npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

crawltoll

v1.1.0

Published

Turn AI scraping into revenue. One-command x402 (HTTP-402) paywall: AI crawlers pay USDC per fetch, humans browse free.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

timothywaltontimothywalton

Keywords

x402http-402micropaymentsai-agentsagentic-webusdcbasecrawlerpaywallllms-txtagents-jsonmachine-paymentsscrapingmonetizationap2agent-payments-protocola2apay-per-crawlcoinbaseverifiable-credentialsmandatew3c-vcgemini

Readme

CRAWLTOLL™

Turn AI scraping into revenue. One-command x402 (HTTP-402) paywall: AI crawlers pay USDC per fetch, humans browse free.

By Script Master Labs LLC — built for the agentic web.

AP2-compatible: CRAWLTOLL settles via x402 — the stablecoin rail of Google's Agent Payments Protocol (A2A x402 extension, built with Coinbase). Coinbase's own AP2 launch cites per-crawl fees and paying for data crawls as flagship x402 use cases — that's exactly what CRAWLTOLL does.

AP2 Mandate Verification (v1.1.0)

CRAWLTOLL is AP2-native — it verifies Google Agent Payments Protocol mandates, not just x402 payments.

When an AI agent (e.g. Gemini Spark via AP2/Universal Cart) presents an X-AP2-MANDATE header, CRAWLTOLL validates the W3C Verifiable Credential bundle before honoring payment:

  • Intent Mandate — was the agent authorized for this resource, within this price cap, before this TTL?
  • Cart Mandate — does the locked total match what's being charged?
  • Payment Mandate — is the charge itself signed?

Signatures verified via ECDSA P-256 / SHA-256 over JCS-canonicalized claims (RFC 8785), per the AP2 spec.

const crawltoll = require("crawltoll");
app.use(crawltoll({
  ap2Mode: "required",                    // "off" | "optional" | "required"
  ap2TrustedIssuers: { "did:...#key": pubKeyPem },
}));

This is the difference between x402-compatible (a wallet paid) and AP2-native (the agent proved it was authorized to pay). Settlement still rides x402 — USDC on Base.

How it works

  1. Your site gets a 3-line middleware
  2. Bot/agent traffic hits HTTP 402 with machine-readable x402 payment terms (USDC on Base)
  3. Agent sends X-PAYMENT header → verified + settled via facilitator → content unlocks instantly
  4. Every fetch = USDC in your wallet. Revenue ledger + stats built in.

Quick start

npx crawltoll init

Generates crawltoll.config.json, llms.txt, agents.json, and robots.txt additions.

const crawltoll = require("crawltoll");
app.use(crawltoll()); // Express/Connect — reads crawltoll.config.json

Or run the standalone toll server (Render-ready, render.yaml included):

node server.js

Test it

curl -A "GPTBot" https://yoursite.com/page   # → 402 + payment terms
curl https://yoursite.com/page                # → humans free
npx crawltoll stats                           # → revenue

Config (crawltoll.config.json)

| Key | Default | | |---|---|---| | payTo | — | Your USDC wallet (Base) | | network | base | or base-sepolia for testing | | priceUSDC | 0.005 | price per fetch | | freePaths | discovery files | always open | | chargeHumans | false | flip to gate everything |

Detected agents

GPTBot, ClaudeBot, PerplexityBot, Google-Extended, Bytespider, CCBot, Amazonbot, Applebot-Extended, Meta, generic bots/scrapers (curl, python-requests, axios, headless browsers), and anything already speaking x402.

MIT © Script Master Labs LLC