@solsentry/guard
v0.1.0
Published
Pre-sign transaction guard for Solana — program safety, address-poisoning screen, and signature-phishing decode over the free SolSentry threat-intel API
Maintainers
Readme
@solsentry/guard
Pre-sign transaction guard for Solana wallets and dapps, backed by the SolSentry threat-intelligence API.
Ask one question before your user signs: is anything in this transaction a
known threat? The SDK extracts the programs a transaction touches, checks
them against SolSentry's operator-risk data, screens recipient addresses for
address-poisoning lookalikes, and decodes common signature-phishing vectors —
then returns a single worst-case verdict: safe · unknown · caution · dangerous.
Free public API underneath — no API key required. Every risk verdict is
auditable per-mint at https://api.solsentry.app/v1/predictions/{mint}.
Install
npm install @solsentry/guardQuickstart
import { SolSentryGuard } from "@solsentry/guard";
const guard = new SolSentryGuard();
// Before your wallet signs anything:
const advice = await guard.analyzeBeforeSign(transactionBytes);
if (advice.verdict === "dangerous") {
// block, or show the findings to the user
console.warn(advice.findings);
}Individual checks
// Program safety (is this program associated with drains/rugs?)
const report = await guard.analyzeProgram("675kPX9MHTjS2zt1qfr1NYHuzeLXfQM9H24wFSUt1Mp8");
// Address-poisoning screen (lookalike of an address you've seen before?)
const look = await guard.checkLookalike(candidate, knownAddresses);// Signature-phishing vector decode (no network call — pure local heuristics)
import { decodeSignaturePhishing } from "@solsentry/guard/phishing";
const warnings = decodeSignaturePhishing({ instructions });What it is / isn't
- It's a thin client over the free SolSentry REST API plus local heuristics — auditable, no magic.
- It is not a guarantee. Verdicts reflect SolSentry's live operator-risk
data; new operators start as
unknown. Treatdangerousas a hard block andcautionas "show the user why".
License
MIT
