@paystack/checkout-js
Version:
Client-side JS library for billing on Paystack
49 lines (37 loc) • 1.86 kB
Markdown
# Checkout JS Documentation
Checkout JS is a billing library for building web checkout flows on Paystack.
# Installation
```bash
npm install @paystack/checkout-js --save
```
or just grab the js file and add it to your html directly
```html
<script src="https://js.paystack.co/v1/checkout.js"></script>
```
# Development Setup
This project uses **pnpm** with security hardening for deterministic, reproducible installs.
## First Time Setup
1. Enable Corepack: `corepack enable` (may need `sudo` on Linux)
2. Install dependencies: `pnpm install`
3. Run tests: `pnpm test`
4. Build: `pnpm run build:production`
Corepack reads the `packageManager` field in `package.json` to provide the exact pnpm version.
## For CI / Production Installs
Always use:
```bash
pnpm install --frozen-lockfile
pnpm rebuild core-js fsevents husky nodent-runtime
```
## Security Settings
- **ignore-scripts=true**: Blocks arbitrary postinstall/preinstall scripts during install (primary supply chain attack vector)
- **strict-ssl=true**: Prevents man-in-the-middle attacks during package downloads
- **registry pinning**: Ensures all packages come from official npm registry
- **engine-strict=true**: Enforces Node version requirements from package.json
- **minimum-release-age=2880**: Delays installing newly published packages by 48 hours (time for community to detect compromised releases)
## Native Dependencies
This project has packages that need to compile native code: `core-js, fsevents, husky, nodent-runtime`
These are explicitly rebuilt after install to ensure compatibility while maintaining security controls.
## References
- [OWASP Top 10 CI/CD Security Risks](https://owasp.org/www-project-top-10-ci-cd-security-risks/)
- [pnpm Security Documentation](https://pnpm.io/npmrc#minimum-release-age)
- Project security hardening: See `.npmrc` for complete settings