npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@pausesecure/x402-risk

v1.0.0

Published

PAUSE Risk Extension for x402 — risk-score every payTo address before payment

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

pause-securepause-secure

Keywords

x402pauserisksecurityblockchainethereumpaymentagentairisk-scoringaddress-screening

Readme

@pause/x402-risk

PAUSE Risk Extension for x402 — risk-score every address before payment.

Stop AI agents from paying malicious addresses. @pause/x402-risk adds PAUSE Risk Engine scoring to the x402 payment protocol, blocking payments to high-risk wallets before any money moves.

Works with @x402/fetch, @x402/axios, Express, Hono, and any custom x402 flow.

Why

x402 lets agents pay for resources over HTTP. But agents pay whatever address the server tells them to — blindly.

  • The 402Bridge hack drained 200+ users' USDC
  • x402 V2's dynamic payTo routing means addresses can change per-request
  • AI agents executing payments autonomously have no human oversight

@pause/x402-risk fixes this. Every payTo address is scanned across 11 Bayesian risk signals before your agent signs anything. HIGH risk = payment blocked. Zero funds lost.

Install

npm install @pause/x402-risk

Quick Start — Client (Protect Your Agent)

import { wrapFetchWithPayment } from "@x402/fetch";
import { x402Client } from "@x402/core/client";
import { registerExactEvmScheme } from "@x402/evm/exact/client";
import { privateKeyToAccount } from "viem/accounts";
import { createRiskGuard, wrapFetchWithRiskGuard } from "@pause/x402-risk/client";

// Setup x402 client (standard)
const client = new x402Client();
registerExactEvmScheme(client, {
  signer: privateKeyToAccount(process.env.EVM_PRIVATE_KEY as `0x${string}`),
});

// Add PAUSE risk guard — ONE LINE
const guard = createRiskGuard({ minScore: 40 });

// Wrap fetch with both payment and risk
const safeFetch = wrapFetchWithRiskGuard(
  wrapFetchWithPayment(fetch, client),
  guard
);

// Every payment is now risk-scored automatically
const response = await safeFetch("https://api.example.com/paid-endpoint");

If the payTo address scores below 40 (HIGH risk), the payment is blocked and a PaymentBlockedError is thrown. No signature. No gas. No funds lost.

Quick Start — Server (Protect Your Service)

import express from "express";
import { paymentMiddleware } from "@x402/express";
import { createRiskMiddleware } from "@pause/x402-risk/server";

const app = express();

// Add PAUSE risk check BEFORE x402 payment middleware
app.use(createRiskMiddleware({ minScore: 40 }));

// Standard x402 paywall
app.use(paymentMiddleware({ /* your routes */ }, resourceServer));

Payers with HIGH risk wallets are rejected with a 403 before your endpoint runs.

Configuration

const guard = createRiskGuard({
  // Required
  minScore: 40,           // Block addresses scoring below this (0-100)

  // Optional
  riskEngineUrl: "https://api.pausescan.com",  // PAUSE Risk Engine URL
  apiKey: "pk_...",       // Pro API key (50 free scans/month without)
  warnScore: 70,          // Trigger onWarning callback below this score
  cacheTtlMs: 300000,     // Cache scores for 5 minutes (default)
  timeoutMs: 5000,        // Risk engine timeout (default)
  failOpen: false,        // true = allow payment if engine is down

  // Address lists
  allowlist: ["0xYourWallet", "0xTrustedPartner"],
  blocklist: ["0xKnownScammer"],

  // Callbacks
  onBlocked: (assessment, payTo) => { /* log, alert, etc */ },
  onWarning: (assessment, payTo) => { /* caution logging */ },
  onAssessment: (assessment, payTo) => { /* every scan */ },
});

Risk Scoring

The PAUSE Risk Engine analyzes each address across 11 independent Bayesian signals:

| Signal | Weight | What It Detects | |---|---|---| | Mixer Exposure | 0.45 | Tornado Cash and mixing service interaction | | Draining Pattern | 0.30 | Wallet drainer behavior (approve + sweep) | | Exchange Cluster | 0.25 | Proximity to exchange hot/cold wallets | | Sweep Pattern | 0.25 | Funds consolidation into single address | | TX Burst Anomaly | 0.20 | Bot-like transaction volume spikes | | Scam Graph | 0.20 | Connections to reported scam addresses | | Dusting Attack | 0.15 | Micro-transactions for wallet tracking | | ENS Authenticity | 0.15 | ENS domain ownership verification | | Rival Consensus | 0.15 | Cross-reference with external scoring | | Wallet Age | 0.10 | Account creation date and activity | | Balance Volatility | 0.10 | Abnormal balance fluctuation patterns |

Signals are combined using log-odds Bayesian scoring with correlation discounting to produce a single 0-100 safety score.

| Score | Risk | Action | |---|---|---| | 70-100 | SAFE | Payment proceeds normally | | 40-70 | MEDIUM | Payment proceeds, onWarning fires | | 0-40 | HIGH | Payment BLOCKED, PaymentBlockedError thrown |

Standalone Usage (No x402)

Use the risk engine directly for any address screening:

import { PauseRiskEngine } from "@pause/x402-risk";

const engine = new PauseRiskEngine();
const result = await engine.scan("0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045");

console.log(result.score);    // 87
console.log(result.risk);     // "SAFE"
console.log(result.signals);  // Array of 11 signal results

Error Handling

import { PaymentBlockedError, RiskEngineUnavailableError } from "@pause/x402-risk";

try {
  const response = await safeFetch("https://api.example.com/paid");
} catch (error) {
  if (error instanceof PaymentBlockedError) {
    // Address was HIGH risk — payment blocked, no funds lost
    console.log(error.assessment.score);  // e.g., 23
    console.log(error.assessment.risk);   // "HIGH"
    console.log(error.payTo);             // "0x..."
  }
  if (error instanceof RiskEngineUnavailableError) {
    // Risk engine down and failOpen=false
    console.log(error.payTo);
  }
}

API Reference

Client

| Export | Description | |---|---| | createRiskGuard(config) | Create a risk guard instance | | wrapFetchWithRiskGuard(fetch, guard) | Wrap fetch with risk checking | | createRiskCheck(config) | Standalone risk check function |

Server

| Export | Description | |---|---| | createRiskMiddleware(config) | Express/Connect middleware | | createPayerCheck(config) | Standalone payer check function |

Core

| Export | Description | |---|---| | PauseRiskEngine | Direct risk engine client | | PaymentBlockedError | Error thrown when payment is blocked | | RiskEngineUnavailableError | Error thrown when engine is unreachable |

Links

License

MIT — PAUSE (Pre-Authorization Unified Security Engine)