npm - @xlock/node - Versions diffs - 0.1.0 - Mend

@xlock/node 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (41) hide show

package/dist/koa.js ADDED Viewed

@@ -0,0 +1,108 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/koa.ts
+var koa_exports = {};
+__export(koa_exports, {
+  xlockMiddleware: () => xlockMiddleware
+});
+module.exports = __toCommonJS(koa_exports);
+// src/core.ts
+var DEFAULT_API_URL = "https://api.x-lock.dev";
+async function enforce(apiUrl, siteKey, token, path) {
+  let enforceUrl;
+  let body;
+  if (token.startsWith("v3.")) {
+    const sessionId = token.split(".")[1];
+    enforceUrl = `${apiUrl}/v3/session/enforce`;
+    body = { sessionId, siteKey };
+    if (path) body.path = path;
+  } else {
+    enforceUrl = `${apiUrl}/v1/enforce`;
+    body = { token, siteKey };
+    if (path) body.path = path;
+  }
+  const response = await fetch(enforceUrl, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(body)
+  });
+  if (response.status === 403) {
+    const data = await response.json();
+    return { blocked: true, reason: data.reason };
+  }
+  if (!response.ok) {
+    return { blocked: false, error: true };
+  }
+  return { blocked: false };
+}
+function resolveSiteKey(siteKey) {
+  return siteKey || process.env.XLOCK_SITE_KEY;
+}
+// src/koa.ts
+function xlockMiddleware(options = {}) {
+  const apiUrl = options.apiUrl || DEFAULT_API_URL;
+  const siteKey = resolveSiteKey(options.siteKey);
+  const failOpen = options.failOpen !== false;
+  const routes = options.routes || [];
+  if (!siteKey) {
+    console.warn("[x-lock] No site key configured \u2014 skipping enforcement");
+    return async (_ctx, next) => next();
+  }
+  return async (ctx, next) => {
+    if (ctx.method !== "POST") return next();
+    if (routes.length > 0 && !routes.some((r) => ctx.path.startsWith(r))) {
+      return next();
+    }
+    const token = ctx.get("x-lock");
+    if (!token) {
+      ctx.status = 403;
+      ctx.body = { error: "Blocked by x-lock: missing token" };
+      return;
+    }
+    try {
+      const result = await enforce(apiUrl, siteKey, token, ctx.path);
+      if (result.blocked) {
+        ctx.status = 403;
+        ctx.body = { error: "Blocked by x-lock", reason: result.reason };
+        return;
+      }
+      if (result.error && !failOpen) {
+        ctx.status = 403;
+        ctx.body = { error: "x-lock verification failed" };
+        return;
+      }
+    } catch (err) {
+      console.error("[x-lock] Enforcement error:", err.message);
+      if (!failOpen) {
+        ctx.status = 403;
+        ctx.body = { error: "x-lock verification failed" };
+        return;
+      }
+    }
+    return next();
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  xlockMiddleware
+});
+//# sourceMappingURL=koa.js.map

package/dist/koa.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/koa.ts","../src/core.ts"],"sourcesContent":["/**\n * x-lock middleware for Koa\n *\n * @example\n * ```js\n * import { xlockMiddleware } from \"@xlock/node/koa\";\n * router.post(\"/api/auth/login\", xlockMiddleware({ siteKey: \"sk_...\" }), loginHandler);\n * ```\n */\n\nimport { enforce, resolveSiteKey, DEFAULT_API_URL, type XLockConfig } from \"./core\";\n\nexport interface XLockKoaConfig extends XLockConfig {\n /** Route prefixes to protect */\n routes?: string[];\n}\n\nexport function xlockMiddleware(options: XLockKoaConfig = {}) {\n const apiUrl = options.apiUrl || DEFAULT_API_URL;\n const siteKey = resolveSiteKey(options.siteKey);\n const failOpen = options.failOpen !== false;\n const routes = options.routes || [];\n\n if (!siteKey) {\n console.warn(\"[x-lock] No site key configured — skipping enforcement\");\n return async (_ctx: any, next: () => Promise<void>) => next();\n }\n\n return async (ctx: any, next: () => Promise<void>) => {\n if (ctx.method !== \"POST\") return next();\n\n if (routes.length > 0 && !routes.some((r: string) => ctx.path.startsWith(r))) {\n return next();\n }\n\n const token = ctx.get(\"x-lock\");\n\n if (!token) {\n ctx.status = 403;\n ctx.body = { error: \"Blocked by x-lock: missing token\" };\n return;\n }\n\n try {\n const result = await enforce(apiUrl, siteKey, token, ctx.path);\n\n if (result.blocked) {\n ctx.status = 403;\n ctx.body = { error: \"Blocked by x-lock\", reason: result.reason };\n return;\n }\n\n if (result.error && !failOpen) {\n ctx.status = 403;\n ctx.body = { error: \"x-lock verification failed\" };\n return;\n }\n } catch (err: any) {\n console.error(\"[x-lock] Enforcement error:\", err.message);\n if (!failOpen) {\n ctx.status = 403;\n ctx.body = { error: \"x-lock verification failed\" };\n return;\n }\n }\n\n return next();\n };\n}\n","/**\n * Core x-lock enforcement logic shared across all framework adapters.\n */\n\nexport const DEFAULT_API_URL = \"https://api.x-lock.dev\";\n\nexport interface XLockConfig {\n /** Your x-lock site key (or set XLOCK_SITE_KEY env var) */\n siteKey?: string;\n /** x-lock API URL (default: https://api.x-lock.dev) */\n apiUrl?: string;\n /** Allow requests through on API errors (default: true) */\n failOpen?: boolean;\n}\n\nexport interface EnforceResult {\n blocked: boolean;\n reason?: string;\n error?: boolean;\n}\n\n/**\n * Call the x-lock enforcement API to verify a token.\n */\nexport async function enforce(\n apiUrl: string,\n siteKey: string,\n token: string,\n path?: string\n): Promise<EnforceResult> {\n let enforceUrl: string;\n let body: Record<string, string>;\n\n if (token.startsWith(\"v3.\")) {\n const sessionId = token.split(\".\")[1];\n enforceUrl = `${apiUrl}/v3/session/enforce`;\n body = { sessionId, siteKey };\n if (path) body.path = path;\n } else {\n enforceUrl = `${apiUrl}/v1/enforce`;\n body = { token, siteKey };\n if (path) body.path = path;\n }\n\n const response = await fetch(enforceUrl, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify(body),\n });\n\n if (response.status === 403) {\n const data = (await response.json()) as { reason?: string };\n return { blocked: true, reason: data.reason };\n }\n\n if (!response.ok) {\n return { blocked: false, error: true };\n }\n\n return { blocked: false };\n}\n\n/**\n * Resolve site key from options or environment.\n */\nexport function resolveSiteKey(siteKey?: string): string | undefined {\n return siteKey || process.env.XLOCK_SITE_KEY;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACIO,IAAM,kBAAkB;AAoB/B,eAAsB,QACpB,QACA,SACA,OACA,MACwB;AACxB,MAAI;AACJ,MAAI;AAEJ,MAAI,MAAM,WAAW,KAAK,GAAG;AAC3B,UAAM,YAAY,MAAM,MAAM,GAAG,EAAE,CAAC;AACpC,iBAAa,GAAG,MAAM;AACtB,WAAO,EAAE,WAAW,QAAQ;AAC5B,QAAI,KAAM,MAAK,OAAO;AAAA,EACxB,OAAO;AACL,iBAAa,GAAG,MAAM;AACtB,WAAO,EAAE,OAAO,QAAQ;AACxB,QAAI,KAAM,MAAK,OAAO;AAAA,EACxB;AAEA,QAAM,WAAW,MAAM,MAAM,YAAY;AAAA,IACvC,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAC9C,MAAM,KAAK,UAAU,IAAI;AAAA,EAC3B,CAAC;AAED,MAAI,SAAS,WAAW,KAAK;AAC3B,UAAM,OAAQ,MAAM,SAAS,KAAK;AAClC,WAAO,EAAE,SAAS,MAAM,QAAQ,KAAK,OAAO;AAAA,EAC9C;AAEA,MAAI,CAAC,SAAS,IAAI;AAChB,WAAO,EAAE,SAAS,OAAO,OAAO,KAAK;AAAA,EACvC;AAEA,SAAO,EAAE,SAAS,MAAM;AAC1B;AAKO,SAAS,eAAe,SAAsC;AACnE,SAAO,WAAW,QAAQ,IAAI;AAChC;;;ADlDO,SAAS,gBAAgB,UAA0B,CAAC,GAAG;AAC5D,QAAM,SAAS,QAAQ,UAAU;AACjC,QAAM,UAAU,eAAe,QAAQ,OAAO;AAC9C,QAAM,WAAW,QAAQ,aAAa;AACtC,QAAM,SAAS,QAAQ,UAAU,CAAC;AAElC,MAAI,CAAC,SAAS;AACZ,YAAQ,KAAK,6DAAwD;AACrE,WAAO,OAAO,MAAW,SAA8B,KAAK;AAAA,EAC9D;AAEA,SAAO,OAAO,KAAU,SAA8B;AACpD,QAAI,IAAI,WAAW,OAAQ,QAAO,KAAK;AAEvC,QAAI,OAAO,SAAS,KAAK,CAAC,OAAO,KAAK,CAAC,MAAc,IAAI,KAAK,WAAW,CAAC,CAAC,GAAG;AAC5E,aAAO,KAAK;AAAA,IACd;AAEA,UAAM,QAAQ,IAAI,IAAI,QAAQ;AAE9B,QAAI,CAAC,OAAO;AACV,UAAI,SAAS;AACb,UAAI,OAAO,EAAE,OAAO,mCAAmC;AACvD;AAAA,IACF;AAEA,QAAI;AACF,YAAM,SAAS,MAAM,QAAQ,QAAQ,SAAS,OAAO,IAAI,IAAI;AAE7D,UAAI,OAAO,SAAS;AAClB,YAAI,SAAS;AACb,YAAI,OAAO,EAAE,OAAO,qBAAqB,QAAQ,OAAO,OAAO;AAC/D;AAAA,MACF;AAEA,UAAI,OAAO,SAAS,CAAC,UAAU;AAC7B,YAAI,SAAS;AACb,YAAI,OAAO,EAAE,OAAO,6BAA6B;AACjD;AAAA,MACF;AAAA,IACF,SAAS,KAAU;AACjB,cAAQ,MAAM,+BAA+B,IAAI,OAAO;AACxD,UAAI,CAAC,UAAU;AACb,YAAI,SAAS;AACb,YAAI,OAAO,EAAE,OAAO,6BAA6B;AACjD;AAAA,MACF;AAAA,IACF;AAEA,WAAO,KAAK;AAAA,EACd;AACF;","names":[]}

package/dist/koa.mjs ADDED Viewed

@@ -0,0 +1,81 @@
+// src/core.ts
+var DEFAULT_API_URL = "https://api.x-lock.dev";
+async function enforce(apiUrl, siteKey, token, path) {
+  let enforceUrl;
+  let body;
+  if (token.startsWith("v3.")) {
+    const sessionId = token.split(".")[1];
+    enforceUrl = `${apiUrl}/v3/session/enforce`;
+    body = { sessionId, siteKey };
+    if (path) body.path = path;
+  } else {
+    enforceUrl = `${apiUrl}/v1/enforce`;
+    body = { token, siteKey };
+    if (path) body.path = path;
+  }
+  const response = await fetch(enforceUrl, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(body)
+  });
+  if (response.status === 403) {
+    const data = await response.json();
+    return { blocked: true, reason: data.reason };
+  }
+  if (!response.ok) {
+    return { blocked: false, error: true };
+  }
+  return { blocked: false };
+}
+function resolveSiteKey(siteKey) {
+  return siteKey || process.env.XLOCK_SITE_KEY;
+}
+// src/koa.ts
+function xlockMiddleware(options = {}) {
+  const apiUrl = options.apiUrl || DEFAULT_API_URL;
+  const siteKey = resolveSiteKey(options.siteKey);
+  const failOpen = options.failOpen !== false;
+  const routes = options.routes || [];
+  if (!siteKey) {
+    console.warn("[x-lock] No site key configured \u2014 skipping enforcement");
+    return async (_ctx, next) => next();
+  }
+  return async (ctx, next) => {
+    if (ctx.method !== "POST") return next();
+    if (routes.length > 0 && !routes.some((r) => ctx.path.startsWith(r))) {
+      return next();
+    }
+    const token = ctx.get("x-lock");
+    if (!token) {
+      ctx.status = 403;
+      ctx.body = { error: "Blocked by x-lock: missing token" };
+      return;
+    }
+    try {
+      const result = await enforce(apiUrl, siteKey, token, ctx.path);
+      if (result.blocked) {
+        ctx.status = 403;
+        ctx.body = { error: "Blocked by x-lock", reason: result.reason };
+        return;
+      }
+      if (result.error && !failOpen) {
+        ctx.status = 403;
+        ctx.body = { error: "x-lock verification failed" };
+        return;
+      }
+    } catch (err) {
+      console.error("[x-lock] Enforcement error:", err.message);
+      if (!failOpen) {
+        ctx.status = 403;
+        ctx.body = { error: "x-lock verification failed" };
+        return;
+      }
+    }
+    return next();
+  };
+}
+export {
+  xlockMiddleware
+};
+//# sourceMappingURL=koa.mjs.map

package/dist/koa.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/core.ts","../src/koa.ts"],"sourcesContent":["/**\n * Core x-lock enforcement logic shared across all framework adapters.\n */\n\nexport const DEFAULT_API_URL = \"https://api.x-lock.dev\";\n\nexport interface XLockConfig {\n /** Your x-lock site key (or set XLOCK_SITE_KEY env var) */\n siteKey?: string;\n /** x-lock API URL (default: https://api.x-lock.dev) */\n apiUrl?: string;\n /** Allow requests through on API errors (default: true) */\n failOpen?: boolean;\n}\n\nexport interface EnforceResult {\n blocked: boolean;\n reason?: string;\n error?: boolean;\n}\n\n/**\n * Call the x-lock enforcement API to verify a token.\n */\nexport async function enforce(\n apiUrl: string,\n siteKey: string,\n token: string,\n path?: string\n): Promise<EnforceResult> {\n let enforceUrl: string;\n let body: Record<string, string>;\n\n if (token.startsWith(\"v3.\")) {\n const sessionId = token.split(\".\")[1];\n enforceUrl = `${apiUrl}/v3/session/enforce`;\n body = { sessionId, siteKey };\n if (path) body.path = path;\n } else {\n enforceUrl = `${apiUrl}/v1/enforce`;\n body = { token, siteKey };\n if (path) body.path = path;\n }\n\n const response = await fetch(enforceUrl, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify(body),\n });\n\n if (response.status === 403) {\n const data = (await response.json()) as { reason?: string };\n return { blocked: true, reason: data.reason };\n }\n\n if (!response.ok) {\n return { blocked: false, error: true };\n }\n\n return { blocked: false };\n}\n\n/**\n * Resolve site key from options or environment.\n */\nexport function resolveSiteKey(siteKey?: string): string | undefined {\n return siteKey || process.env.XLOCK_SITE_KEY;\n}\n","/**\n * x-lock middleware for Koa\n *\n * @example\n * ```js\n * import { xlockMiddleware } from \"@xlock/node/koa\";\n * router.post(\"/api/auth/login\", xlockMiddleware({ siteKey: \"sk_...\" }), loginHandler);\n * ```\n */\n\nimport { enforce, resolveSiteKey, DEFAULT_API_URL, type XLockConfig } from \"./core\";\n\nexport interface XLockKoaConfig extends XLockConfig {\n /** Route prefixes to protect */\n routes?: string[];\n}\n\nexport function xlockMiddleware(options: XLockKoaConfig = {}) {\n const apiUrl = options.apiUrl || DEFAULT_API_URL;\n const siteKey = resolveSiteKey(options.siteKey);\n const failOpen = options.failOpen !== false;\n const routes = options.routes || [];\n\n if (!siteKey) {\n console.warn(\"[x-lock] No site key configured — skipping enforcement\");\n return async (_ctx: any, next: () => Promise<void>) => next();\n }\n\n return async (ctx: any, next: () => Promise<void>) => {\n if (ctx.method !== \"POST\") return next();\n\n if (routes.length > 0 && !routes.some((r: string) => ctx.path.startsWith(r))) {\n return next();\n }\n\n const token = ctx.get(\"x-lock\");\n\n if (!token) {\n ctx.status = 403;\n ctx.body = { error: \"Blocked by x-lock: missing token\" };\n return;\n }\n\n try {\n const result = await enforce(apiUrl, siteKey, token, ctx.path);\n\n if (result.blocked) {\n ctx.status = 403;\n ctx.body = { error: \"Blocked by x-lock\", reason: result.reason };\n return;\n }\n\n if (result.error && !failOpen) {\n ctx.status = 403;\n ctx.body = { error: \"x-lock verification failed\" };\n return;\n }\n } catch (err: any) {\n console.error(\"[x-lock] Enforcement error:\", err.message);\n if (!failOpen) {\n ctx.status = 403;\n ctx.body = { error: \"x-lock verification failed\" };\n return;\n }\n }\n\n return next();\n };\n}\n"],"mappings":";AAIO,IAAM,kBAAkB;AAoB/B,eAAsB,QACpB,QACA,SACA,OACA,MACwB;AACxB,MAAI;AACJ,MAAI;AAEJ,MAAI,MAAM,WAAW,KAAK,GAAG;AAC3B,UAAM,YAAY,MAAM,MAAM,GAAG,EAAE,CAAC;AACpC,iBAAa,GAAG,MAAM;AACtB,WAAO,EAAE,WAAW,QAAQ;AAC5B,QAAI,KAAM,MAAK,OAAO;AAAA,EACxB,OAAO;AACL,iBAAa,GAAG,MAAM;AACtB,WAAO,EAAE,OAAO,QAAQ;AACxB,QAAI,KAAM,MAAK,OAAO;AAAA,EACxB;AAEA,QAAM,WAAW,MAAM,MAAM,YAAY;AAAA,IACvC,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAC9C,MAAM,KAAK,UAAU,IAAI;AAAA,EAC3B,CAAC;AAED,MAAI,SAAS,WAAW,KAAK;AAC3B,UAAM,OAAQ,MAAM,SAAS,KAAK;AAClC,WAAO,EAAE,SAAS,MAAM,QAAQ,KAAK,OAAO;AAAA,EAC9C;AAEA,MAAI,CAAC,SAAS,IAAI;AAChB,WAAO,EAAE,SAAS,OAAO,OAAO,KAAK;AAAA,EACvC;AAEA,SAAO,EAAE,SAAS,MAAM;AAC1B;AAKO,SAAS,eAAe,SAAsC;AACnE,SAAO,WAAW,QAAQ,IAAI;AAChC;;;AClDO,SAAS,gBAAgB,UAA0B,CAAC,GAAG;AAC5D,QAAM,SAAS,QAAQ,UAAU;AACjC,QAAM,UAAU,eAAe,QAAQ,OAAO;AAC9C,QAAM,WAAW,QAAQ,aAAa;AACtC,QAAM,SAAS,QAAQ,UAAU,CAAC;AAElC,MAAI,CAAC,SAAS;AACZ,YAAQ,KAAK,6DAAwD;AACrE,WAAO,OAAO,MAAW,SAA8B,KAAK;AAAA,EAC9D;AAEA,SAAO,OAAO,KAAU,SAA8B;AACpD,QAAI,IAAI,WAAW,OAAQ,QAAO,KAAK;AAEvC,QAAI,OAAO,SAAS,KAAK,CAAC,OAAO,KAAK,CAAC,MAAc,IAAI,KAAK,WAAW,CAAC,CAAC,GAAG;AAC5E,aAAO,KAAK;AAAA,IACd;AAEA,UAAM,QAAQ,IAAI,IAAI,QAAQ;AAE9B,QAAI,CAAC,OAAO;AACV,UAAI,SAAS;AACb,UAAI,OAAO,EAAE,OAAO,mCAAmC;AACvD;AAAA,IACF;AAEA,QAAI;AACF,YAAM,SAAS,MAAM,QAAQ,QAAQ,SAAS,OAAO,IAAI,IAAI;AAE7D,UAAI,OAAO,SAAS;AAClB,YAAI,SAAS;AACb,YAAI,OAAO,EAAE,OAAO,qBAAqB,QAAQ,OAAO,OAAO;AAC/D;AAAA,MACF;AAEA,UAAI,OAAO,SAAS,CAAC,UAAU;AAC7B,YAAI,SAAS;AACb,YAAI,OAAO,EAAE,OAAO,6BAA6B;AACjD;AAAA,MACF;AAAA,IACF,SAAS,KAAU;AACjB,cAAQ,MAAM,+BAA+B,IAAI,OAAO;AACxD,UAAI,CAAC,UAAU;AACb,YAAI,SAAS;AACb,YAAI,OAAO,EAAE,OAAO,6BAA6B;AACjD;AAAA,MACF;AAAA,IACF;AAEA,WAAO,KAAK;AAAA,EACd;AACF;","names":[]}

package/dist/next.d.mts ADDED Viewed

@@ -0,0 +1,24 @@
+import { X as XLockConfig } from './core-D4eszYbi.mjs';
+/**
+ * x-lock middleware for Next.js
+ *
+ * @example
+ * ```ts
+ * // middleware.ts
+ * import { withXlock } from "@xlock/node/next";
+ * export const middleware = withXlock({
+ *   siteKey: process.env.NEXT_PUBLIC_XLOCK_SITE_KEY!,
+ *   protectedPaths: ["/api/auth/callback"],
+ * });
+ * export const config = { matcher: ["/api/:path*"] };
+ * ```
+ */
+interface XLockNextConfig extends XLockConfig {
+    /** Path prefixes to protect (POST only) */
+    protectedPaths: string[];
+}
+declare function withXlock(options: XLockNextConfig): (request: any) => Promise<any>;
+export { type XLockNextConfig, withXlock };

package/dist/next.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+import { X as XLockConfig } from './core-D4eszYbi.js';
+/**
+ * x-lock middleware for Next.js
+ *
+ * @example
+ * ```ts
+ * // middleware.ts
+ * import { withXlock } from "@xlock/node/next";
+ * export const middleware = withXlock({
+ *   siteKey: process.env.NEXT_PUBLIC_XLOCK_SITE_KEY!,
+ *   protectedPaths: ["/api/auth/callback"],
+ * });
+ * export const config = { matcher: ["/api/:path*"] };
+ * ```
+ */
+interface XLockNextConfig extends XLockConfig {
+    /** Path prefixes to protect (POST only) */
+    protectedPaths: string[];
+}
+declare function withXlock(options: XLockNextConfig): (request: any) => Promise<any>;
+export { type XLockNextConfig, withXlock };

package/dist/next.js ADDED Viewed

@@ -0,0 +1,101 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/next.ts
+var next_exports = {};
+__export(next_exports, {
+  withXlock: () => withXlock
+});
+module.exports = __toCommonJS(next_exports);
+// src/core.ts
+var DEFAULT_API_URL = "https://api.x-lock.dev";
+async function enforce(apiUrl, siteKey, token, path) {
+  let enforceUrl;
+  let body;
+  if (token.startsWith("v3.")) {
+    const sessionId = token.split(".")[1];
+    enforceUrl = `${apiUrl}/v3/session/enforce`;
+    body = { sessionId, siteKey };
+    if (path) body.path = path;
+  } else {
+    enforceUrl = `${apiUrl}/v1/enforce`;
+    body = { token, siteKey };
+    if (path) body.path = path;
+  }
+  const response = await fetch(enforceUrl, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(body)
+  });
+  if (response.status === 403) {
+    const data = await response.json();
+    return { blocked: true, reason: data.reason };
+  }
+  if (!response.ok) {
+    return { blocked: false, error: true };
+  }
+  return { blocked: false };
+}
+// src/next.ts
+function jsonForbidden(NextResponse, body) {
+  return NextResponse.json(body, { status: 403 });
+}
+function withXlock(options) {
+  const apiUrl = options.apiUrl || DEFAULT_API_URL;
+  const failOpen = options.failOpen !== false;
+  let _NextResponse;
+  return async function middleware(request) {
+    if (!_NextResponse) {
+      const mod = "next/server";
+      _NextResponse = (await import(mod)).NextResponse;
+    }
+    if (!options.siteKey) return _NextResponse.next();
+    if (request.method !== "POST") return _NextResponse.next();
+    const isProtected = options.protectedPaths.some(
+      (p) => request.nextUrl.pathname.startsWith(p)
+    );
+    if (!isProtected) return _NextResponse.next();
+    const token = request.headers.get("x-lock");
+    if (!token) {
+      return jsonForbidden(_NextResponse, { error: "Blocked by x-lock: missing token" });
+    }
+    try {
+      const result = await enforce(apiUrl, options.siteKey, token, request.nextUrl.pathname);
+      if (result.blocked) {
+        return jsonForbidden(_NextResponse, { error: "Blocked by x-lock", reason: result.reason });
+      }
+      if (result.error && !failOpen) {
+        return jsonForbidden(_NextResponse, { error: "x-lock verification failed" });
+      }
+    } catch (err) {
+      console.error("[x-lock] Enforcement error:", err);
+      if (!failOpen) {
+        return jsonForbidden(_NextResponse, { error: "x-lock verification failed" });
+      }
+    }
+    return _NextResponse.next();
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  withXlock
+});
+//# sourceMappingURL=next.js.map

package/dist/next.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/next.ts","../src/core.ts"],"sourcesContent":["/**\n * x-lock middleware for Next.js\n *\n * @example\n * ```ts\n * // middleware.ts\n * import { withXlock } from \"@xlock/node/next\";\n * export const middleware = withXlock({\n * siteKey: process.env.NEXT_PUBLIC_XLOCK_SITE_KEY!,\n * protectedPaths: [\"/api/auth/callback\"],\n * });\n * export const config = { matcher: [\"/api/:path*\"] };\n * ```\n */\n\nimport { enforce, DEFAULT_API_URL, type XLockConfig } from \"./core\";\n\nexport interface XLockNextConfig extends XLockConfig {\n /** Path prefixes to protect (POST only) */\n protectedPaths: string[];\n}\n\n// Helper to create a JSON 403 response without importing next/server at build time\nfunction jsonForbidden(NextResponse: any, body: Record<string, unknown>) {\n return NextResponse.json(body, { status: 403 });\n}\n\nexport function withXlock(options: XLockNextConfig) {\n const apiUrl = options.apiUrl || DEFAULT_API_URL;\n const failOpen = options.failOpen !== false;\n\n // next/server is resolved at runtime, not build time\n let _NextResponse: any;\n\n return async function middleware(request: any) {\n if (!_NextResponse) {\n // Dynamic require to avoid TS resolving next/server at build time\n const mod = \"next/server\";\n _NextResponse = (await import(mod)).NextResponse;\n }\n\n if (!options.siteKey) return _NextResponse.next();\n if (request.method !== \"POST\") return _NextResponse.next();\n\n const isProtected = options.protectedPaths.some((p: string) =>\n request.nextUrl.pathname.startsWith(p)\n );\n if (!isProtected) return _NextResponse.next();\n\n const token = request.headers.get(\"x-lock\");\n\n if (!token) {\n return jsonForbidden(_NextResponse, { error: \"Blocked by x-lock: missing token\" });\n }\n\n try {\n const result = await enforce(apiUrl, options.siteKey, token, request.nextUrl.pathname);\n\n if (result.blocked) {\n return jsonForbidden(_NextResponse, { error: \"Blocked by x-lock\", reason: result.reason });\n }\n\n if (result.error && !failOpen) {\n return jsonForbidden(_NextResponse, { error: \"x-lock verification failed\" });\n }\n } catch (err) {\n console.error(\"[x-lock] Enforcement error:\", err);\n if (!failOpen) {\n return jsonForbidden(_NextResponse, { error: \"x-lock verification failed\" });\n }\n }\n\n return _NextResponse.next();\n };\n}\n","/**\n * Core x-lock enforcement logic shared across all framework adapters.\n */\n\nexport const DEFAULT_API_URL = \"https://api.x-lock.dev\";\n\nexport interface XLockConfig {\n /** Your x-lock site key (or set XLOCK_SITE_KEY env var) */\n siteKey?: string;\n /** x-lock API URL (default: https://api.x-lock.dev) */\n apiUrl?: string;\n /** Allow requests through on API errors (default: true) */\n failOpen?: boolean;\n}\n\nexport interface EnforceResult {\n blocked: boolean;\n reason?: string;\n error?: boolean;\n}\n\n/**\n * Call the x-lock enforcement API to verify a token.\n */\nexport async function enforce(\n apiUrl: string,\n siteKey: string,\n token: string,\n path?: string\n): Promise<EnforceResult> {\n let enforceUrl: string;\n let body: Record<string, string>;\n\n if (token.startsWith(\"v3.\")) {\n const sessionId = token.split(\".\")[1];\n enforceUrl = `${apiUrl}/v3/session/enforce`;\n body = { sessionId, siteKey };\n if (path) body.path = path;\n } else {\n enforceUrl = `${apiUrl}/v1/enforce`;\n body = { token, siteKey };\n if (path) body.path = path;\n }\n\n const response = await fetch(enforceUrl, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify(body),\n });\n\n if (response.status === 403) {\n const data = (await response.json()) as { reason?: string };\n return { blocked: true, reason: data.reason };\n }\n\n if (!response.ok) {\n return { blocked: false, error: true };\n }\n\n return { blocked: false };\n}\n\n/**\n * Resolve site key from options or environment.\n */\nexport function resolveSiteKey(siteKey?: string): string | undefined {\n return siteKey || process.env.XLOCK_SITE_KEY;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACIO,IAAM,kBAAkB;AAoB/B,eAAsB,QACpB,QACA,SACA,OACA,MACwB;AACxB,MAAI;AACJ,MAAI;AAEJ,MAAI,MAAM,WAAW,KAAK,GAAG;AAC3B,UAAM,YAAY,MAAM,MAAM,GAAG,EAAE,CAAC;AACpC,iBAAa,GAAG,MAAM;AACtB,WAAO,EAAE,WAAW,QAAQ;AAC5B,QAAI,KAAM,MAAK,OAAO;AAAA,EACxB,OAAO;AACL,iBAAa,GAAG,MAAM;AACtB,WAAO,EAAE,OAAO,QAAQ;AACxB,QAAI,KAAM,MAAK,OAAO;AAAA,EACxB;AAEA,QAAM,WAAW,MAAM,MAAM,YAAY;AAAA,IACvC,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAC9C,MAAM,KAAK,UAAU,IAAI;AAAA,EAC3B,CAAC;AAED,MAAI,SAAS,WAAW,KAAK;AAC3B,UAAM,OAAQ,MAAM,SAAS,KAAK;AAClC,WAAO,EAAE,SAAS,MAAM,QAAQ,KAAK,OAAO;AAAA,EAC9C;AAEA,MAAI,CAAC,SAAS,IAAI;AAChB,WAAO,EAAE,SAAS,OAAO,OAAO,KAAK;AAAA,EACvC;AAEA,SAAO,EAAE,SAAS,MAAM;AAC1B;;;ADrCA,SAAS,cAAc,cAAmB,MAA+B;AACvE,SAAO,aAAa,KAAK,MAAM,EAAE,QAAQ,IAAI,CAAC;AAChD;AAEO,SAAS,UAAU,SAA0B;AAClD,QAAM,SAAS,QAAQ,UAAU;AACjC,QAAM,WAAW,QAAQ,aAAa;AAGtC,MAAI;AAEJ,SAAO,eAAe,WAAW,SAAc;AAC7C,QAAI,CAAC,eAAe;AAElB,YAAM,MAAM;AACZ,uBAAiB,MAAM,OAAO,MAAM;AAAA,IACtC;AAEA,QAAI,CAAC,QAAQ,QAAS,QAAO,cAAc,KAAK;AAChD,QAAI,QAAQ,WAAW,OAAQ,QAAO,cAAc,KAAK;AAEzD,UAAM,cAAc,QAAQ,eAAe;AAAA,MAAK,CAAC,MAC/C,QAAQ,QAAQ,SAAS,WAAW,CAAC;AAAA,IACvC;AACA,QAAI,CAAC,YAAa,QAAO,cAAc,KAAK;AAE5C,UAAM,QAAQ,QAAQ,QAAQ,IAAI,QAAQ;AAE1C,QAAI,CAAC,OAAO;AACV,aAAO,cAAc,eAAe,EAAE,OAAO,mCAAmC,CAAC;AAAA,IACnF;AAEA,QAAI;AACF,YAAM,SAAS,MAAM,QAAQ,QAAQ,QAAQ,SAAS,OAAO,QAAQ,QAAQ,QAAQ;AAErF,UAAI,OAAO,SAAS;AAClB,eAAO,cAAc,eAAe,EAAE,OAAO,qBAAqB,QAAQ,OAAO,OAAO,CAAC;AAAA,MAC3F;AAEA,UAAI,OAAO,SAAS,CAAC,UAAU;AAC7B,eAAO,cAAc,eAAe,EAAE,OAAO,6BAA6B,CAAC;AAAA,MAC7E;AAAA,IACF,SAAS,KAAK;AACZ,cAAQ,MAAM,+BAA+B,GAAG;AAChD,UAAI,CAAC,UAAU;AACb,eAAO,cAAc,eAAe,EAAE,OAAO,6BAA6B,CAAC;AAAA,MAC7E;AAAA,IACF;AAEA,WAAO,cAAc,KAAK;AAAA,EAC5B;AACF;","names":[]}

package/dist/next.mjs ADDED Viewed

@@ -0,0 +1,74 @@
+// src/core.ts
+var DEFAULT_API_URL = "https://api.x-lock.dev";
+async function enforce(apiUrl, siteKey, token, path) {
+  let enforceUrl;
+  let body;
+  if (token.startsWith("v3.")) {
+    const sessionId = token.split(".")[1];
+    enforceUrl = `${apiUrl}/v3/session/enforce`;
+    body = { sessionId, siteKey };
+    if (path) body.path = path;
+  } else {
+    enforceUrl = `${apiUrl}/v1/enforce`;
+    body = { token, siteKey };
+    if (path) body.path = path;
+  }
+  const response = await fetch(enforceUrl, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(body)
+  });
+  if (response.status === 403) {
+    const data = await response.json();
+    return { blocked: true, reason: data.reason };
+  }
+  if (!response.ok) {
+    return { blocked: false, error: true };
+  }
+  return { blocked: false };
+}
+// src/next.ts
+function jsonForbidden(NextResponse, body) {
+  return NextResponse.json(body, { status: 403 });
+}
+function withXlock(options) {
+  const apiUrl = options.apiUrl || DEFAULT_API_URL;
+  const failOpen = options.failOpen !== false;
+  let _NextResponse;
+  return async function middleware(request) {
+    if (!_NextResponse) {
+      const mod = "next/server";
+      _NextResponse = (await import(mod)).NextResponse;
+    }
+    if (!options.siteKey) return _NextResponse.next();
+    if (request.method !== "POST") return _NextResponse.next();
+    const isProtected = options.protectedPaths.some(
+      (p) => request.nextUrl.pathname.startsWith(p)
+    );
+    if (!isProtected) return _NextResponse.next();
+    const token = request.headers.get("x-lock");
+    if (!token) {
+      return jsonForbidden(_NextResponse, { error: "Blocked by x-lock: missing token" });
+    }
+    try {
+      const result = await enforce(apiUrl, options.siteKey, token, request.nextUrl.pathname);
+      if (result.blocked) {
+        return jsonForbidden(_NextResponse, { error: "Blocked by x-lock", reason: result.reason });
+      }
+      if (result.error && !failOpen) {
+        return jsonForbidden(_NextResponse, { error: "x-lock verification failed" });
+      }
+    } catch (err) {
+      console.error("[x-lock] Enforcement error:", err);
+      if (!failOpen) {
+        return jsonForbidden(_NextResponse, { error: "x-lock verification failed" });
+      }
+    }
+    return _NextResponse.next();
+  };
+}
+export {
+  withXlock
+};
+//# sourceMappingURL=next.mjs.map

package/dist/next.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/core.ts","../src/next.ts"],"sourcesContent":["/**\n * Core x-lock enforcement logic shared across all framework adapters.\n */\n\nexport const DEFAULT_API_URL = \"https://api.x-lock.dev\";\n\nexport interface XLockConfig {\n /** Your x-lock site key (or set XLOCK_SITE_KEY env var) */\n siteKey?: string;\n /** x-lock API URL (default: https://api.x-lock.dev) */\n apiUrl?: string;\n /** Allow requests through on API errors (default: true) */\n failOpen?: boolean;\n}\n\nexport interface EnforceResult {\n blocked: boolean;\n reason?: string;\n error?: boolean;\n}\n\n/**\n * Call the x-lock enforcement API to verify a token.\n */\nexport async function enforce(\n apiUrl: string,\n siteKey: string,\n token: string,\n path?: string\n): Promise<EnforceResult> {\n let enforceUrl: string;\n let body: Record<string, string>;\n\n if (token.startsWith(\"v3.\")) {\n const sessionId = token.split(\".\")[1];\n enforceUrl = `${apiUrl}/v3/session/enforce`;\n body = { sessionId, siteKey };\n if (path) body.path = path;\n } else {\n enforceUrl = `${apiUrl}/v1/enforce`;\n body = { token, siteKey };\n if (path) body.path = path;\n }\n\n const response = await fetch(enforceUrl, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify(body),\n });\n\n if (response.status === 403) {\n const data = (await response.json()) as { reason?: string };\n return { blocked: true, reason: data.reason };\n }\n\n if (!response.ok) {\n return { blocked: false, error: true };\n }\n\n return { blocked: false };\n}\n\n/**\n * Resolve site key from options or environment.\n */\nexport function resolveSiteKey(siteKey?: string): string | undefined {\n return siteKey || process.env.XLOCK_SITE_KEY;\n}\n","/**\n * x-lock middleware for Next.js\n *\n * @example\n * ```ts\n * // middleware.ts\n * import { withXlock } from \"@xlock/node/next\";\n * export const middleware = withXlock({\n * siteKey: process.env.NEXT_PUBLIC_XLOCK_SITE_KEY!,\n * protectedPaths: [\"/api/auth/callback\"],\n * });\n * export const config = { matcher: [\"/api/:path*\"] };\n * ```\n */\n\nimport { enforce, DEFAULT_API_URL, type XLockConfig } from \"./core\";\n\nexport interface XLockNextConfig extends XLockConfig {\n /** Path prefixes to protect (POST only) */\n protectedPaths: string[];\n}\n\n// Helper to create a JSON 403 response without importing next/server at build time\nfunction jsonForbidden(NextResponse: any, body: Record<string, unknown>) {\n return NextResponse.json(body, { status: 403 });\n}\n\nexport function withXlock(options: XLockNextConfig) {\n const apiUrl = options.apiUrl || DEFAULT_API_URL;\n const failOpen = options.failOpen !== false;\n\n // next/server is resolved at runtime, not build time\n let _NextResponse: any;\n\n return async function middleware(request: any) {\n if (!_NextResponse) {\n // Dynamic require to avoid TS resolving next/server at build time\n const mod = \"next/server\";\n _NextResponse = (await import(mod)).NextResponse;\n }\n\n if (!options.siteKey) return _NextResponse.next();\n if (request.method !== \"POST\") return _NextResponse.next();\n\n const isProtected = options.protectedPaths.some((p: string) =>\n request.nextUrl.pathname.startsWith(p)\n );\n if (!isProtected) return _NextResponse.next();\n\n const token = request.headers.get(\"x-lock\");\n\n if (!token) {\n return jsonForbidden(_NextResponse, { error: \"Blocked by x-lock: missing token\" });\n }\n\n try {\n const result = await enforce(apiUrl, options.siteKey, token, request.nextUrl.pathname);\n\n if (result.blocked) {\n return jsonForbidden(_NextResponse, { error: \"Blocked by x-lock\", reason: result.reason });\n }\n\n if (result.error && !failOpen) {\n return jsonForbidden(_NextResponse, { error: \"x-lock verification failed\" });\n }\n } catch (err) {\n console.error(\"[x-lock] Enforcement error:\", err);\n if (!failOpen) {\n return jsonForbidden(_NextResponse, { error: \"x-lock verification failed\" });\n }\n }\n\n return _NextResponse.next();\n };\n}\n"],"mappings":";AAIO,IAAM,kBAAkB;AAoB/B,eAAsB,QACpB,QACA,SACA,OACA,MACwB;AACxB,MAAI;AACJ,MAAI;AAEJ,MAAI,MAAM,WAAW,KAAK,GAAG;AAC3B,UAAM,YAAY,MAAM,MAAM,GAAG,EAAE,CAAC;AACpC,iBAAa,GAAG,MAAM;AACtB,WAAO,EAAE,WAAW,QAAQ;AAC5B,QAAI,KAAM,MAAK,OAAO;AAAA,EACxB,OAAO;AACL,iBAAa,GAAG,MAAM;AACtB,WAAO,EAAE,OAAO,QAAQ;AACxB,QAAI,KAAM,MAAK,OAAO;AAAA,EACxB;AAEA,QAAM,WAAW,MAAM,MAAM,YAAY;AAAA,IACvC,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAC9C,MAAM,KAAK,UAAU,IAAI;AAAA,EAC3B,CAAC;AAED,MAAI,SAAS,WAAW,KAAK;AAC3B,UAAM,OAAQ,MAAM,SAAS,KAAK;AAClC,WAAO,EAAE,SAAS,MAAM,QAAQ,KAAK,OAAO;AAAA,EAC9C;AAEA,MAAI,CAAC,SAAS,IAAI;AAChB,WAAO,EAAE,SAAS,OAAO,OAAO,KAAK;AAAA,EACvC;AAEA,SAAO,EAAE,SAAS,MAAM;AAC1B;;;ACrCA,SAAS,cAAc,cAAmB,MAA+B;AACvE,SAAO,aAAa,KAAK,MAAM,EAAE,QAAQ,IAAI,CAAC;AAChD;AAEO,SAAS,UAAU,SAA0B;AAClD,QAAM,SAAS,QAAQ,UAAU;AACjC,QAAM,WAAW,QAAQ,aAAa;AAGtC,MAAI;AAEJ,SAAO,eAAe,WAAW,SAAc;AAC7C,QAAI,CAAC,eAAe;AAElB,YAAM,MAAM;AACZ,uBAAiB,MAAM,OAAO,MAAM;AAAA,IACtC;AAEA,QAAI,CAAC,QAAQ,QAAS,QAAO,cAAc,KAAK;AAChD,QAAI,QAAQ,WAAW,OAAQ,QAAO,cAAc,KAAK;AAEzD,UAAM,cAAc,QAAQ,eAAe;AAAA,MAAK,CAAC,MAC/C,QAAQ,QAAQ,SAAS,WAAW,CAAC;AAAA,IACvC;AACA,QAAI,CAAC,YAAa,QAAO,cAAc,KAAK;AAE5C,UAAM,QAAQ,QAAQ,QAAQ,IAAI,QAAQ;AAE1C,QAAI,CAAC,OAAO;AACV,aAAO,cAAc,eAAe,EAAE,OAAO,mCAAmC,CAAC;AAAA,IACnF;AAEA,QAAI;AACF,YAAM,SAAS,MAAM,QAAQ,QAAQ,QAAQ,SAAS,OAAO,QAAQ,QAAQ,QAAQ;AAErF,UAAI,OAAO,SAAS;AAClB,eAAO,cAAc,eAAe,EAAE,OAAO,qBAAqB,QAAQ,OAAO,OAAO,CAAC;AAAA,MAC3F;AAEA,UAAI,OAAO,SAAS,CAAC,UAAU;AAC7B,eAAO,cAAc,eAAe,EAAE,OAAO,6BAA6B,CAAC;AAAA,MAC7E;AAAA,IACF,SAAS,KAAK;AACZ,cAAQ,MAAM,+BAA+B,GAAG;AAChD,UAAI,CAAC,UAAU;AACb,eAAO,cAAc,eAAe,EAAE,OAAO,6BAA6B,CAAC;AAAA,MAC7E;AAAA,IACF;AAEA,WAAO,cAAc,KAAK;AAAA,EAC5B;AACF;","names":[]}

package/package.json ADDED Viewed

@@ -0,0 +1,94 @@
+{
+  "name": "@xlock/node",
+  "version": "0.1.0",
+  "description": "x-lock bot protection — invisible middleware for Express, Fastify, Koa, Next.js, and Hono",
+  "main": "dist/index.js",
+  "module": "dist/index.mjs",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.js"
+    },
+    "./express": {
+      "types": "./dist/express.d.ts",
+      "import": "./dist/express.mjs",
+      "require": "./dist/express.js"
+    },
+    "./fastify": {
+      "types": "./dist/fastify.d.ts",
+      "import": "./dist/fastify.mjs",
+      "require": "./dist/fastify.js"
+    },
+    "./koa": {
+      "types": "./dist/koa.d.ts",
+      "import": "./dist/koa.mjs",
+      "require": "./dist/koa.js"
+    },
+    "./next": {
+      "types": "./dist/next.d.ts",
+      "import": "./dist/next.mjs",
+      "require": "./dist/next.js"
+    },
+    "./hono": {
+      "types": "./dist/hono.d.ts",
+      "import": "./dist/hono.mjs",
+      "require": "./dist/hono.js"
+    }
+  },
+  "files": [
+    "dist",
+    "LICENSE",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "xlock",
+    "x-lock",
+    "bot-protection",
+    "captcha",
+    "captcha-alternative",
+    "middleware",
+    "express",
+    "fastify",
+    "nextjs",
+    "hono",
+    "koa",
+    "proof-of-work",
+    "recaptcha-alternative",
+    "turnstile-alternative"
+  ],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/x-lock-dev/xlock-node"
+  },
+  "homepage": "https://x-lock.dev",
+  "bugs": {
+    "url": "https://github.com/x-lock-dev/xlock-node/issues"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "peerDependencies": {
+    "next": ">=13.0.0",
+    "hono": ">=3.0.0",
+    "koa": ">=2.0.0",
+    "fastify": ">=4.0.0"
+  },
+  "peerDependenciesMeta": {
+    "next": { "optional": true },
+    "hono": { "optional": true },
+    "koa": { "optional": true },
+    "fastify": { "optional": true }
+  },
+  "devDependencies": {
+    "tsup": "^8.0.0",
+    "typescript": "^5.0.0",
+    "@types/node": "^20.0.0"
+  }
+}