npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

x402-qai

v0.3.0

Published

Test x402 endpoints before your users do.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

0nchaindevex0nchaindevex

Keywords

x402paymentscompliancescannervalidator

Readme

x402-qai

Test x402 endpoints before your users do.

x402-qai is a compliance scanner and payment-flow validator for the x402 protocol. It checks discovery responses, headers, pricing, error handling, and optionally validates live payment flows.

Install

npm install -g x402-qai

Quick Start

Scan a single endpoint:

x402-qai https://your-api.com/protected-resource

Scan multiple endpoints from a file:

x402-qai --file urls.txt

Run in CI with a minimum score threshold:

x402-qai --file urls.txt --ci --threshold 80

CLI Reference

Usage: x402-qai [url] [options]

Arguments:
  url                    URL of the x402 endpoint to scan

Options:
  --pay                  Enable live payment flow testing (default: false)
  --json                 Output machine-readable JSON
  --ci                   Strict mode: exit 1 on score below threshold
  --threshold <n>        Score threshold for --ci mode (default: 70)
  --max-amount <n>       Maximum payment amount (e.g. 0.01)
  --file <path>          File containing URLs to scan (one per line)
  --timeout <ms>         Request timeout in milliseconds (default: 10000)
  --watch <seconds>      Watch mode: re-scan every N seconds (single URL only)
  -V, --version          Output the version number
  -h, --help             Display help

URL File Format

# endpoints.txt
# Lines starting with # are comments
https://api.example.com/v1/data
https://api.example.com/v1/premium

# Empty lines are ignored
https://other-api.com/resource

Exit Codes

| Code | Meaning | |------|---------| | 0 | All checks passed | | 1 | One or more checks failed (or score below threshold in --ci mode) | | 2 | Scanner error (network failure, invalid input) |

Example Output

x402-qai report
URL: https://api.example.com/v1/data
Time: 2026-04-08T12:00:00.000Z

Rules
[PASS] Endpoint returns 402 without payment
  Endpoint correctly returns 402 Payment Required.
[PASS] Discovery payload is valid JSON
  Response body is valid JSON.
[PASS] Required fields present
  All required x402 fields are present.
[FAIL] Price amount is valid and positive
  Amount "abc" is not a valid positive number.
  -> Set amount to a positive numeric string (e.g. "0.01").

Score Breakdown
  discovery        40/40 (100%)
  headers          15/20 (75%)
  paymentFlow      20/25 (80%)
  errorHandling    10/15 (67%)

Overall: 85/100 PASS

Batch Output

When scanning multiple URLs, a summary is appended:

Batch Summary

  PASS  85/100  https://api.example.com/v1/data
  FAIL  45/100  https://api.example.com/v1/broken

1/2 passed, average score: 65/100

Watch Mode

Monitor an endpoint continuously and see changes over time:

x402-qai https://your-api.com/protected-resource --watch 30

Watch mode re-scans the endpoint every N seconds (default 30) and prints timestamped results with deltas showing score changes, new failures, and recovered passes. Press Ctrl+C to stop.

Watch mode only works with a single URL (not batch mode).

--- [2026-04-09T12:00:00.000Z] iteration #1 ---
  URL: https://your-api.com/protected-resource
  Score: 85/100  PASS

--- [2026-04-09T12:00:30.000Z] iteration #2 ---
  URL: https://your-api.com/protected-resource
  Score: 85/100  PASS
  Score: 85 (no change)

--- [2026-04-09T12:01:00.000Z] iteration #3 ---
  URL: https://your-api.com/protected-resource
  Score: 70/100  FAIL
  Failed rules: price-valid, amount-positive
  Score: 85 -> 70 (-15)
  New failures: price-valid, amount-positive

GitHub Actions

Use x402-qai as a GitHub Action in your CI pipeline:

name: x402 Compliance
on: [push, pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Scan x402 endpoint
        uses: tyler-james-bridges/x402-qai@main
        with:
          url: https://your-api.com/protected-resource
          threshold: 80

Action Inputs

| Input | Required | Default | Description | |-------|----------|---------|-------------| | url | No* | | Endpoint URL to scan | | urls-file | No* | | Path to file with URLs (one per line) | | threshold | No | 70 | Minimum passing score (0-100) | | pay | No | false | Enable payment testing | | max-amount | No | 0.01 | Maximum payment amount in USD |

*At least one of url or urls-file is required.

Batch scanning in CI

      - name: Scan multiple endpoints
        uses: tyler-james-bridges/x402-qai@main
        with:
          urls-file: endpoints.txt
          threshold: 75

Payment flow testing in CI

      - name: Scan with payment testing
        uses: tyler-james-bridges/x402-qai@main
        with:
          url: https://your-api.com/protected-resource
          pay: true
          max-amount: '0.005'

Scoring

Endpoints are scored 0-100 across four categories:

  • Discovery - correct 402 status, valid JSON payload, required fields
  • Headers - proper content-type, cache headers
  • Payment Flow - valid scheme, network, asset, amount
  • Error Handling - meaningful error responses, timeout behavior

Part of QAI

x402-qai is part of the QAI ecosystem of quality assurance tools for Web3 protocols.

License

MIT