@nosslabs/iap 5.0.0 → 7.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +108 -13
- package/README.md +7 -7
- package/dist/index.cjs +129 -253
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +7 -15
- package/dist/index.d.ts +7 -15
- package/dist/index.js +129 -253
- package/dist/index.js.map +1 -1
- package/package.json +12 -11
package/CHANGELOG.md
CHANGED
|
@@ -5,22 +5,117 @@ Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/); version
|
|
|
5
5
|
|
|
6
6
|
## [Unreleased]
|
|
7
7
|
|
|
8
|
-
## [
|
|
8
|
+
## [7.0.0] — 2026-05-14
|
|
9
|
+
|
|
10
|
+
**GA of the Capacitor 7+ line.** `@latest` on npm moves from `5.0.0`
|
|
11
|
+
(Cap-5 maintenance) to `7.0.0` (Cap-7+). Cap-5 consumers stay on
|
|
12
|
+
`5.x` — `^5` ranges don't auto-resolve to `7.x`. The `5.x` maintenance
|
|
13
|
+
branch continues to receive patches.
|
|
14
|
+
|
|
15
|
+
### Changed (BREAKING, vs `5.0.0` — bundled with the Cap-5→Cap-7 swap)
|
|
16
|
+
|
|
17
|
+
- **EventMap pruning.** Removed two events from the public
|
|
18
|
+
`EventMap` that were declared but never emitted in any prior
|
|
19
|
+
release: `'price-stale'` and `'error'`. Subscriptions to either
|
|
20
|
+
never fired, so no runtime behavior changes — only consumers who
|
|
21
|
+
had `iap.on('price-stale', …)` or `iap.on('error', …)` in their
|
|
22
|
+
TypeScript code need to remove those calls. The
|
|
23
|
+
`'recovery-dropped-permanent'` event (introduced in 0.4 / `5.0.0`)
|
|
24
|
+
remains.
|
|
25
|
+
- `IAPErrorOptions` is now file-local (was wrongly exported from
|
|
26
|
+
`src/lib/errors.ts` but never re-exported through `src/index.ts`,
|
|
27
|
+
so no consumer had access to it). No package-root-exported symbol
|
|
28
|
+
changes.
|
|
29
|
+
|
|
30
|
+
### Added
|
|
31
|
+
|
|
32
|
+
- **`AppUserIdFetcherContext`** is now re-exported from the package
|
|
33
|
+
root, so a separately-defined async fetcher can be typed
|
|
34
|
+
explicitly:
|
|
35
|
+
|
|
36
|
+
```ts
|
|
37
|
+
import type { AppUserIdFetcherContext } from '@nosslabs/iap';
|
|
38
|
+
|
|
39
|
+
const fetchUuid = async ({ authHeaders }: AppUserIdFetcherContext) => {
|
|
40
|
+
const r = await fetch('/api/iap/uuid', { method: 'POST', headers: authHeaders });
|
|
41
|
+
return (await r.json()).uuid;
|
|
42
|
+
};
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
### Fixed (since `7.0.0-next.0`)
|
|
46
|
+
|
|
47
|
+
- **iOS `Cannot find product for id <id>` now maps to
|
|
48
|
+
`PRODUCT_NOT_FOUND`** (previously fell through to `STORE_ERROR`).
|
|
49
|
+
The capgo plugin uses two different messages for the same
|
|
50
|
+
semantic on iOS vs Android; the adapter now handles both.
|
|
51
|
+
- **`refresh()` is safe to detach from the IAP instance.** Internal
|
|
52
|
+
callbacks no longer reference `this.refresh()`, so
|
|
53
|
+
`const { refresh } = iap;` works without a strict-mode `this`
|
|
54
|
+
binding error. Regression test added.
|
|
55
|
+
|
|
56
|
+
### Notes
|
|
57
|
+
|
|
58
|
+
- Adapter JSDoc for `getOwnedTransactions()` now documents an iOS
|
|
59
|
+
quirk worth knowing: `@capgo/native-purchases`'s `getPurchases()`
|
|
60
|
+
bundles `Transaction.currentEntitlements` *plus* `Transaction.all`
|
|
61
|
+
(historical + revoked subscriptions). Android-side PENDING
|
|
62
|
+
purchases are filtered out (`purchaseState !== '1'`); iOS-side
|
|
63
|
+
historical transactions are not filtered and pass through to the
|
|
64
|
+
backend's `/restore` endpoint. Attesto evaluates each receipt and
|
|
65
|
+
returns per-transaction validity, so this is the documented
|
|
66
|
+
contract.
|
|
67
|
+
- Android user-cancellation reminder (carried from `7.0.0-next.0`):
|
|
68
|
+
Google Play Billing collapses user-cancel and other billing
|
|
69
|
+
errors into the same plugin rejection, so an Android cancel
|
|
70
|
+
surfaces as `status: 'failed'` rather than `'cancelled'`. iOS
|
|
71
|
+
still distinguishes reliably.
|
|
72
|
+
|
|
73
|
+
## [7.0.0-next.0] — 2026-05-14
|
|
74
|
+
|
|
75
|
+
First release of the **Capacitor 7+** line, published on the `@next`
|
|
76
|
+
npm dist-tag. The Capacitor 5 line continues as `5.x` on `@latest`
|
|
77
|
+
(from the `5.x` branch) — see [Migration](https://iap.nossdev.com/migration/).
|
|
78
|
+
|
|
79
|
+
Numbering: the library's major version tracks the Capacitor major it
|
|
80
|
+
targets (the convention `@capgo/native-purchases` and Ionic plugins
|
|
81
|
+
use). What was framed as `1.0.0-next.0` during development is published
|
|
82
|
+
as `7.0.0-next.0` for the same reason `5.0.0` superseded `0.4.0` on
|
|
83
|
+
the maintenance line — same code, version aligned with the platform.
|
|
9
84
|
|
|
10
85
|
### Changed
|
|
11
86
|
|
|
12
|
-
- **
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
`
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
87
|
+
- **BREAKING: dropped Capacitor 5 support.** The `7.x` line targets
|
|
88
|
+
**Capacitor 7+** (also runs on Capacitor 8) via
|
|
89
|
+
[`@capgo/native-purchases`](https://github.com/Cap-go/native-purchases),
|
|
90
|
+
replacing `cordova-plugin-purchase`. The native adapter now lives at
|
|
91
|
+
`src/adapters/native/capgo/native-adapter.ts` (`CapgoNativeAdapter`),
|
|
92
|
+
selected behind the same `NativeAdapter` interface as before.
|
|
93
|
+
- **Peer dependencies** are now `@capacitor/core`, `@capacitor/preferences`,
|
|
94
|
+
and (optional) `@capacitor/app` at `^7.0.0 || ^8.0.0`, plus
|
|
95
|
+
`@capgo/native-purchases` at `7.16.x || ^8.0.0`. `cordova-plugin-purchase`
|
|
96
|
+
is no longer a peer dependency. Migration is a peer-dep swap + `npx cap sync`
|
|
97
|
+
— no changes to your `createIAP({ ... })` config or any consumer code.
|
|
98
|
+
- **Acknowledgement defers on both platforms.** `@capgo/native-purchases`
|
|
99
|
+
supports `autoAcknowledgePurchases: false` on iOS and Android, so the
|
|
100
|
+
"never grant entitlement before the backend confirms" guarantee holds
|
|
101
|
+
with no iOS-specific finish-before-verify race.
|
|
102
|
+
- **Android user-cancellation surfaces as `status: 'failed'`** (not
|
|
103
|
+
`'cancelled'`). Google Play Billing — at the level `@capgo/native-purchases`
|
|
104
|
+
exposes — doesn't distinguish a user-cancelled flow from other purchase
|
|
105
|
+
failures; iOS still reports `'cancelled'` reliably. Treat `failed` on
|
|
106
|
+
Android the same as `cancelled` for UX. (The Capacitor 5 line via
|
|
107
|
+
`cordova-plugin-purchase` could distinguish this.)
|
|
108
|
+
|
|
109
|
+
### Unchanged
|
|
110
|
+
|
|
111
|
+
- Public API surface: `createIAP`, the `IAP` interface, all events, all
|
|
112
|
+
`IAPErrorCode` values, and every public type are identical to `5.0.0`
|
|
113
|
+
(= `0.4.0` code).
|
|
114
|
+
- The full `0.2`–`0.4` feature set carries forward: the options-object
|
|
115
|
+
`purchase()` signature, optional `appUserId` pre-attachment, the
|
|
116
|
+
`INVALID_APP_USER_ID` / `APP_USER_ID_FETCH_FAILED` error codes, the
|
|
117
|
+
`permanentErrorCodes` config, the `recovery-dropped-permanent` event,
|
|
118
|
+
and `RecoveryResult.droppedPermanent`.
|
|
24
119
|
|
|
25
120
|
## [0.4.0] — 2026-05-08
|
|
26
121
|
|
package/README.md
CHANGED
|
@@ -2,10 +2,10 @@
|
|
|
2
2
|
|
|
3
3
|
> Thin Capacitor IAP orchestrator. Server-side validation via [Attesto](https://attesto.nossdev.com).
|
|
4
4
|
|
|
5
|
-
**Status: `
|
|
5
|
+
**Status: `7.0.0` — GA on `@latest`** (the Capacitor 7+ line, built on `@capgo/native-purchases`). The Capacitor 5 line (`cordova-plugin-purchase`) continues as `5.x` from the `5.x` branch — `^5` ranges still resolve to `5.x`. See the [CHANGELOG](./CHANGELOG.md) for the GA delta and [Migration](https://iap.nossdev.com/migration/) for upgrading from `5.x`.
|
|
6
6
|
|
|
7
7
|
```bash
|
|
8
|
-
npm install @nosslabs/iap
|
|
8
|
+
npm install @nosslabs/iap @capgo/native-purchases
|
|
9
9
|
npx cap sync
|
|
10
10
|
```
|
|
11
11
|
|
|
@@ -65,9 +65,9 @@ await iap.purchase({
|
|
|
65
65
|
|
|
66
66
|
`@nosslabs/iap` does **one thing**: orchestrate the purchase flow on the client. It
|
|
67
67
|
|
|
68
|
-
- wraps `
|
|
68
|
+
- wraps [`@capgo/native-purchases`](https://github.com/Cap-go/native-purchases) for native purchase + restore,
|
|
69
69
|
- POSTs to **your** backend (which calls Attesto) for receipt validation,
|
|
70
|
-
- acknowledges native transactions only **after** the backend confirms
|
|
70
|
+
- acknowledges native transactions only **after** the backend confirms — `autoAcknowledgePurchases: false` defers finishing on **both** iOS and Android, so there's no phantom grant and no iOS finish-before-verify race,
|
|
71
71
|
- caches entitlements locally for instant, reactive UI reads,
|
|
72
72
|
- recovers unfinished transactions across app launches.
|
|
73
73
|
|
|
@@ -77,8 +77,8 @@ It does **not**: talk to Attesto directly, define entitlement business logic, ma
|
|
|
77
77
|
|
|
78
78
|
| `@nosslabs/iap` | Capacitor | Native plugin | dist-tag | Status |
|
|
79
79
|
|---|---|---|---|---|
|
|
80
|
-
|
|
|
81
|
-
|
|
|
80
|
+
| 7.x | 7.x (also runs on 8.x) | `@capgo/native-purchases 7.16.x` (or `^8` on Cap 8) | `@latest` | **Current** |
|
|
81
|
+
| 5.x | 5.x | `cordova-plugin-purchase ^13.x` | (pinned via `^5`) | Maintenance |
|
|
82
82
|
|
|
83
83
|
## Optional peer dependency
|
|
84
84
|
|
|
@@ -94,7 +94,7 @@ Or disable the listener with `options.refreshOnResume: false`. See [installation
|
|
|
94
94
|
## Development
|
|
95
95
|
|
|
96
96
|
```bash
|
|
97
|
-
mise install # Node 22 + npm
|
|
97
|
+
mise install # Node 22 + npm 11 (pinned in mise.toml)
|
|
98
98
|
npm install
|
|
99
99
|
npm run typecheck # tsc --noEmit
|
|
100
100
|
npm run lint # biome check
|