JSPM

@m2c/core

0.2.2
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 17
  • Score
    100M100P100Q77789F
  • License MIT

Shared protocol primitives (HMAC signing, error taxonomy, money) for the M2C SDKs.

Package Exports

  • @m2c/core

Readme

@m2c/core

Shared protocol primitives for the M2C SDKs. You normally do not depend on this directly - use @m2c/server (merchant backend) or @m2c/vendor (payment vendor), which build on it.

It exists so the security-sensitive parts of the protocol have exactly one implementation:

  • sign(secret, body, { timestampSeconds? }) - produce the X-M2C-Signature / X-M2C-Timestamp pair (HMAC-SHA256 over timestamp + "\n" + body).
  • verify(secret, body, signature, timestamp, { maxSkewSeconds?, nowSeconds? })
    • constant-time verification with the full failure taxonomy.
  • M2CError / M2CSignatureError (with a reason: missing | incomplete | malformed | timestamp_skew | mismatch | empty_secret).
  • getHeader, the header-name constants, and the skew default.
  • MIN_MONETARY_VALUE / MAX_MONETARY_VALUE + assertMonetaryAmount for the major-units-at-the-wire boundary check.

Zero runtime dependencies (built on node:crypto). Requires Node 18+.

The malformed-vs-missing distinction is load-bearing: a malformed-but-present signature is a tampering signal and must always be rejected, even where a rollout flag tolerates a fully-absent one. Every M2C SDK and the M2C server share this behavior, anchored by a known-answer test vector asserted in every suite.