x402-surface-check 0.2.1 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +1 -1
  2. package/bin/x402-surface-check.mjs +14 -1
  3. package/package.json +1 -1
package/README.md CHANGED
@@ -14,7 +14,7 @@ npx --yes x402-surface-check --endpoint --method POST https://x402.rpc.ankr.com/
14
14
 
15
15
  ## What It Checks
16
16
 
17
- - Manifest endpoint discovery from `endpoints[]`, `x402Endpoints`, category arrays, resource strings, and OpenAPI paths
17
+ - Manifest endpoint discovery from `items[]`, `endpoints[]`, `x402Endpoints`, category arrays, resource strings, and OpenAPI paths
18
18
  - No-payment HTTP 402 challenge shape
19
19
  - x402 v1 and v2 price fields
20
20
  - MPP `WWW-Authenticate: Payment` challenges
package/bin/x402-surface-check.mjs CHANGED
@@ -151,6 +151,19 @@ function endpointEntries(document, sourceUrl, limit) {
151
151
  }
152
152
  }
153
153
 
154
+ if (Array.isArray(document.items)) {
155
+ for (const item of document.items) {
156
+ if (item?.type && item.type !== 'http') continue
157
+ const rawPath = item?.resource ?? item?.url ?? item?.endpoint ?? item?.path
158
+ if (!rawPath) continue
159
+ entries.push({
160
+ name: item.metadata?.name ?? item.id ?? item.name ?? String(rawPath).split('/').filter(Boolean).at(-1) ?? String(rawPath),
161
+ url: endpointUrl(rawPath, baseUrl, sourceUrl),
162
+ method: String(item.method ?? 'GET').toUpperCase(),
163
+ })
164
+ }
165
+ }
166
+
154
167
  if (document.openapi && document.paths && typeof document.paths === 'object') {
155
168
  const baseUrl = document.servers?.find(server => typeof server?.url === 'string')?.url
156
169
  ?? sourceUrl
@@ -385,7 +398,7 @@ function findingList(documentResult, challengeResults, preflightResults, entries
385
398
  }
386
399
 
387
400
  if (entries.length === 0) {
388
- findings.push('P1 - Document does not expose any manifest, OpenAPI, category, or resource endpoints for no-payment probes.')
401
+ findings.push('P1 - Document does not expose any manifest, OpenAPI, item, category, or resource endpoints for no-payment probes.')
389
402
  }
390
403
 
391
404
  for (const result of challengeResults) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "x402-surface-check",
3
- "version": "0.2.1",
3
+ "version": "0.2.2",
4
4
  "description": "No-payment x402 public-surface checker for manifests, OpenAPI specs, and HTTP 402 challenges.",
5
5
  "type": "module",
6
6
  "bin": {