const providedBuffer = Buffer.from(signature, "hex");
@@ -169,13 +140,6 @@ function verifyResponseSignature(data, signature, secret) {
 
 // src/transport.ts
 var CACHED_FINGERPRINT = generateFingerprint();
-function streamUrl(baseUrl) {
-  try {
-    return new URL(baseUrl).origin + STREAM_PATH;
-  } catch {
-    return baseUrl.replace(/\/api\/services\/?$/u, "") + STREAM_PATH;
-  }
-}
 var KNOWN_CATEGORIES = /* @__PURE__ */ new Set([
   "auth",
   "validation",
@@ -341,22 +305,30 @@ function createTransport({
         const { status, message, data } = responseBody;
         if (status === true) {
           const { data: strippedData, responseSignature } = stripResponseSignature(data);
-          if (responseSignature) {
-            const isValid = verifyResponseSignature(
-              strippedData,
-              responseSignature,
-              apiSecret
+          if (!responseSignature) {
+            cleanup();
+            return Err(
+              JSON.stringify({
+                category: "internal",
+                message: "Response signature missing",
+                retryable: false
+              })
+            );
+          }
+          const isValid = verifyResponseSignature(
+            strippedData,
+            responseSignature,
+            apiSecret
+          );
+          if (!isValid) {
+            cleanup();
+            return Err(
+              JSON.stringify({
+                category: "internal",
+                message: "Response signature verification failed",
+                retryable: false
+              })
             );
-            if (!isValid) {
-              cleanup();
-              return Err(
-                JSON.stringify({
-                  category: "internal",
-                  message: "Response signature verification failed",
-                  retryable: false
-                })
-              );
-            }
           }
           cleanup();
           return Ok(strippedData);
@@ -381,91 +353,7 @@ function createTransport({
     }
     return attempt(0);
   }
-  function openStream(input) {
-    const controller = new AbortController();
-    let closed = false;
-    const close = () => {
-      if (closed) {
-        return;
-      }
-      closed = true;
-      controller.abort();
-    };
-    const payload = {
-      reference: input.reference,
-      _fingerprint: CACHED_FINGERPRINT
-    };
-    const headers = buildAuthHeaders({ apiKey, apiSecret, payload });
-    const url = streamUrl(baseUrl);
-    const run = async () => {
-      const fetchResult = await safeTry(
-        () => fetchImpl(url, {
-          method: "POST",
-          headers,
-          body: JSON.stringify(payload),
-          signal: controller.signal
-        })
-      );
-      if (fetchResult.isErr) {
-        if (!closed) {
-          input.onError(fetchResult.error);
-        }
-        return;
-      }
-      const response = fetchResult.value;
-      if (!response.ok || !response.body) {
-        const textResult = await safeTry(() => response.text());
-        const message = textResult.isOk ? textResult.value : `HTTP ${response.status}`;
-        if (!closed) {
-          input.onError(message || `HTTP ${response.status}`);
-        }
-        return;
-      }
-      const reader = response.body.getReader();
-      const decoder = new TextDecoder();
-      let buffer = "";
-      while (!closed) {
-        const chunkResult = await safeTry(() => reader.read());
-        if (chunkResult.isErr) {
-          if (!closed) {
-            input.onError(chunkResult.error);
-          }
-          return;
-        }
-        const chunk = chunkResult.value;
-        if (chunk.done) {
-          break;
-        }
-        buffer += decoder.decode(chunk.value, { stream: true });
-        const { messages, rest } = parseSseBuffer(buffer);
-        buffer = rest;
-        for (const message of messages) {
-          if (message.event === "status") {
-            const statusResult = await safeTry(
-              () => JSON.parse(message.data)
-            );
-            if (statusResult.isOk) {
-              input.onStatus(statusResult.value);
-            }
-          } else if (message.event === "error") {
-            const errDataResult = await safeTry(
-              () => JSON.parse(message.data)
-            );
-            const text = errDataResult.isOk ? errDataResult.value.message ?? message.data : message.data;
-            close();
-            input.onError(text);
-            return;
-          }
-        }
-      }
-      if (!closed) {
-        input.onClose();
-      }
-    };
-    void run();
-    return { close };
-  }
-  return { send, openStream, parseError };
+  return { send, parseError };
 }
 function parseError(error) {
   try {
@@ -515,11 +403,7 @@ function createPaymentInstance(initialResponse, deps) {
     fetchTransaction: deps.fetchTransaction,
     pollIntervalMs: deps.pollIntervalMs ?? 2e3,
     maxPollDuration: deps.maxPollDuration ?? 3e5,
-    maxPollAttempts: deps.maxPollAttempts ?? 150,
-    streaming: deps.streaming ?? false,
-    openStream: deps.openStream,
-    streamHandle: null,
-    streamReconnects: 0
+    maxPollAttempts: deps.maxPollAttempts ?? 150
   };
   function resolveWithError(error) {
     state.resolved = true;
@@ -555,6 +439,9 @@ function createPaymentInstance(initialResponse, deps) {
     stopUpdates();
   }
   async function handleStatusUpdate(response) {
+    if (state.resolved) {
+      return;
+    }
     if (response.reference !== state.reference) {
       resolveWithError(
         `Reference mismatch: expected ${state.reference} but got ${response.reference}`
@@ -588,10 +475,11 @@ function createPaymentInstance(initialResponse, deps) {
     if (state.resolved || state.pollingTimer) {
       return;
     }
+    const delay2 = state.pollIntervalMs + Math.random() * POLL_JITTER_MS;
     state.pollingTimer = setTimeout(() => {
       state.pollingTimer = null;
       void pollStatus();
-    }, state.pollIntervalMs);
+    }, delay2);
   }
   async function pollStatus() {
     if (state.resolved) {
@@ -619,42 +507,6 @@ function createPaymentInstance(initialResponse, deps) {
     }
     scheduleNextPoll();
   }
-  function closeStream() {
-    if (state.streamHandle) {
-      state.streamHandle.close();
-      state.streamHandle = null;
-    }
-  }
-  function startStream() {
-    if (state.resolved || !state.openStream) {
-      return;
-    }
-    state.streamHandle = state.openStream({
-      reference: state.reference,
-      onStatus: (status) => {
-        void handleStatusUpdate(status);
-      },
-      onError: () => handleStreamFailure(),
-      onClose: () => handleStreamFailure()
-    });
-  }
-  function handleStreamFailure() {
-    closeStream();
-    if (state.resolved) {
-      return;
-    }
-    if (state.streamReconnects < MAX_STREAM_RECONNECTS) {
-      state.streamReconnects += 1;
-      const backoff = 500 * 2 ** (state.streamReconnects - 1) + Math.random() * 250;
-      setTimeout(() => {
-        if (!state.resolved) {
-          startStream();
-        }
-      }, backoff);
-      return;
-    }
-    scheduleNextPoll();
-  }
   function startUpdates() {
     if (TERMINAL_STATES.has(state.status)) {
       setTimeout(() => {
@@ -662,10 +514,6 @@ function createPaymentInstance(initialResponse, deps) {
       }, 0);
       return;
     }
-    if (state.streaming && state.openStream) {
-      startStream();
-      return;
-    }
     scheduleNextPoll();
   }
   function stopUpdates() {
@@ -673,7 +521,6 @@ function createPaymentInstance(initialResponse, deps) {
       clearTimeout(state.pollingTimer);
       state.pollingTimer = null;
     }
-    closeStream();
   }
   function on(event, handler) {
     state.emitter.on(event, handler);
@@ -746,21 +593,65 @@ function createPaymentInstance(initialResponse, deps) {
   }
   return paymentInstance;
 }
+var DEFAULT_TOLERANCE_SECONDS = 300;
+function decodePayload(payload) {
+  return typeof payload === "string" ? payload : Buffer.from(payload).toString("utf8");
+}
+function extractSignedTimestampMs(payloadString) {
+  let parsed;
+  try {
+    parsed = JSON.parse(payloadString);
+  } catch {
+    return null;
+  }
+  if (!parsed || typeof parsed !== "object") {
+    return null;
+  }
+  const raw = parsed.timestamp;
+  if (typeof raw === "number" && Number.isFinite(raw)) {
+    return raw < 1e12 ? raw * 1e3 : raw;
+  }
+  if (typeof raw === "string") {
+    const ms = Date.parse(raw);
+    return Number.isNaN(ms) ? null : ms;
+  }
+  return null;
+}
 function verifyWebhookSignature(input) {
-  const payloadBytes = typeof input.payload === "string" ? Buffer.from(input.payload, "utf8") : Buffer.from(input.payload);
+  const payloadString = decodePayload(input.payload);
+  const payloadBytes = Buffer.from(payloadString, "utf8");
   const expectedSignature = createHmac("sha256", input.secret).update(payloadBytes).digest("hex");
   const providedBuffer = Buffer.from(input.signature, "hex");
   const expectedBuffer = Buffer.from(expectedSignature, "hex");
   if (providedBuffer.length !== expectedBuffer.length) {
     return false;
   }
-  return timingSafeEqual(providedBuffer, expectedBuffer);
+  if (!timingSafeEqual(providedBuffer, expectedBuffer)) {
+    return false;
+  }
+  const toleranceSeconds = input.toleranceSeconds ?? DEFAULT_TOLERANCE_SECONDS;
+  if (toleranceSeconds <= 0) {
+    return true;
+  }
+  const timestampMs = extractSignedTimestampMs(payloadString);
+  if (timestampMs === null) {
+    return false;
+  }
+  const ageMs = Math.abs(Date.now() - timestampMs);
+  return ageMs <= toleranceSeconds * 1e3;
 }
 
 // src/sdk.ts
 function generateReference() {
   return randomBytes(16).toString("hex").slice(0, 15);
 }
+async function runHook(hook, ...args) {
+  if (!hook || hook.enabled === false) return void 0;
+  const result = await safeTry(async () => hook.fn(...args));
+  if (result.isOk) return result.value;
+  await safeTry(async () => hook.onError(result.error));
+  return void 0;
+}
 function throwValidation(message) {
   throw createSdkError({ category: "validation", message });
 }
@@ -794,9 +685,7 @@ function createSdkInstance(config) {
     }),
     pollIntervalMs: config.maxPollIntervalMs,
     maxPollDuration: config.maxPollDurationMs,
-    maxPollAttempts: config.maxPollAttempts,
-    streaming: config.streaming,
-    openStream: config.streaming ? transport.openStream : void 0
+    maxPollAttempts: config.maxPollAttempts
   };
   async function collectPayment(input) {
     const reference = input.reference ?? generateReference();
@@ -808,24 +697,18 @@ function createSdkInstance(config) {
       throwValidation('bank details are required when method is "bank"');
     }
     let payload = { ...input, reference };
-    if (config.hooks?.beforeCollect) {
-      const mutated = await config.hooks.beforeCollect(payload);
-      if (mutated != null)
-        payload = { ...mutated, reference: mutated.reference ?? reference };
-    }
+    const mutated = await runHook(config.hooks?.beforeCollect, payload);
+    if (mutated != null)
+      payload = { ...mutated, reference: mutated.reference ?? reference };
     const result = await transport.send({
       action: SDK_ACTIONS.collectPayment,
       payload
     });
-    if (config.hooks?.afterCollect) {
-      await config.hooks.afterCollect(
-        result.isOk ? Ok({
-          reference: result.value.reference,
-          status: result.value.status
-        }) : Err(result.error),
-        payload
-      );
-    }
+    await runHook(
+      config.hooks?.afterCollect,
+      result.isOk ? Ok({ reference: result.value.reference, status: result.value.status }) : Err(result.error),
+      payload
+    );
     if (result.isErr) {
       const sdkErr = parseError(result.error);
       return createPaymentInstance(
@@ -845,24 +728,18 @@ function createSdkInstance(config) {
       throwValidation('bank details are required when method is "bank"');
     }
     let payload = { ...input, reference };
-    if (config.hooks?.beforeCollect) {
-      const mutated = await config.hooks.beforeCollect(payload);
-      if (mutated != null)
-        payload = { ...mutated, reference: mutated.reference ?? reference };
-    }
+    const mutated = await runHook(config.hooks?.beforeCollect, payload);
+    if (mutated != null)
+      payload = { ...mutated, reference: mutated.reference ?? reference };
     const result = await transport.send({
       action: SDK_ACTIONS.collectPaymentAndResolve,
       payload
     });
-    if (config.hooks?.afterCollect) {
-      await config.hooks.afterCollect(
-        result.isOk ? Ok({
-          reference: result.value.reference,
-          status: result.value.status
-        }) : Err(result.error),
-        payload
-      );
-    }
+    await runHook(
+      config.hooks?.afterCollect,
+      result.isOk ? Ok({ reference: result.value.reference, status: result.value.status }) : Err(result.error),
+      payload
+    );
     if (result.isOk) {
       return Ok(result.value);
     }
@@ -883,24 +760,18 @@ function createSdkInstance(config) {
       "destination.accountNumber"
     );
     let payload = { ...input, reference };
-    if (config.hooks?.beforePayout) {
-      const mutated = await config.hooks.beforePayout(payload);
-      if (mutated != null)
-        payload = { ...mutated, reference: mutated.reference ?? reference };
-    }
+    const mutated = await runHook(config.hooks?.beforePayout, payload);
+    if (mutated != null)
+      payload = { ...mutated, reference: mutated.reference ?? reference };
     const result = await transport.send({
       action: SDK_ACTIONS.makePayout,
       payload
     });
-    if (config.hooks?.afterPayout) {
-      await config.hooks.afterPayout(
-        result.isOk ? Ok({
-          reference: result.value.reference,
-          status: result.value.status
-        }) : Err(result.error),
-        payload
-      );
-    }
+    await runHook(
+      config.hooks?.afterPayout,
+      result.isOk ? Ok({ reference: result.value.reference, status: result.value.status }) : Err(result.error),
+      payload
+    );
     if (result.isErr) {
       const sdkErr = parseError(result.error);
       return createPaymentInstance(
@@ -925,24 +796,18 @@ function createSdkInstance(config) {
       "destination.accountNumber"
     );
     let payload = { ...input, reference };
-    if (config.hooks?.beforePayout) {
-      const mutated = await config.hooks.beforePayout(payload);
-      if (mutated != null)
-        payload = { ...mutated, reference: mutated.reference ?? reference };
-    }
+    const mutated = await runHook(config.hooks?.beforePayout, payload);
+    if (mutated != null)
+      payload = { ...mutated, reference: mutated.reference ?? reference };
     const result = await transport.send({
       action: SDK_ACTIONS.makePayoutAndResolve,
       payload
     });
-    if (config.hooks?.afterPayout) {
-      await config.hooks.afterPayout(
-        result.isOk ? Ok({
-          reference: result.value.reference,
-          status: result.value.status
-        }) : Err(result.error),
-        payload
-      );
-    }
+    await runHook(
+      config.hooks?.afterPayout,
+      result.isOk ? Ok({ reference: result.value.reference, status: result.value.status }) : Err(result.error),
+      payload
+    );
     if (result.isOk) {
       return Ok(result.value);
     }
@@ -1042,7 +907,8 @@ function createNylonPay(config) {
     throw new Error('apiSecret must start with "nps_"');
   }
   const baseUrl = config.baseUrl ?? DEFAULT_BASE_URL;
-  const instanceKey = `${config.apiKey}:${baseUrl}`;
+  const secretHash = createHash("sha256").update(config.apiSecret).digest("hex").slice(0, 16);
+  const instanceKey = `${config.apiKey}:${baseUrl}:${secretHash}`;
   if (!config.force) {
     const existing = instances.get(instanceKey);
     if (existing) return existing;
@@ -1056,7 +922,6 @@ function createNylonPay(config) {
     maxPollIntervalMs: config.maxPollIntervalMs ?? DEFAULT_MAX_POLL_INTERVAL_MS,
     maxPollDurationMs: config.maxPollDurationMs ?? DEFAULT_MAX_POLL_DURATION_MS,
     maxPollAttempts: config.maxPollAttempts ?? DEFAULT_MAX_POLL_ATTEMPTS,
-    streaming: config.streaming ?? DEFAULT_STREAMING,
     fetch: config.fetch ?? globalThis.fetch.bind(globalThis),
     hooks: config.hooks
   };