nodejs-insta-private-api-mqt 1.3.73 → 1.3.75

package/dist/core/request.js

@@ -264,7 +264,7 @@ class Request {
     if (!url) return;
     const path = url.toLowerCase();
 
-    if (path.includes('/accounts/login/') || path.includes('/launcher/sync/')) {
+    if (path.includes('/accounts/login/') || path.includes('/launcher/sync/') || path.includes('/bloks/async_action/com.bloks.www.bloks.caa.login')) {
       this.navChain.simulateAppOpen();
       return;
     }

package/dist/mqttot/mqttot.client.js

@@ -65,23 +65,15 @@ class MQTToTClient extends mqtts_1.MqttClient {
         this.registerListeners();
         this.requirePayload = options.requirePayload;
 
-        this._keepaliveMs = (typeof options.keepaliveMs === 'number') ? options.keepaliveMs : (30 * 1000); // default ~30s (mobile-like) to stay well within CONNECT keepAlive=60
+        this._keepaliveMs = (typeof options.keepaliveMs === 'number') ? options.keepaliveMs : (8 * 60 * 1000);
         this._consecutivePingFailures = 0;
-
-        // Stall detection (mobile-like): if we don't receive any traffic for too long,
-        // force a reconnect. This helps recover from half-open sockets.
-        this._lastRxTs = Date.now();
-        this._stallMs = (typeof options.stallMs === 'number') ? options.stallMs : (180 * 1000); // 3 min default
-        this._stallCheckMs = (typeof options.stallCheckMs === 'number') ? options.stallCheckMs : (30 * 1000); // check every 30s
-        this._startStallWatchdog();
-
         this._startKeepalive();
     }
 
     _startKeepalive() {
         try {
             if (this._keepaliveTimer) clearInterval(this._keepaliveTimer);
-            const jitter = Math.floor(Math.random() * 3000);
+            const jitter = Math.floor(Math.random() * 30000);
             this._keepaliveTimer = setInterval(() => {
                 try {
                     if (typeof this.ping === 'function') {
@@ -112,41 +104,7 @@ class MQTToTClient extends mqtts_1.MqttClient {
         }
     }
 
-    
-    _startStallWatchdog() {
-        try {
-            if (this._stallTimer) clearInterval(this._stallTimer);
-            this._stallTimer = setInterval(() => {
-                try {
-                    // only check if we appear connected
-                    const now = Date.now();
-                    const last = this._lastRxTs || 0;
-                    if (last && (now - last) > this._stallMs) {
-                        this.mqttotDebug(`Stall detected: no inbound traffic for ${Math.round((now - last) / 1000)}s (threshold ${Math.round(this._stallMs/1000)}s). Forcing reconnect.`);
-                        this._lastRxTs = now;
-                        this.emit('disconnect', 'stall_timeout');
-                    }
-                } catch (e) {
-                    this.mqttotDebug(`Stall watchdog error: ${e?.message || e}`);
-                }
-            }, this._stallCheckMs);
-        } catch (e) {
-            this.mqttotDebug(`Stall watchdog setup error: ${e?.message || e}`);
-        }
-    }
-
-    _stopStallWatchdog() {
-        try {
-            if (this._stallTimer) {
-                clearInterval(this._stallTimer);
-                this._stallTimer = null;
-            }
-        } catch (e) {
-            // ignore
-        }
-    }
-
-/**
+    /**
      * Stop keepalive timer (call on explicit close/disconnect)
      */
     _stopKeepalive() {
@@ -179,14 +137,9 @@ class MQTToTClient extends mqtts_1.MqttClient {
         // Attach diagnostics
         this.on('error', printErrorOrWarning('Error'));
         this.on('warning', printErrorOrWarning('Warning'));
-        this.on('connect', () => { try { this._lastRxTs = Date.now(); } catch (e) {} });
-
-        // Update last-receive timestamp for stall detection
-        this.on('message', () => { try { this._lastRxTs = Date.now(); } catch (e) {} });
 
         // Listen to ping responses if the library emits them
         this.on('pingresp', () => {
-            try { this._lastRxTs = Date.now(); } catch (e) {}
             this.mqttotDebug('Received PINGRESP (keepalive ok)');
         });
 
@@ -194,7 +147,6 @@ class MQTToTClient extends mqtts_1.MqttClient {
             try {
                 this.mqttotDebug(`Disconnected. Reason: ${reason}`);
                 this._stopKeepalive();
-                this._stopStallWatchdog();
 
                 if (this._options && this._options.autoReconnect === false) {
                     this.mqttotDebug('autoReconnect disabled; will not attempt reconnect.');
@@ -212,8 +164,6 @@ class MQTToTClient extends mqtts_1.MqttClient {
                         await this.connect(this._options);
                         this.mqttotDebug('Reconnected successfully');
                         this._consecutivePingFailures = 0;
-                        this._lastRxTs = Date.now();
-                        this._startStallWatchdog();
                         this._startKeepalive();
                         return;
                     } catch (err) {
@@ -326,7 +276,6 @@ class MQTToTClient extends mqtts_1.MqttClient {
     async gracefulClose() {
         try {
             this._stopKeepalive();
-                this._stopStallWatchdog();
             if (typeof super.close === 'function') {
                 // some libs provide close() or end()
                 await super.close();

package/dist/mqttot/mqttot.connect.request.packet.js

@@ -6,4 +6,4 @@ function writeConnectRequestPacket(stream, options) {
     return {};
 }
 exports.writeConnectRequestPacket = writeConnectRequestPacket;
-//# sourceMappingURL=mqttot.connect.request.packet.js.map
+//# sourceMappingURL=mqttot.connect.request.packet.js.map

package/dist/mqttot/mqttot.connection.js

@@ -71,9 +71,7 @@ MQTToTConnection.thriftConfig = [
         thrift_1.ThriftDescriptors.binary('fbnsDeviceSecret', 25),
         thrift_1.ThriftDescriptors.int64('anotherUnknown', 26),
     ]),
-    thrift_1.ThriftDescriptors.binary('password', 5),
-    thrift_1.ThriftDescriptors.int16('unknown', 5),
-    thrift_1.ThriftDescriptors.listOfBinary('getDiffsRequests', 6),
+    thrift_1.ThriftDescriptors.binary('password', 5),    thrift_1.ThriftDescriptors.listOfBinary('getDiffsRequests', 6),
     thrift_1.ThriftDescriptors.binary('zeroRatingTokenHash', 9),
     thrift_1.ThriftDescriptors.mapBinaryBinary('appSpecificInfo', 10),
 ];

package/dist/realtime/topic.js

@@ -77,4 +77,4 @@ module.exports = {
   Topics,
   RealtimeTopicsArray,
   REALTIME
-};
+};

package/dist/repositories/account.repository.js

@@ -45,22 +45,84 @@ class AccountRepository extends Repository {
     const { encrypted, time } = this.encryptPassword(password);
 
     return this.requestWithRetry(async () => {
-      const countryCode = this.client.state.countryCode || 1;
+      const aacInitTimestamp = Math.floor(Date.now() / 1000) - Math.floor(Math.random() * 50);
+      const aacjid = crypto.randomUUID ? crypto.randomUUID() : require('uuid').v4();
+      const aaccs = crypto.randomBytes(32).toString('base64url');
+
+      const clientInputParams = {
+        aac: JSON.stringify({
+          aac_init_timestamp: aacInitTimestamp,
+          aacjid: aacjid,
+          aaccs: aaccs,
+        }),
+        sim_phones: [],
+        aymh_accounts: [],
+        network_bssid: null,
+        secure_family_device_id: '',
+        has_granted_read_contacts_permissions: 0,
+        auth_secure_device_id: '',
+        has_whatsapp_installed: 1,
+        password: `#PWD_INSTAGRAM:4:${time}:${encrypted}`,
+        sso_token_map_json_string: '{}',
+        block_store_machine_id: '',
+        ig_vetted_device_nonces: '{}',
+        contact_point: username,
+        machine_id: this.client.state.mid || '',
+        login_attempt_count: '0',
+        reg_flow_taken: 'phone',
+        device_id: this.client.state.uuid,
+        phone_id: this.client.state.phoneId,
+        family_device_id: this.client.state.phoneId,
+        encryption_enabled: '1',
+        has_dbl_tap_login: 0,
+        jazoest: AccountRepository.createJazoest(this.client.state.phoneId),
+        openid_tokens: '{}',
+      };
+
+      const serverParams = {
+        credential_type: 'password',
+        device_id: this.client.state.uuid,
+      };
+
+      const paramsJson = JSON.stringify({
+        client_input_params: clientInputParams,
+        server_params: serverParams,
+      });
+
+      const attestParams = AccountRepository.generateAttestParams(this.client.state);
+
+      const bloksHeaders = {
+        'X-Bloks-Prism-Ax-Base-Colors-Enabled': 'false',
+        'X-Bloks-Prism-Button-Version': 'CONTROL',
+        'X-Bloks-Prism-Colors-Enabled': 'true',
+        'X-Bloks-Prism-Font-Enabled': 'false',
+        'X-Bloks-Prism-Indigo-Link-Version': '0',
+        'X-FB-Friendly-Name': 'IgApi: bloks/async_action/com.bloks.www.bloks.caa.login.async.send_login_request/',
+        'X-FB-Request-Analytics-Tags': JSON.stringify({
+          network_tags: {
+            product: this.client.state.fbAnalyticsApplicationId,
+            purpose: 'fetch',
+            surface: 'undefined',
+            request_category: 'api',
+            retry_attempt: '0',
+          },
+        }),
+        'X-IG-Client-Endpoint': 'com.bloks.www.caa.login.aymh_single_profile_screen_entry',
+        'X-Tigon-Is-Retry': 'False',
+        'X-FB-RMD': 'state=URL_ELIGIBLE',
+        'X-IG-Attest-Params': JSON.stringify(attestParams),
+        'X-FB-Connection-Type': 'MOBILE.LTE',
+        'X-FB-Network-Properties': 'VPN;Metered;Validated;LocalAddrs=/10.0.0.2,;',
+        'X-FB-Conn-UUID-Client': crypto.randomBytes(16).toString('hex'),
+        'Accept-Encoding': 'zstd',
+        'X-FB-HTTP-Engine': 'MNS/TCP',
+      };
+
       const response = await this.client.request.send({
         method: 'POST',
-        url: '/api/v1/accounts/login/',
-        form: this.client.request.sign({
-          jazoest: AccountRepository.createJazoest(this.client.state.phoneId),
-          country_codes: JSON.stringify([{ country_code: String(countryCode), source: ['default'] }]),
-          phone_id: this.client.state.phoneId,
-          enc_password: `#PWD_INSTAGRAM:4:${time}:${encrypted}`,
-          username,
-          adid: this.client.state.adid,
-          guid: this.client.state.uuid,
-          device_id: this.client.state.deviceId,
-          google_tokens: '[]',
-          login_attempt_count: '0',
-        }),
+        url: '/api/v1/bloks/async_action/com.bloks.www.bloks.caa.login.async.send_login_request/',
+        form: { params: paramsJson },
+        headers: bloksHeaders,
       });
 
       const body = response.body;
@@ -88,7 +150,51 @@ class AccountRepository extends Repository {
         throw err;
       }
 
-      return body.logged_in_user;
+      if (body.layout) {
+        const layoutStr = typeof body.layout === 'string' ? body.layout : JSON.stringify(body.layout);
+
+        if (layoutStr.includes('two_factor_required') || layoutStr.includes('"two_factor_info"')) {
+          let twoFactorInfo = null;
+          try {
+            const match = layoutStr.match(/"two_factor_info"\s*:\s*(\{[^}]+\})/);
+            if (match) twoFactorInfo = JSON.parse(match[1]);
+          } catch (e) {}
+          const err = new Error('Two factor authentication required');
+          err.name = 'IgLoginTwoFactorRequiredError';
+          err.twoFactorInfo = twoFactorInfo;
+          throw err;
+        }
+
+        if (layoutStr.includes('bad_password') || layoutStr.includes('incorrect_password')) {
+          const err = new Error('Bad password');
+          err.name = 'IgLoginBadPasswordError';
+          throw err;
+        }
+
+        if (layoutStr.includes('invalid_user') || layoutStr.includes('user_not_found')) {
+          const err = new Error('Invalid user');
+          err.name = 'IgLoginInvalidUserError';
+          throw err;
+        }
+
+        if (layoutStr.includes('challenge_required')) {
+          const err = new Error('Challenge required');
+          err.name = 'IgCheckpointError';
+          err.challengeInfo = body.challenge || null;
+          throw err;
+        }
+      }
+
+      if (body.logged_in_user) {
+        return body.logged_in_user;
+      }
+
+      try {
+        const userInfo = await this.currentUser();
+        return userInfo.user || userInfo;
+      } catch (e) {
+        return body;
+      }
     });
   }
 
@@ -459,6 +565,96 @@ class AccountRepository extends Repository {
     });
   }
 
+  static generateAttestParams(state) {
+    const challengeNonce = crypto.randomBytes(24).toString('base64url');
+
+    const { privateKey, publicKey } = crypto.generateKeyPairSync('ec', {
+      namedCurve: 'prime256v1',
+    });
+
+    const signedData = crypto.sign(null, Buffer.from(challengeNonce), privateKey);
+    const signedNonce = signedData.toString('base64');
+
+    const publicKeyDer = publicKey.export({ type: 'spki', format: 'der' });
+    const keyHash = crypto.createHash('sha256').update(publicKeyDer).digest('hex');
+
+    const leafCertPem = AccountRepository._generateSelfSignedCert(privateKey, publicKey, 'Android Keystore Key');
+    const intermediateCertPem = AccountRepository._generateSelfSignedCert(privateKey, publicKey, 'TEE');
+
+    const certificateChain = leafCertPem + '\n' + intermediateCertPem;
+
+    return {
+      attestation: [{
+        version: 2,
+        type: 'keystore',
+        errors: [0],
+        challenge_nonce: challengeNonce,
+        signed_nonce: signedNonce,
+        key_hash: keyHash,
+        certificate_chain: certificateChain,
+      }],
+    };
+  }
+
+  static _generateSelfSignedCert(privateKey, publicKey, cn) {
+    const publicKeyDer = publicKey.export({ type: 'spki', format: 'der' });
+    const serialNumber = crypto.randomBytes(8);
+    const now = new Date();
+    const notBefore = new Date(now.getTime() - 365 * 24 * 60 * 60 * 1000);
+    const notAfter = new Date(now.getTime() + 10 * 365 * 24 * 60 * 60 * 1000);
+
+    const cnBytes = Buffer.from(cn, 'utf8');
+    const cnSeq = Buffer.concat([
+      Buffer.from([0x30, cnBytes.length + 13]),
+      Buffer.from([0x31, cnBytes.length + 11]),
+      Buffer.from([0x30, cnBytes.length + 9]),
+      Buffer.from([0x06, 0x03, 0x55, 0x04, 0x03]),
+      Buffer.from([0x0c, cnBytes.length]),
+      cnBytes,
+    ]);
+
+    function encodeTime(date) {
+      const str = date.toISOString().replace(/[-:T]/g, '').slice(2, 14) + 'Z';
+      return Buffer.concat([Buffer.from([0x17, str.length]), Buffer.from(str)]);
+    }
+
+    const validityBuf = Buffer.concat([
+      encodeTime(notBefore),
+      encodeTime(notAfter),
+    ]);
+    const validity = Buffer.concat([Buffer.from([0x30, validityBuf.length]), validityBuf]);
+
+    const tbs = Buffer.concat([
+      Buffer.from([0xa0, 0x03, 0x02, 0x01, 0x02]),
+      Buffer.from([0x02, serialNumber.length]), serialNumber,
+      Buffer.from([0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02]),
+      cnSeq,
+      validity,
+      cnSeq,
+      publicKeyDer,
+    ]);
+
+    const tbsSeq = Buffer.concat([Buffer.from([0x30, 0x82]), Buffer.alloc(2), tbs]);
+    tbsSeq.writeUInt16BE(tbs.length, 2);
+
+    const signature = crypto.sign(null, tbsSeq, privateKey);
+
+    const sigBitString = Buffer.concat([
+      Buffer.from([0x03, signature.length + 1, 0x00]),
+      signature,
+    ]);
+
+    const algId = Buffer.from([0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02]);
+
+    const certBody = Buffer.concat([tbsSeq, algId, sigBitString]);
+    const cert = Buffer.concat([Buffer.from([0x30, 0x82]), Buffer.alloc(2), certBody]);
+    cert.writeUInt16BE(certBody.length, 2);
+
+    const b64 = cert.toString('base64');
+    const lines = b64.match(/.{1,76}/g) || [b64];
+    return '-----BEGIN CERTIFICATE-----\n' + lines.join('\n') + '\n-----END CERTIFICATE-----';
+  }
+
   static createJazoest(input) {
     const buf = Buffer.from(input, 'ascii');
     let sum = 0;

package/dist/thrift/thrift.js

@@ -1,101 +1,111 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.int64ToNumber = exports.ThriftDescriptors = exports.isThriftBoolean = exports.ThriftTypes = void 0;
+exports.isSafeInt64 = exports.int64ToBigInt = exports.int64ToNumberSafe = exports.int64ToNumber = exports.ThriftDescriptors = exports.isThriftBoolean = exports.ThriftTypes = void 0;
+
+/**
+ * Thrift Compact Protocol (subset) helpers used by nodejs-insta-private-api-mqt.
+ * Notes:
+ * - Instagram's MQTT-over-Thrift payloads can contain INT_64 values that exceed JS Number safe range.
+ * - This module keeps backward compatibility (int64ToNumber) but also exposes safe helpers.
+ */
+
 exports.ThriftTypes = {
-    STOP: 0x00,
-    TRUE: 0x01,
-    FALSE: 0x02,
-    BYTE: 0x03,
-    INT_16: 0x04,
-    INT_32: 0x05,
-    INT_64: 0x06,
-    DOUBLE: 0x07,
-    BINARY: 0x08,
-    LIST: 0x09,
-    SET: 0x0a,
-    MAP: 0x0b,
-    STRUCT: 0x0c,
-    LIST_INT_16: (0x04 << 8) | 0x09,
-    LIST_INT_32: (0x05 << 8) | 0x09,
-    LIST_INT_64: (0x06 << 8) | 0x09,
-    LIST_BINARY: (0x08 << 8) | 0x09,
-    MAP_BINARY_BINARY: (0x88 << 8) | 0x0b,
-    // internal!
-    BOOLEAN: 0xa1,
+  STOP: 0x00,
+  TRUE: 0x01,
+  FALSE: 0x02,
+  BYTE: 0x03,
+  INT_16: 0x04,
+  INT_32: 0x05,
+  INT_64: 0x06,
+  DOUBLE: 0x07,
+  BINARY: 0x08,
+  LIST: 0x09,
+  SET: 0x0a,
+  MAP: 0x0b,
+  STRUCT: 0x0c,
+
+  // Common "packed" meta-types used by this project:
+  LIST_INT_16: (0x04 << 8) | 0x09,
+  LIST_INT_32: (0x05 << 8) | 0x09,
+  LIST_INT_64: (0x06 << 8) | 0x09,
+  LIST_BINARY: (0x08 << 8) | 0x09,
+  MAP_BINARY_BINARY: (0x88 << 8) | 0x0b,
+
+  // internal!
+  BOOLEAN: 0xa1,
 };
+
 function isThriftBoolean(type) {
-    type &= 0x0f;
-    return type === exports.ThriftTypes.TRUE || type === exports.ThriftTypes.FALSE || type === exports.ThriftTypes.BOOLEAN;
+  type &= 0x0f;
+  return (
+    type === exports.ThriftTypes.TRUE ||
+    type === exports.ThriftTypes.FALSE ||
+    type === exports.ThriftTypes.BOOLEAN
+  );
 }
 exports.isThriftBoolean = isThriftBoolean;
+
 exports.ThriftDescriptors = {
-    boolean: (fieldName, field) => ({
-        field,
-        fieldName,
-        type: exports.ThriftTypes.BOOLEAN,
-    }),
-    byte: (fieldName, field) => ({ field, fieldName, type: exports.ThriftTypes.BYTE }),
-    int16: (fieldName, field) => ({
-        field,
-        fieldName,
-        type: exports.ThriftTypes.INT_16,
-    }),
-    int32: (fieldName, field) => ({
-        field,
-        fieldName,
-        type: exports.ThriftTypes.INT_32,
-    }),
-    int64: (fieldName, field) => ({
-        field,
-        fieldName,
-        type: exports.ThriftTypes.INT_64,
-    }),
-    double: (fieldName, field) => ({
-        field,
-        fieldName,
-        type: exports.ThriftTypes.DOUBLE,
-    }),
-    binary: (fieldName, field) => ({
-        field,
-        fieldName,
-        type: exports.ThriftTypes.BINARY,
-    }),
-    listOfInt16: (fieldName, field) => ({
-        field,
-        fieldName,
-        type: exports.ThriftTypes.LIST_INT_16,
-    }),
-    listOfInt32: (fieldName, field) => ({
-        field,
-        fieldName,
-        type: exports.ThriftTypes.LIST_INT_32,
-    }),
-    listOfInt64: (fieldName, field) => ({
-        field,
-        fieldName,
-        type: exports.ThriftTypes.LIST_INT_64,
-    }),
-    listOfBinary: (fieldName, field) => ({
-        field,
-        fieldName,
-        type: exports.ThriftTypes.LIST_BINARY,
-    }),
-    mapBinaryBinary: (fieldName, field) => ({
-        field,
-        fieldName,
-        type: exports.ThriftTypes.MAP_BINARY_BINARY,
-    }),
-    struct: (fieldName, field, descriptors) => ({
-        field,
-        fieldName,
-        type: exports.ThriftTypes.STRUCT,
-        structDescriptors: descriptors,
-    }),
+  boolean: (fieldName, field) => ({ field, fieldName, type: exports.ThriftTypes.BOOLEAN }),
+  byte: (fieldName, field) => ({ field, fieldName, type: exports.ThriftTypes.BYTE }),
+  int16: (fieldName, field) => ({ field, fieldName, type: exports.ThriftTypes.INT_16 }),
+  int32: (fieldName, field) => ({ field, fieldName, type: exports.ThriftTypes.INT_32 }),
+  int64: (fieldName, field) => ({ field, fieldName, type: exports.ThriftTypes.INT_64 }),
+  double: (fieldName, field) => ({ field, fieldName, type: exports.ThriftTypes.DOUBLE }),
+  binary: (fieldName, field) => ({ field, fieldName, type: exports.ThriftTypes.BINARY }),
+  listOfInt16: (fieldName, field) => ({ field, fieldName, type: exports.ThriftTypes.LIST_INT_16 }),
+  listOfInt32: (fieldName, field) => ({ field, fieldName, type: exports.ThriftTypes.LIST_INT_32 }),
+  listOfInt64: (fieldName, field) => ({ field, fieldName, type: exports.ThriftTypes.LIST_INT_64 }),
+  listOfBinary: (fieldName, field) => ({ field, fieldName, type: exports.ThriftTypes.LIST_BINARY }),
+  mapBinaryBinary: (fieldName, field) => ({ field, fieldName, type: exports.ThriftTypes.MAP_BINARY_BINARY }),
+  struct: (fieldName, field, descriptors) => ({
+    field,
+    fieldName,
+    type: exports.ThriftTypes.STRUCT,
+    structDescriptors: descriptors,
+  }),
 };
+
+function int64ToBigInt(i64) {
+  if (typeof i64 === "bigint") return i64;
+  if (typeof i64 === "number") return BigInt(i64);
+  if (typeof i64 === "string") return BigInt(i64);
+  if (i64 && typeof i64 === "object") {
+    // Support patterns: { int: bigint } (our reader), Long-like, etc.
+    if (typeof i64.int === "bigint") return i64.int;
+    if (typeof i64.toString === "function") return BigInt(i64.toString());
+  }
+  // Fallback (may throw)
+  return BigInt(i64);
+}
+exports.int64ToBigInt = int64ToBigInt;
+
+function isSafeInt64(i64) {
+  const bi = int64ToBigInt(i64);
+  const max = BigInt(Number.MAX_SAFE_INTEGER);
+  const min = BigInt(Number.MIN_SAFE_INTEGER);
+  return bi <= max && bi >= min;
+}
+exports.isSafeInt64 = isSafeInt64;
+
+/**
+ * Backward compatible: converts to Number (may lose precision if out of range).
+ */
 function int64ToNumber(i64) {
-    if (typeof i64 === 'number')
-        return i64;
-    return Number(i64);
+  if (typeof i64 === "number") return i64;
+  // Preserve previous behavior (Number(...) fallback)
+  return Number(i64 && typeof i64 === "object" && "int" in i64 ? i64.int : i64);
 }
 exports.int64ToNumber = int64ToNumber;
-//# sourceMappingURL=thrift.js.map
+
+/**
+ * Safe conversion: throws if out of safe range.
+ */
+function int64ToNumberSafe(i64) {
+  const bi = int64ToBigInt(i64);
+  if (!isSafeInt64(bi)) {
+    throw new RangeError(`int64 out of safe Number range: ${bi.toString()}`);
+  }
+  return Number(bi);
+}
+exports.int64ToNumberSafe = int64ToNumberSafe;