registry  /  n-payment  /  0.30.1

n-payment@0.30.1

Chain-agnostic SDK for agentic payments. One fetchWithPayment(url) call auto-detects HTTP 402 challenges across any supported chain or protocol (x402, MPP, payment channels, on-chain settle, cross-chain corridors), signs with a CAIP-2 multichain wallet, r

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. Payment, wallet, CLI, and state-write capabilities are exposed as explicit runtime APIs rather than activated during install or import.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
Caller explicitly invokes payment, wallet lifecycle, faucet, or state-store APIs.
Impact
Can sign or submit caller-requested transactions and invoke configured wallet tooling; no unconsented behavior found.
Mechanism
User-directed blockchain payment and wallet-management SDK operations.
Rationale
The scanner findings reflect the package's stated payment-SDK functionality. Direct source inspection found no install/import trigger or concrete malicious chain.
Evidence
package.jsondist/index.mjsdist/agent/mcp-server.mjsdist/chunk-U7VBJBEN.mjs

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `dist/index.mjs` provides explicit wallet signing, transfers, and testnet faucet helpers.
  • `dist/index.mjs` can invoke an OWS CLI only through exported backup/restore/configuration methods.
  • `dist/index.mjs` has a caller-configured JSON state store write path.
Evidence against
  • `package.json` contains only `prepublishOnly`; no install-time lifecycle hook exists.
  • No import-time network call, transfer, CLI invocation, or filesystem mutation was found.
  • Dynamic imports target declared optional wallet/payment dependencies, not remote code.
  • No credential harvesting, exfiltration, AI-agent config mutation, persistence, or destructive logic was found.
  • The MCP export is a package-owned paid-tool server API, not an agent control-surface installer.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 10 file(s), 975 KB of source, external domains: api.cdp.coinbase.com, api.devnet.solana.com, api.mainnet-beta.solana.com, api.skip.build, api.x402.goat.network, bridge.goat.network, bsc-dataseed.binance.org, channels.openzeppelin.com, coston2-api.flare.network, data-seed-prebsc-1-s1.binance.org, dev.api.trustlesswork.com, docs.morph.network, docs.tempo.xyz, eth.llamarpc.com, faucet.circle.com, flare-api.flare.network, forno.celo-sepolia.celo-testnet.org, forno.celo.org, gateway-sandbox.circle.com, gateway.circle.com, gateway.spacerouter.org, mainnet.base.org, mainnet.optimism.io, mainnet.unichain.org, mainnet3.creditcoin.network, mcp.local, morph-rails.morph.network, n-payment.dev, rpc-gel.inkonchain.com, rpc-hoodi.morph.network, rpc-quicknode.morphl2.io, rpc.cc3-testnet.creditcoin.network, rpc.goat.network, rpc.initia.xyz, rpc.initiation-2.initia.xyz, rpc.moderato.tempo.xyz, rpc.tempo.xyz, rpc.testnet3.goat.network, s.altnet.rippletest.net, sepolia-rollup.arbitrum.io, sepolia.base.org, songbird-api.flare.network, soroban-testnet.stellar.org, soroban.stellar.org, stellar.expert, www.x402.org, x402.org, xrpl-facilitator-mainnet.t54.ai, xrpl-facilitator-testnet.t54.ai, xrplcluster.com

Source & flagged code

3 flagged · loading source
dist/index.mjsView file
45// src/ows/wallet.ts L46: import { privateKeyToAccount as privateKeyToAccount3 } from "viem/accounts"; L47: ... L54: import { privateKeyToAccount } from "viem/accounts"; L55: var FUNDER_KEY = process.env.N_PAYMENT_FAUCET_KEY; L56: var MIN_GAS = parseEther("0.001"); ... L73: const wc = createWalletClient({ account: funder, chain, transport: http(this.chainConfig.rpcUrl) }); L74: const hash = await wc.sendTransaction({ to: recipient, value: parseEther("0.005") }); L75: await pub.waitForTransactionReceipt({ hash }); ... L82: try { L83: const res = await fetch("https://faucet.circle.com/api/drip", { L84: method: "POST",
Critical
Wallet Drain

Source uses private key material to transfer cryptocurrency funds.

dist/index.mjsView on unpkg · L45
45Trigger-reachable chain: manifest.module -> dist/index.mjs L45: // src/ows/wallet.ts L46: import { privateKeyToAccount as privateKeyToAccount3 } from "viem/accounts"; L47: ... L54: import { privateKeyToAccount } from "viem/accounts"; L55: var FUNDER_KEY = process.env.N_PAYMENT_FAUCET_KEY; L56: var MIN_GAS = parseEther("0.001"); ... L73: const wc = createWalletClient({ account: funder, chain, transport: http(this.chainConfig.rpcUrl) }); L74: const hash = await wc.sendTransaction({ to: recipient, value: parseEther("0.005") }); L75: await pub.waitForTransactionReceipt({ hash }); ... L82: try { L83: const res = await fetch("https://faucet.circle.com/api/drip", { L84: method: "POST",
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/index.mjsView on unpkg · L45
dist/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = n-payment@0.30.0 matchedIdentity = npm:bi1wYXltZW50:0.30.0 similarity = 0.900 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.jsView on unpkg

Findings

3 Critical3 Medium5 Low
CriticalWallet Draindist/index.mjs
CriticalTrigger Reachable Dangerous Capabilitydist/index.mjs
CriticalPrevious Version Dangerous Deltadist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings