Gathering detailed insights and metrics for @stripe/stripe-js
Gathering detailed insights and metrics for @stripe/stripe-js
Gathering detailed insights and metrics for @stripe/stripe-js
Gathering detailed insights and metrics for @stripe/stripe-js
npm install @stripe/stripe-js
Module System
Min. Node Version
Typescript Support
Node Version
NPM Version
635 Stars
517 Commits
157 Forks
36 Watching
139 Branches
2,968 Contributors
Updated on 26 Nov 2024
TypeScript (94.92%)
Shell (3.22%)
JavaScript (1.86%)
Cumulative downloads
Total Downloads
Last day
-10.1%
341,724
Compared to previous day
Last week
0.4%
1,920,394
Compared to previous week
Last month
9%
8,216,947
Compared to previous month
Last year
37.1%
84,205,647
Compared to previous year
24
This package allows Stripe.js to be imported as a CommonJS module or ES module.
Note: To be
PCI compliant,
you must load Stripe.js directly from https://js.stripe.com
. You cannot
include it in a bundle or host it yourself. This package wraps the global
Stripe
function provided by the Stripe.js script as an ES module.
Calling loadStripe
always loads the latest version of Stripe.js, regardless of
which version of @stripe/stripe-js
you use. Updates for this package only
impact tooling around the loadStripe
helper itself and the TypeScript type
definitions provided for Stripe.js. Updates do not affect runtime availability
of features of Stripe.js.
Use npm
to install the Stripe.js module:
1npm install @stripe/stripe-js
loadStripe
This function returns a Promise
that resolves with a newly created Stripe
object once Stripe.js has loaded. It takes the same parameters passed when
directly
initializing a Stripe
instance. If
necessary, it will load Stripe.js for you by inserting the Stripe.js script tag.
If you call loadStripe
in a server environment it will resolve to null
.
1import {loadStripe} from '@stripe/stripe-js'; 2 3const stripe = await loadStripe('pk_test_TYooMQauvdEDq54NiTphI7jx');
We’ve placed a random API key in this example. Replace it with your actual publishable API keys to test this code through your Stripe account.
For more information on how to use Stripe.js, please refer to the Stripe.js API reference or learn to accept a payment with Stripe.
If you have deployed a Content Security Policy, make sure to include Stripe.js in your directives.
This package includes TypeScript declarations for Stripe.js. We support projects using TypeScript versions >= 3.1.
Some methods in Stripe.js accept and return objects from the
Stripe API. The type declarations in
@stripe/stripe-js
for these objects in will always track the
latest version of the Stripe API. If
you would like to use these types but are using an older version of the Stripe
API, we recommend
updating to the latest version,
or ignoring and overriding the type definitions as necessary.
Note that we may release new minor and patch versions of
@stripe/stripe-js
with small but backwards-incompatible fixes to the type
declarations. These changes will not affect Stripe.js itself.
To best leverage Stripe’s advanced fraud functionality, ensure that Stripe.js is loaded on every page, not just your checkout page. This allows Stripe to detect suspicious behavior that may be indicative of fraud as customers browse your website.
By default, this module will insert a <script>
tag that loads Stripe.js from
https://js.stripe.com
. This happens as a side effect immediately upon
importing this module. If you utilize code splitting or only include your
JavaScript app on your checkout page, the Stripe.js script will only be
available in parts of your site. To ensure Stripe.js is available everywhere,
you can perform either of the following steps:
Import @stripe/stripe-js
as a side effect in code that will be included
throughout your site (e.g. your root module). This will make sure the Stripe.js
script tag is inserted immediately upon page load.
1import '@stripe/stripe-js';
Manually add the Stripe.js script tag to the <head>
of each page on your site.
If an existing script tag is already present, this module will not insert a new
one. When you call loadStripe
, it will use the existing script tag.
1<!-- Somewhere in your site's <head> --> 2<script src="https://js.stripe.com/v3" async></script>
loadStripe
without side effectsIf you would like to use loadStripe
in your application, but defer loading the
Stripe.js script until loadStripe
is first called, use the alternative
@stripe/stripe-js/pure
import module:
1// CommonJS module import 2const {loadStripe} = require('@stripe/stripe-js/pure'); 3// ES module import 4import {loadStripe} from '@stripe/stripe-js/pure'; 5 6// Stripe.js will not be loaded until `loadStripe` is called 7const stripe = await loadStripe('pk_test_TYooMQauvdEDq54NiTphI7jx');
If you would like to
disable advanced fraud detection
altogether, use loadStripe.setLoadParameters
:
1// CommonJS module import 2const {loadStripe} = require('@stripe/stripe-js/pure'); 3// ES module import 4import {loadStripe} from '@stripe/stripe-js/pure'; 5 6loadStripe.setLoadParameters({advancedFraudSignals: false}); 7const stripe = await loadStripe('pk_test_TYooMQauvdEDq54NiTphI7jx');
The loadStripe.setLoadParameters
function is only available when importing
loadStripe
from @stripe/stripe-js/pure
.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
license file detected
Details
Reason
security policy file detected
Details
Reason
Found 15/25 approved changesets -- score normalized to 6
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Reason
project is not fuzzed
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Reason
47 existing vulnerabilities detected
Details
Score
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More