npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

spigot-anti-piracy-backend

v2.1.2

Published

A koajs application to blacklist leaked plugins

Downloads

31

Readme

spigot-anti-piracy-backend

Linting Run a security audit Coverage Run the testsuite

Dependency Status devDependency Status Test Coverage Code Climate Known Vulnerabilities

Commitizen friendly Dependabot Status License npm

A Koa.js powered Node.js backend to blacklist leaked Spigot Premium plugins

Motivation

I'm sad that such a project is existing.
Since 2011 I'm providing the community with a lot of free CraftBukkit plugins. Over one and a half million downloads in total. That is a huge number. Nevertheless, the community is in some points an unkind one. It does not matter how much spare time you spent working on the new version, the update was never fast enough. And complaining is always easier than saying 'thank you!'.

With the premium plugin solution, Spigot offers the developers a way to the get something back for their work. And in general a lot cheaper than hiring a private plugin developer. When you see your plugin only one week after the initial release on sites that offer leaked plugins, it's frustrating.

That's why I decided to make my own validation service - to blacklist the leaker is often a lot faster than sending DMCA requests to One-Click-Hosters (OCH).

Description

The Spigot built in piracy protection is known and easy to remove. There is a way to receive the user id of the buyer in your code. Please contact me on SpigotMC, I'd like to make the method not total publicly accessible (although it is when you dig enough).

Once you retrieved the user id you can make a POST request the URL where you service runs. In the body, include the following information:

user_id=foobar

(userId works, too)

An example Java implementation can be found in docs/.

The service is only accepting POST, no GET. You receive a JSON with either blacklisted true or false:

{
    "blacklisted": true
}

Installation

Ensure that your server you wish to run the piracy backend with is running at least Node.js v12 LTS

Normal Installation

$ npm install -g spigot-anti-piracy-backend

(Optionally without the global flag)

Development Installation

$ git clone https://github.com/timbru31/spigot-anti-piracy-backend.git
$ cd spigot-anti-piracy-backend
$ npm install
$ npm run watch

Usage

You need to manually maintain a blacklisted users file. I'd recommend a simple text file, with one blacklisted user id per line.

Just use

$ npm run start

Configuration via environment variables

| Environment Variable | Default | Description | | :--------------------- | :----------------- | :------------------------------------------------------------------- | | PORT | 3000 | Port to run the app on | | BLACKLISTED_USERS_FILE | ./banned_users.txt | Blacklist file | | LOG_FILE | ./request.log | Log file for requests | | PROXY | false | Tells Koa to run on proxy mode, for support for X-Forwarded Headers | | JSON_LOG | true | Logs to the file in a JSON format, disable for human readable output |

It's up to you, if you would like to spin the service up with e.g. a linux start script.
For example, below is a systemd script which runs the script as a non-privileged user.

[Unit]
Description=Spigot Anti-Piracy Backend Server
After=network.target

[Service]
Environment=PORT=3005
Environment=BLACKLISTED_USERS_FILE=/home/example/banned_users.txt
Type=simple
User=example
# Assuming a global installation
ExecStart=spigot-anti-piracy-backend
Restart=on-failure

[Install]
WantedBy=multi-user.target

Development

You can watch the app.ts for file changes via the task

$ npm run watch

It uses Nodemon to watch for file changes and re-starts the server if any are found.

Test are run with Mocha via

$ npm run test

The code is linted using TSLint.
Keep the warnings to zero. :smile:

Please make sure they all pass and add new ones when you develop new stuff! :smile:

Please follow the commitizen style when making new commits!

Future

Since this is a blacklist solution, a planned future is to validate the supplied user id against the buyers of the premium plugin. Only when it's on the list, the plugin is allowed to start (as long, as the user is not blacklisted).

The following document query can be used to retrieve an array of all user ids who bought the plugin:

let buyers = Array.from(
    document.querySelector('.memberList').querySelectorAll('a.username')
);
buyers.forEach((elem, index, arr) => {
    arr[index] = parseInt(
        elem.pathname
            .replace(/\/members\/[-_a-zA-Z0-9]+\./, '')
            .replace('/', '')
    );
});

Built by (c) Tim Brust and contributors. Released under the MIT license.