npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@blockwavelabs/receipt-proof

v0.1.4

Published

Verify receipt inclusion and settlement anchors without depending on private packages.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

sskys18sskys18

Keywords

settlementreceiptmerkleverifierproof

Readme

@blockwavelabs/receipt-proof

Verify receipt inclusion proofs and settlement anchors without importing private packages.

Npm package: https://www.npmjs.com/package/@blockwavelabs/receipt-proof

Package Contents

The npm artifact is intentionally dist-only: dist/*.js, dist/*.d.ts, README.md, LICENSE, NOTICE, and package.json. TypeScript src/ files and source maps are not published.

Quickstart

npm install @blockwavelabs/receipt-proof

CLI

For the normal proof check, you need a receipt ID and the proof JSON evidence. No API URL or RPC is required.

receipt-proof rcpt_... --proof proof.json --json

The --proof file can be a raw proof object or a @blockwavelabs/demo-payer JSON/JSONL result containing a nested proof object:

receipt-proof rcpt_... --proof receipts.jsonl --json

JavaScript API

Verify a proof object or a @blockwavelabs/demo-payer result bundle:

import { verifyReceiptProofInput } from '@blockwavelabs/receipt-proof';

const result = verifyReceiptProofInput(demoPayerResult, 'rcpt_...');
console.log(result.checks.verified);

Fetch proof evidence from an API when you are building an operator-side tool:

import { SettlementVerifier } from '@blockwavelabs/receipt-proof';

const verifier = new SettlementVerifier({
  baseUrl: 'https://api.example.com',
  apiKey: process.env.RECEIPT_API_KEY,
});

const result = await verifier.verifyReceipt('rcpt_...');
console.log(result.verified, result.checks, result.evidence);

Offline Proof JSON

The proof JSON is the evidence object returned by the proof API or exported by an operator. You can verify it without API or RPC access:

receipt-proof proof proof.json rcpt_... --json

Low-level API:

import { verifyReceiptProof } from '@blockwavelabs/receipt-proof';

const result = verifyReceiptProof(proofJson, 'rcpt_...');

Optional On-Chain Anchor Check

If you want the CLI to fetch the proof JSON for you, pass an API URL. While the proof endpoint is API-key gated, pass an auditor/operator key.

receipt-proof receipt rcpt_... \
  --api-url https://api.example.com \
  --api-key "$RECEIPT_API_KEY" \
  --json

For a stronger check, the fetch mode can also verify the on-chain anchor if you add your own RPC and the deployed SettlementManager address. These are optional; no default RPC is baked in.

receipt-proof receipt rcpt_... \
  --api-url https://api.example.com \
  --api-key "$RECEIPT_API_KEY" \
  --rpc-url "$SETTLEMENT_RPC_URL" \
  --contract "$SETTLEMENT_CONTRACT_ADDRESS" \
  --confirmations 3 \
  --require-anchor \
  --json

Verification Model

The verifier checks:

  • the proof response is bound to the requested receiptId
  • the Merkle proof recomputes to merkleRoot
  • merkleRoot equals the batch payloadHash
  • when RPC + contract address are configured, the anchor tx emitted SettlementBatchCommitted(batchId, payloadHash, ...)

No default RPC endpoint is baked in. External auditors should provide their own RPC.

Current v0.1 Limits

  • Leaf scheme is receipt-id-keccak-v1: leafHash = keccak256(utf8(receiptId)). It proves receipt ID inclusion, not payload binding. Payload-bound leaves require the ADR-035 leaf-scheme v2 migration.
  • The current proof endpoint is API-key gated. Public anonymous or ownership-scoped proof access is separate server work.
  • Current receipt IDs are timestamp/random strings, not UUIDv4. Public proof exposure should resolve sibling-hash leakage with UUIDv4 IDs or a batch-scoped salt before anonymous access.
  • Dist-only publishing does not make the verifier algorithm private. Published JavaScript remains inspectable, which is expected for the external verification path.