Skip to content

Releases: castle/castle-node

v3.1.0

Choose a tag to compare

@bartes bartes released this 10 Jun 13:12
52bda10

Housekeeping:

  • Slim down the default request context to headers, ip, and library. The client id is carried by headers (the x-castle-client-id header / __cid cookie) and resolved by Castle server-side, so the SDK no longer derives it separately.
  • Remove the internal client-id extraction service and the now-unused cookie helper (HeadersGetCookieService) along with the cookies plumbing in ContextGetDefaultService / ContextPrepareService.

v3.0.0

Choose a tag to compare

@bartes bartes released this 03 Jun 11:01
v3.0.0
95dbbbe

BREAKING CHANGES:

  • Remove the legacy endpoints and their Castle methods: authenticate,
    track, and the device endpoints (getDevice, getDevicesForUser,
    approveDevice, reportDevice). Use risk / filter / log instead. The
    related public types (Payload, DevicePayload, UserDevicePayload,
    AuthenticateResult) are removed as well.
  • Require Node.js >= 20. The SDK now uses the runtime's built-in global
    fetch and AbortSignal instead of node-fetch and abort-controller,
    which are no longer dependencies.
  • Ship a proper dual ESM + CommonJS build via tsup with an exports map
    (separate import/require entry points and type definitions). Importing
    from internal dist/ paths is unsupported; import from the package root.

Features:

  • Add webhook signature verification: Castle#verifyWebhookSignature(rawBody, signature)
    (and WebhookVerifyService) validate the X-Castle-Signature header — a
    base64 HMAC-SHA256 of the raw request body, compared in constant time — and
    raise WebhookVerificationError on mismatch.
  • Add secure-mode signing: Castle#secureModeSignature(userId) (and
    SecureModeService) return a hex HMAC-SHA256 of the user id, for signing user
    IDs sent from the browser.

Enhancements:

  • Rename the Events API methods to queryEvents, eventsSchema, and
    groupEvents. searchEvents and getEventsSchema remain available as
    aliases of queryEvents and eventsSchema, so existing code keeps working.
  • Drop the lodash.get / lodash.isempty / lodash.merge / lodash.pickby /
    lodash.reduce micro-dependencies in favor of native JavaScript helpers
    (src/utils/object.ts).
  • Modernize tsconfig.json: target ES2022, move the strict flag under
    compilerOptions (it was previously a top-level key and silently ignored, so
    strict type-checking was effectively off), and drop unused decorator options.
    strictNullChecks is now enforced.
  • Bump pino to v9 and pino-pretty to v13.
  • Migrate CI from CircleCI to GitHub Actions with a Node 20/22/24/26 matrix.
  • Switch the package manager from Yarn (classic) to npm (package-lock.json,
    npm ci in CI).
  • Add .tool-versions / .nvmrc pinning Node 26.2.0.
  • Add engines.node >= 20 and a typecheck script.
  • Remove the dead ImpersonationFailed error (impersonation endpoints no longer
    exist in the SDK).
  • Restructure the README to match the other Castle SDKs: capabilities list,
    quick start, a full Usage section (Risk/Filter/Log/Lists/Privacy/Events/
    Webhooks/Secure mode), advanced header/IP configuration, and an errors table.

Bug fixes:

  • Add a fully-typed transaction field to RiskPayload, modelled on the public
    OpenAPI schema: base_amount is
    a string, amount is a $fiat/$crypto object, plus payment_method,
    shipping_address and merchant. Exported as TransactionPayload — addresses
    #188.
  • Extend FilterPayload and LogPayload with the same transaction field, since
    both endpoints accept it.
  • Add the missing region_code to AddressPayload and type
    RiskPayload.user.address as AddressPayload.
  • risk no longer throws a TypeError in doNotTrack mode when the payload
    has no user object.

Release v2.3.3

Choose a tag to compare

@mknapik mknapik released this 12 Aug 08:47

What's Changed

Full Changelog: v2.3.1...v2.3.3

Release v2.3.1

Choose a tag to compare

@mknapik mknapik released this 18 Jul 12:18
v2.3.1
dc1e78e
  • Introduce APIs:
    • events/query, events/schema, events/group
    • POST privacy/users, DELETE privacy/users
    • lists/:id/items/batch, lists/:id/items/count
  • make request_token and context optional based on skip parameters

Release v2.2.2

Choose a tag to compare

@bartes bartes released this 05 Jul 10:03
65e5ded

Release v2.2.1

Choose a tag to compare

@bartes bartes released this 08 May 09:25
053875f
  • #157 - exposed more data types publicly

Release v2.2.0

Choose a tag to compare

@bartes bartes released this 05 May 11:59
58018e0
  • #155 #152 #151#150 added more typings, consts and added List API
  • #154 #153 dependencies bumps, removed express.js dependency

Release v2.1.1

Choose a tag to compare

@fgranacha fgranacha released this 24 Jan 18:33
0cd9d48
  • #146 add and expose more typings
  • #147 internal dependencies bumps

Release v2.1.0

Choose a tag to compare

@bartes bartes released this 22 Dec 15:30
f404b33
  • #142 dependencies updates
  • #143 #144 updated definitions to match API schema

Release v2.0.1

Choose a tag to compare

@bartes bartes released this 26 Oct 16:18
0fc3710
  • #140, #138
    • internal dependencies and readme updates