UNPKG

@paystack/checkout-js

Version:

Client-side JS library for billing on Paystack

49 lines (37 loc) 1.86 kB
# Checkout JS Documentation Checkout JS is a billing library for building web checkout flows on Paystack. # Installation ```bash npm install @paystack/checkout-js --save ``` or just grab the js file and add it to your html directly ```html <script src="https://js.paystack.co/v1/checkout.js"></script> ``` # Development Setup This project uses **pnpm** with security hardening for deterministic, reproducible installs. ## First Time Setup 1. Enable Corepack: `corepack enable` (may need `sudo` on Linux) 2. Install dependencies: `pnpm install` 3. Run tests: `pnpm test` 4. Build: `pnpm run build:production` Corepack reads the `packageManager` field in `package.json` to provide the exact pnpm version. ## For CI / Production Installs Always use: ```bash pnpm install --frozen-lockfile pnpm rebuild core-js fsevents husky nodent-runtime ``` ## Security Settings - **ignore-scripts=true**: Blocks arbitrary postinstall/preinstall scripts during install (primary supply chain attack vector) - **strict-ssl=true**: Prevents man-in-the-middle attacks during package downloads - **registry pinning**: Ensures all packages come from official npm registry - **engine-strict=true**: Enforces Node version requirements from package.json - **minimum-release-age=2880**: Delays installing newly published packages by 48 hours (time for community to detect compromised releases) ## Native Dependencies This project has packages that need to compile native code: `core-js, fsevents, husky, nodent-runtime` These are explicitly rebuilt after install to ensure compatibility while maintaining security controls. ## References - [OWASP Top 10 CI/CD Security Risks](https://owasp.org/www-project-top-10-ci-cd-security-risks/) - [pnpm Security Documentation](https://pnpm.io/npmrc#minimum-release-age) - Project security hardening: See `.npmrc` for complete settings