npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@ninjapay/sdk

v0.1.0

Published

Official NinjaPay TypeScript SDK — borderless and confidential commerce on Solana

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

bprimebprime

Keywords

ninjapaysolanastripepaymentsx402umbraprivacystablecoin

Readme

@ninjapay/sdk

Official TypeScript SDK for NinjaPay — borderless and confidential commerce on Solana. Stripe-portable merchant API + private x402 facilitator for AI agents + multi-recipient stablecoin payroll, with privacy-by-default via the Umbra Privacy SDK.

Install

npm install @ninjapay/sdk
# or
pnpm add @ninjapay/sdk
# or
yarn add @ninjapay/sdk

Requires Node.js ≥ 20.

Quick start

import { NinjaPayClient } from '@ninjapay/sdk';

const ninjapay = new NinjaPayClient({
  apiKey: process.env.NINJAPAY_API_KEY!, // nk_live_…
  baseUrl: 'https://api.ninjapay.finance', // omit for default
});

// Create a payment link
const link = await ninjapay.paymentLinks.create({
  amount: '49.99',
  currency: 'USDC',
  description: 'Pro plan — annual',
});
console.log(link.url); // https://checkout.ninjapay.finance/pay/<id>

// List recent payment intents
const { data } = await ninjapay.paymentIntents.list({ limit: 25 });

Resources

The client exposes a Stripe-style resource surface:

  • client.paymentIntents — intent lifecycle (create, retrieve, list, cancel)
  • client.paymentLinks — hosted-checkout link management
  • client.refunds — full + partial refunds
  • client.customers — customer CRUD + summaries
  • client.subscriptions — recurring billing
  • client.invoices — invoice generation + filing
  • client.webhooks — webhook endpoint registration
  • client.disputes — dispute lifecycle
  • client.connectedAccounts — Stripe-Connect-portable
  • client.transfers — direct on-chain transfers
  • client.payroll.{employees,batches,taxFilings} — multi-recipient payroll
  • client.x402Endpoints / client.x402Attestations — x402 facilitator
  • client.accountClaims — recipient claim flow

See the API reference for full method signatures, request/response shapes, and error codes.

Webhook signature verification

Webhook verification helpers ship at the @ninjapay/sdk/webhooks subpath (separate from the main client) because they statically import node:crypto — which is unavailable in browser bundles. Server-side handlers use:

import { verifyWebhookSignature } from '@ninjapay/sdk/webhooks';

app.post('/webhooks/ninjapay', (req, res) => {
  const result = verifyWebhookSignature({
    body: req.rawBody, // Buffer or string of the raw request body
    header: req.headers['x-ninjapay-signature']!,
    secret: process.env.NINJAPAY_WEBHOOK_SECRET!,
  });

  if (!result.ok) {
    return res.status(400).json({ error: result.reason });
  }

  const event = result.event; // typed WebhookEvent
  switch (event.type) {
    case 'payment_intent.succeeded':
      // handle settlement
      break;
    case 'refund.succeeded':
      // handle refund
      break;
  }

  res.json({ received: true });
});

The verifier:

  1. Parses the X-NinjaPay-Signature header (t=<unix-secs>,v1=<hex-hmac>)
  2. Asserts the timestamp is within the tolerance window (default ±5 min)
  3. Recomputes HMAC-SHA256 over <t>.<body> keyed by your webhook secret
  4. Constant-time compares — returns a discriminated { ok, reason? }

Mirrors packages/webhook-delivery/src/signature.ts byte-for-byte.

Errors

All resource methods throw one of three branded errors:

  • NinjaPayApiError — API returned 4xx/5xx with a structured body
  • NinjaPayNetworkError — fetch failed (DNS, connection, timeout)
  • NinjaPayResponseShapeError — response didn't match Zod schema
import {
  NinjaPayApiError,
  NinjaPayNetworkError,
  NinjaPayResponseShapeError,
} from '@ninjapay/sdk';

try {
  await ninjapay.paymentIntents.create({ /* ... */ });
} catch (err) {
  if (err instanceof NinjaPayApiError) {
    // err.status, err.body, err.requestId
  } else if (err instanceof NinjaPayNetworkError) {
    // retryable
  }
}

Idempotency

All mutating endpoints accept an Idempotency-Key header — pass it via the optional second arg:

await ninjapay.refunds.create(
  { paymentIntentId: 'pi_…', amount: '12.50' },
  { idempotencyKey: 'refund-2026-05-22-001' },
);

Same key + same body within the TTL window returns the cached result. Same key + different body returns 422.

Versioning

This SDK follows semver:

  • Patch (0.1.x) — bug fixes, internal-only refactors
  • Minor (0.x.0) — new resources, new methods, additive type fields
  • Major (x.0.0) — breaking changes to public API surface

Pre-1.0, minor versions may include breaking changes — pin to an exact version ("@ninjapay/sdk": "0.1.0") for production use until 1.0.

The API surface (/v1/) is versioned independently. Breaking API changes will land at /v2/ with a deprecation window — the SDK supports the latest two API versions.

Telemetry

The SDK does not collect telemetry. All observability is server-side via OpenTelemetry on the NinjaPay platform itself.

Development

# from the monorepo root
pnpm install
pnpm -F @ninjapay/sdk build
pnpm -F @ninjapay/sdk test

To publish (maintainers only):

cd packages/sdk
npm login
pnpm publish --access public

License

Apache-2.0