stripe-js VS stripe-cli

At ReadMe, we’re constantly keeping an eye on the best DX out there, and we’ve come to notice a trend. Many of the top API-first companies out there offer their own custom SDKs, such as Stripe, Twilio, and Plaid (and I’m only linking to their JavaScript SDKs!).

Due to PCI compliance requirements, the Stripe.js library has to be loaded from Stripe's servers. This creates a challenge when working with server-side rendered apps, as the window object is not available on the server. To help us manage that complexity, Stripe provides a loading wrapper that allows importing Stripe.js like an ES module:

This approach was no different when I started thinking about the SprintDock website (a working title) and backend infrastructure needed for the first time back in April 2021, when I was still working full-time. This was until I started playing around with Stripe JS.

Stripe.js should not require React to run - I wouldn't recommend using React unless you want it for some other reason. Maybe check out the docs here for how to get started? https://stripe.com/docs/js

Implement Stripe JS to collect card details and convert to token on the frontend

That’s all for this tutorial. Hopefully it has given you an understanding of how to process Stripe payments in a Node.js application. There are many more configurable options available not used in this tutorial. To discover all these options the offical Stripe.js documentation is an excellent resource.

Thank you to our top open-source contributors this month: marcoscannabrava, viablecell (stripe-js), williammartin (stripe-node), jmarkowski, kronthto, hibariya (stripe-samples), alihussain5, Morriar, tophattom, richardxia, RyanBrushett, karmakaze, alexdunae, Bo98, kddeisz (sorbet).

For a payment gateway, you should check out Stripe. You can use their JavaScript SDK which allows you to take payment (https://stripe.com/docs/js). A competent developer with experience in these SDKs could wire up a payment gateway anywhere between a day and a couple of days.

https://github.com/stripe/stripe-js strikes perhaps the most realistic balance possible, recognizing that NPM is an insecure place for their core JS logic that creates a PCI compliant iFrame, and so their NPM package is just a loader for a script tag hosted securely. And yet they encourage people to use NPM for the wrapper itself. Which is just as vulnerable to supply chain attacks as anything else on NPM. If this isn't tacit acknowledgement of a "new standard" I don't know what is. I absolutely agree that it's problematic.

I've always found this to be a very useful practice. Many projects have a few core files (or packages / modules / whatever) where most of the changes happen. Being able to familiarize new contributors (or old returning ones) with those quickly really helps the startup time on a project.

I've added architecture files to projects at multiple jobs now [0], [1] and they've been well received. They're not perfect, but they're better than nothing.

[0]: https://github.com/zapier/zapier-platform/pull/324

[1]: https://github.com/stripe/stripe-cli/blob/master/ARCHITECTUR...

Stripe CLI

Before getting started with this, make sure that you have the Stripe CLI installed. Click me

You'll need the Stripe CLI installed.

The easiest way is to use stripe cli. You can download it here.

​ We use CLIs to perform quick actions from the comfort of our terminals and automate recurring tasks. You might use the GitLab CLI to submit your code in a merge request, so the team can review it and include it in the next release, for example. Many other developer platforms like AWS, Stripe, Sentry, and CircleCI offer CLIs as well. ​ Connecting a CLI to your online account often involves generating API access keys in a browser, then pasting those values into the terminal. Those credentials are usually saved in a plaintext config file that gives the CLI persistent access to your account, even after reboots. But if an attacker or process gains access to your system, they have the same level of access to your account that you do. ​ We built 1Password Shell Plugins so you can securely store all of your access keys in encrypted 1Password vaults, rather than on disk. When you use a Shell Plugin for a particular service, access to the associated API keys is restricted to your specific terminal session. ​ Because they're saved in 1Password, you can securely sign in to any CLI with your fingerprint or another form of biometrics. If the service supports it, MFA codes can be filled automatically – so there’s no need to pull out your phone multiple times every day. ​ In fact, there’s no need to type anything. No plaintext, no typing passwords, no hassle – you can stay in the zone and focus on the task at hand. ​

You’re probably looking for this: https://stripe.com/docs/stripe-cli

The Stripe CLI (command line interface) and Stripe for VS Code extension are essential tools when you’re building, testing and managing your Stripe integration. In this article you’ll learn about the powerful features of the Stripe CLI and how you can leverage those features both on the command line and via the VS Code extension.

You can test locally with the stripe CLI tool https://stripe.com/docs/stripe-cli, that sends the webhook info through localhost.