Jump to content
Search Community

NPM premium plugins

blue-infinity test
Moderator Tag

Go to solution Solved by GreenSock,

Warning: Please note

This thread was started before GSAP 3 was released. Some information, especially the syntax, may be out of date for GSAP 3. Please see the GSAP 3 migration guide and release notes for more information about how to update the code to GSAP 3's syntax. 

Recommended Posts

Thanks for the question and your support.

We have done some investigating and have heard some ideas from users but we do not see a clear way of issuing keys to unlock files served through npm (or any cdn). If you have experience or suggestions concerning how we would automate the unique keys being generated when users purchase GreenSock club memberships  and terminating them when their subscriptions expire we would certainly be interested in hearing about it.  Or do you know of any other companies that sell JS libraries and deliver them in such a fashion? We just don't know of any solutions. 

Link to comment
Share on other sites

I don't have any experience in this kind of things but after searching a bit I found https://pgpkeygen.com/ (example with expiration date)

Under the hood it uses https://keybase.io/kbpgp or https://github.com/keybase/kbpgp

So I guess you could implement it on your server, keep the private key and allow the user to download the public key.

Link to comment
Share on other sites

  • Solution

Unfortunately it's not just an issue of generating a key. I think these authentication steps would probably prove even more annoying that just downloading the zip from our site (and frankly I still can't figure out how in the world we could accomplish the authentication properly without massive headaches for our users and GreenSock). 


Also keep in mind that we've very intentionally avoided embedding "phone home" scripts or anything that'd cause the tools to suddenly stop working on live sites. We go out of our way to trust our users and show them respect, hoping that it'll be reciprocated. Our goal isn't to create revenue out of fear ("oh my gosh...I don't want my site to suddenly stop working...I better pay GreenSock."); we'd rather inspire confidence in customers so they WANT to renew because of the value we deliver ("We love those GreenSock tools and the way GreenSock treats us...let's support them and renew our membership. We never want them to stop innovating and supporting their tools."). So we're not inclined to start embedding authentication keys, requiring users to register each project, or anything like that. 


Hopefully it's obvious why we can't just toss the members-only plugins into NPM or the CDN (that'd make it super easy for anyone to steal...even accidentally). I really wish there was a better solution but I just don't see any. 

  • Like 1
Link to comment
Share on other sites

  • 9 months later...

Is there any movement on this? Seems like pretty simple solution is to either use npm private repos or a package zip protected by an api key.


e.g each customer has a api key which can be generated in their account to which gives them a url to use maybe like 




Then users can simply to `npm install ^^` and paste in the url with their key.


Then if the license expired the link will just 401/404 etc - also allows you to scope keys to versions


What would be wrong with that? Would be harder for people to cheat than just tying "MorphSVGPlugin.js" into google and downloading it from one of the hundreds of results for it

Link to comment
Share on other sites

  • 2 years later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...