NPM premium plugins

[blue-infinity]

Hi,

 

I would want to know if it is possible tu use premium plugins with the npm package (without having to download the package from my account).

If it is not possible do you plan to have like a key to unlock the premium plugins using the npm package ?

 

Thanks.

[Carl]

Thanks for the question and your support.

We have done some investigating and have heard some ideas from users but we do not see a clear way of issuing keys to unlock files served through npm (or any cdn). If you have experience or suggestions concerning how we would automate the unique keys being generated when users purchase GreenSock club memberships  and terminating them when their subscriptions expire we would certainly be interested in hearing about it.  Or do you know of any other companies that sell JS libraries and deliver them in such a fashion? We just don't know of any solutions. 

[blue-infinity]

I don't have any experience in this kind of things but after searching a bit I found https://pgpkeygen.com/ (example with expiration date)

Under the hood it uses https://keybase.io/kbpgp or https://github.com/keybase/kbpgp

So I guess you could implement it on your server, keep the private key and allow the user to download the public key.

[GreenSock]

Unfortunately it's not just an issue of generating a key. I think these authentication steps would probably prove even more annoying that just downloading the zip from our site (and frankly I still can't figure out how in the world we could accomplish the authentication properly without massive headaches for our users and GreenSock). 

 

Also keep in mind that we've very intentionally avoided embedding "phone home" scripts or anything that'd cause the tools to suddenly stop working on live sites. We go out of our way to trust our users and show them respect, hoping that it'll be reciprocated. Our goal isn't to create revenue out of fear ("oh my gosh...I don't want my site to suddenly stop working...I better pay GreenSock."); we'd rather inspire confidence in customers so they WANT to renew because of the value we deliver ("We love those GreenSock tools and the way GreenSock treats us...let's support them and renew our membership. We never want them to stop innovating and supporting their tools."). So we're not inclined to start embedding authentication keys, requiring users to register each project, or anything like that. 

 

Hopefully it's obvious why we can't just toss the members-only plugins into NPM or the CDN (that'd make it super easy for anyone to steal...even accidentally). I really wish there was a better solution but I just don't see any. 

[OSUblake]

I would just create a private repo and install from there. GSAP releases are usually by spaced out by several months, so it's not like you'll have to update it every week.

[owenmelbz]

Is there any movement on this? Seems like pretty simple solution is to either use npm private repos or a package zip protected by an api key.

 

e.g each customer has a api key which can be generated in their account to which gives them a url to use maybe like 

 

https://npm.greensock.com/plugin-1.0.zip?key=x999999999x8xxxxxxxxx888888x8

 

Then users can simply to `npm install ^^` and paste in the url with their key.

 

Then if the license expired the link will just 401/404 etc - also allows you to scope keys to versions

 

What would be wrong with that? Would be harder for people to cheat than just tying "MorphSVGPlugin.js" into google and downloading it from one of the hundreds of results for it

[OSUblake]

Here's the most recent discussion on that, although no solution at the moment.

 

[Bird Dad]

Can't just do what Font Awesome does for their paid npm repo?