x402 No license 8 versions

x402

npm Repository Homepage

8

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

erik_cbcarsonroscoe_cb

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:wagmi	AI (dependencies): wagmi is a well-established Ethereum React hooks library; unvetted status reflects registry gap, not actual risk for this payment protocol package.	ai	2026/04/25
dependencies	unvetted-dep:@wallet-standard/app	AI (dependencies): @wallet-standard/app is a standard wallet interface package from the Solana ecosystem; legitimate dependency for a multi-chain payment SDK.	ai	2026/04/25
dependencies	unvetted-dep:@wallet-standard/base	AI (dependencies): @wallet-standard/base is a standard wallet interface package from the Solana ecosystem; legitimate dependency for a multi-chain payment SDK.	ai	2026/04/25
dependencies	unvetted-dep:@wallet-standard/features	AI (dependencies): @wallet-standard/features is a standard wallet interface package from the Solana ecosystem; legitimate dependency for a multi-chain payment SDK.	ai	2026/04/25
dependencies	unvetted-dep:@solana/wallet-standard-features	AI (dependencies): @solana/wallet-standard-features is an official Solana wallet standard package; legitimate dependency for a multi-chain payment SDK.	ai	2026/04/25
dependencies	unvetted-dep:@solana-program/token	AI (dependencies): @solana-program/token is an official Solana program client; legitimate dependency for a Solana-capable payment protocol.	ai	2026/04/25
dependencies	unvetted-dep:@solana-program/token-2022	AI (dependencies): @solana-program/token-2022 is an official Solana program client; legitimate dependency for a Solana-capable payment protocol.	ai	2026/04/25
dependencies	unvetted-dep:@solana-program/compute-budget	AI (dependencies): @solana-program/compute-budget is an official Solana program client; legitimate dependency for a Solana-capable payment protocol.	ai	2026/04/25
phantom-deps	phantom-dep:wagmi	AI (phantom-deps): wagmi referenced in config files for a multi-chain payment SDK is expected; not a security concern.	ai	2026/04/25
phantom-deps	phantom-dep:@wallet-standard/app	AI (phantom-deps): Wallet standard packages referenced in config for a multi-chain SDK is expected; not a security concern.	ai	2026/04/25
phantom-deps	phantom-dep:@wallet-standard/base	AI (phantom-deps): Wallet standard packages referenced in config for a multi-chain SDK is expected; not a security concern.	ai	2026/04/25
phantom-deps	phantom-dep:@wallet-standard/features	AI (phantom-deps): Wallet standard packages referenced in config for a multi-chain SDK is expected; not a security concern.	ai	2026/04/25
phantom-deps	phantom-dep:@solana/wallet-standard-features	AI (phantom-deps): Solana wallet standard packages referenced in config for a multi-chain SDK is expected; not a security concern.	ai	2026/04/25

Versions (showing 8 of 8)

Version	Deps	Published
1.2.0	13 / 26	2026-04-16
1.1.0	13 / 26	2025-12-23
1.0.1	13 / 26	2025-12-10
0.8.0	13 / 26	2025-12-09
0.7.3	13 / 26	2025-11-22
0.7.2	13 / 26	2025-11-13
0.7.1	13 / 26	2025-10-30
0.7.0	9 / 26	2025-10-27

v1.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.8.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.