@nosslabs/iap 5.0.0 → 7.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -5,22 +5,117 @@ Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/); version
5
5
 
6
6
  ## [Unreleased]
7
7
 
8
- ## [5.0.0] — 2026-05-14
8
+ ## [7.0.0] — 2026-05-14
9
+
10
+ **GA of the Capacitor 7+ line.** `@latest` on npm moves from `5.0.0`
11
+ (Cap-5 maintenance) to `7.0.0` (Cap-7+). Cap-5 consumers stay on
12
+ `5.x` — `^5` ranges don't auto-resolve to `7.x`. The `5.x` maintenance
13
+ branch continues to receive patches.
14
+
15
+ ### Changed (BREAKING, vs `5.0.0` — bundled with the Cap-5→Cap-7 swap)
16
+
17
+ - **EventMap pruning.** Removed two events from the public
18
+ `EventMap` that were declared but never emitted in any prior
19
+ release: `'price-stale'` and `'error'`. Subscriptions to either
20
+ never fired, so no runtime behavior changes — only consumers who
21
+ had `iap.on('price-stale', …)` or `iap.on('error', …)` in their
22
+ TypeScript code need to remove those calls. The
23
+ `'recovery-dropped-permanent'` event (introduced in 0.4 / `5.0.0`)
24
+ remains.
25
+ - `IAPErrorOptions` is now file-local (was wrongly exported from
26
+ `src/lib/errors.ts` but never re-exported through `src/index.ts`,
27
+ so no consumer had access to it). No package-root-exported symbol
28
+ changes.
29
+
30
+ ### Added
31
+
32
+ - **`AppUserIdFetcherContext`** is now re-exported from the package
33
+ root, so a separately-defined async fetcher can be typed
34
+ explicitly:
35
+
36
+ ```ts
37
+ import type { AppUserIdFetcherContext } from '@nosslabs/iap';
38
+
39
+ const fetchUuid = async ({ authHeaders }: AppUserIdFetcherContext) => {
40
+ const r = await fetch('/api/iap/uuid', { method: 'POST', headers: authHeaders });
41
+ return (await r.json()).uuid;
42
+ };
43
+ ```
44
+
45
+ ### Fixed (since `7.0.0-next.0`)
46
+
47
+ - **iOS `Cannot find product for id <id>` now maps to
48
+ `PRODUCT_NOT_FOUND`** (previously fell through to `STORE_ERROR`).
49
+ The capgo plugin uses two different messages for the same
50
+ semantic on iOS vs Android; the adapter now handles both.
51
+ - **`refresh()` is safe to detach from the IAP instance.** Internal
52
+ callbacks no longer reference `this.refresh()`, so
53
+ `const { refresh } = iap;` works without a strict-mode `this`
54
+ binding error. Regression test added.
55
+
56
+ ### Notes
57
+
58
+ - Adapter JSDoc for `getOwnedTransactions()` now documents an iOS
59
+ quirk worth knowing: `@capgo/native-purchases`'s `getPurchases()`
60
+ bundles `Transaction.currentEntitlements` *plus* `Transaction.all`
61
+ (historical + revoked subscriptions). Android-side PENDING
62
+ purchases are filtered out (`purchaseState !== '1'`); iOS-side
63
+ historical transactions are not filtered and pass through to the
64
+ backend's `/restore` endpoint. Attesto evaluates each receipt and
65
+ returns per-transaction validity, so this is the documented
66
+ contract.
67
+ - Android user-cancellation reminder (carried from `7.0.0-next.0`):
68
+ Google Play Billing collapses user-cancel and other billing
69
+ errors into the same plugin rejection, so an Android cancel
70
+ surfaces as `status: 'failed'` rather than `'cancelled'`. iOS
71
+ still distinguishes reliably.
72
+
73
+ ## [7.0.0-next.0] — 2026-05-14
74
+
75
+ First release of the **Capacitor 7+** line, published on the `@next`
76
+ npm dist-tag. The Capacitor 5 line continues as `5.x` on `@latest`
77
+ (from the `5.x` branch) — see [Migration](https://iap.nossdev.com/migration/).
78
+
79
+ Numbering: the library's major version tracks the Capacitor major it
80
+ targets (the convention `@capgo/native-purchases` and Ionic plugins
81
+ use). What was framed as `1.0.0-next.0` during development is published
82
+ as `7.0.0-next.0` for the same reason `5.0.0` superseded `0.4.0` on
83
+ the maintenance line — same code, version aligned with the platform.
9
84
 
10
85
  ### Changed
11
86
 
12
- - **Renumbered the Capacitor 5 line from `0.x` to `5.x`** so the
13
- library's major version tracks the Capacitor major it targets
14
- (matching the convention `@capgo/native-purchases`, Ionic plugins,
15
- and most platform-aligned ecosystems use). **No code changes vs
16
- `0.4.0`** — the published tarball is functionally identical.
17
- Consumers: bump your dependency `^0.4.0` `^5.0.0`. Nothing else
18
- needs to change.
19
-
20
- The Capacitor 7+ line is published on the `@next` dist-tag as `7.x`
21
- (currently `7.0.0-next.0` prerelease). See [Migration](https://iap.nossdev.com/migration/)
22
- when you're ready to move to Capacitor 7. The `5.x` line on this
23
- branch (`5.x`) continues to receive Capacitor-5 patches.
87
+ - **BREAKING: dropped Capacitor 5 support.** The `7.x` line targets
88
+ **Capacitor 7+** (also runs on Capacitor 8) via
89
+ [`@capgo/native-purchases`](https://github.com/Cap-go/native-purchases),
90
+ replacing `cordova-plugin-purchase`. The native adapter now lives at
91
+ `src/adapters/native/capgo/native-adapter.ts` (`CapgoNativeAdapter`),
92
+ selected behind the same `NativeAdapter` interface as before.
93
+ - **Peer dependencies** are now `@capacitor/core`, `@capacitor/preferences`,
94
+ and (optional) `@capacitor/app` at `^7.0.0 || ^8.0.0`, plus
95
+ `@capgo/native-purchases` at `7.16.x || ^8.0.0`. `cordova-plugin-purchase`
96
+ is no longer a peer dependency. Migration is a peer-dep swap + `npx cap sync`
97
+ no changes to your `createIAP({ ... })` config or any consumer code.
98
+ - **Acknowledgement defers on both platforms.** `@capgo/native-purchases`
99
+ supports `autoAcknowledgePurchases: false` on iOS and Android, so the
100
+ "never grant entitlement before the backend confirms" guarantee holds
101
+ with no iOS-specific finish-before-verify race.
102
+ - **Android user-cancellation surfaces as `status: 'failed'`** (not
103
+ `'cancelled'`). Google Play Billing — at the level `@capgo/native-purchases`
104
+ exposes — doesn't distinguish a user-cancelled flow from other purchase
105
+ failures; iOS still reports `'cancelled'` reliably. Treat `failed` on
106
+ Android the same as `cancelled` for UX. (The Capacitor 5 line via
107
+ `cordova-plugin-purchase` could distinguish this.)
108
+
109
+ ### Unchanged
110
+
111
+ - Public API surface: `createIAP`, the `IAP` interface, all events, all
112
+ `IAPErrorCode` values, and every public type are identical to `5.0.0`
113
+ (= `0.4.0` code).
114
+ - The full `0.2`–`0.4` feature set carries forward: the options-object
115
+ `purchase()` signature, optional `appUserId` pre-attachment, the
116
+ `INVALID_APP_USER_ID` / `APP_USER_ID_FETCH_FAILED` error codes, the
117
+ `permanentErrorCodes` config, the `recovery-dropped-permanent` event,
118
+ and `RecoveryResult.droppedPermanent`.
24
119
 
25
120
  ## [0.4.0] — 2026-05-08
26
121
 
package/README.md CHANGED
@@ -2,10 +2,10 @@
2
2
 
3
3
  > Thin Capacitor IAP orchestrator. Server-side validation via [Attesto](https://attesto.nossdev.com).
4
4
 
5
- **Status: `5.x` — the Capacitor 5 maintenance line on the `@latest` dist-tag.** Renumbered from `0.4.x` to track the Capacitor major (same code, new number). The Capacitor 7+ line is `7.x` on the `@next` dist-tag (still prerelease see [Migration](https://iap.nossdev.com/migration/)). Pin the minor (`^5.0.0`) and watch the [CHANGELOG](./CHANGELOG.md).
5
+ **Status: `7.0.0` — GA on `@latest`** (the Capacitor 7+ line, built on `@capgo/native-purchases`). The Capacitor 5 line (`cordova-plugin-purchase`) continues as `5.x` from the `5.x` branch `^5` ranges still resolve to `5.x`. See the [CHANGELOG](./CHANGELOG.md) for the GA delta and [Migration](https://iap.nossdev.com/migration/) for upgrading from `5.x`.
6
6
 
7
7
  ```bash
8
- npm install @nosslabs/iap cordova-plugin-purchase
8
+ npm install @nosslabs/iap @capgo/native-purchases
9
9
  npx cap sync
10
10
  ```
11
11
 
@@ -65,9 +65,9 @@ await iap.purchase({
65
65
 
66
66
  `@nosslabs/iap` does **one thing**: orchestrate the purchase flow on the client. It
67
67
 
68
- - wraps `cordova-plugin-purchase` for native purchase + restore,
68
+ - wraps [`@capgo/native-purchases`](https://github.com/Cap-go/native-purchases) for native purchase + restore,
69
69
  - POSTs to **your** backend (which calls Attesto) for receipt validation,
70
- - acknowledges native transactions only **after** the backend confirms (no phantom grants),
70
+ - acknowledges native transactions only **after** the backend confirms — `autoAcknowledgePurchases: false` defers finishing on **both** iOS and Android, so there's no phantom grant and no iOS finish-before-verify race,
71
71
  - caches entitlements locally for instant, reactive UI reads,
72
72
  - recovers unfinished transactions across app launches.
73
73
 
@@ -77,8 +77,8 @@ It does **not**: talk to Attesto directly, define entitlement business logic, ma
77
77
 
78
78
  | `@nosslabs/iap` | Capacitor | Native plugin | dist-tag | Status |
79
79
  |---|---|---|---|---|
80
- | 5.x | 5.x | `cordova-plugin-purchase ^13.x` | `@latest` | **Current (this branch)** |
81
- | 7.x | 7.x (also runs on 8.x) | `@capgo/native-purchases` | `@next` | Prerelease |
80
+ | 7.x | 7.x (also runs on 8.x) | `@capgo/native-purchases 7.16.x` (or `^8` on Cap 8) | `@latest` | **Current** |
81
+ | 5.x | 5.x | `cordova-plugin-purchase ^13.x` | (pinned via `^5`) | Maintenance |
82
82
 
83
83
  ## Optional peer dependency
84
84
 
@@ -94,7 +94,7 @@ Or disable the listener with `options.refreshOnResume: false`. See [installation
94
94
  ## Development
95
95
 
96
96
  ```bash
97
- mise install # Node 22 + npm 10
97
+ mise install # Node 22 + npm 11 (pinned in mise.toml)
98
98
  npm install
99
99
  npm run typecheck # tsc --noEmit
100
100
  npm run lint # biome check