pelecard-payment-gateway

Fail

Audited by Socket on Jun 13, 2026

1 alert found:

Obfuscated File
Obfuscated FileHIGH
references/domain-checklist.md

The integration model is sound in prioritizing server-side verification and deduplication, with a strong stance against trusting IPNs alone. Key security concerns to verify in implementation include protecting Phase-1/ConfirmationKey storage, securing PelecardTransactionId and DebitTotal within GetTransaction flows, robust idempotency and replay protection, strict least-privilege handling for credentials, careful logging controls, and explicit controls around ActionType handling to prevent silent mischarging. Given the complexity and breadth of features (tokenization, 3DS2, Apple Pay, refunds, and reconciliation), the supply-chain risk is medium to high if proper controls are not enforced; ensure explicit cryptographic validation of IPNs where applicable, secure storage and rotation of secrets, and comprehensive monitoring for anomalous flows.

Confidence: 90%
Audit Metadata
Analyzed At
Jun 13, 2026, 10:26 PM
Package URL
pkg:socket/skills-sh/skills-il%2Ftax-and-finance%2Fpelecard-payment-gateway%2F@719fa4d28a5390242a7cfc752b145901edd005c01f2d95c2c9e0ffbc42bf67f9
Security Audit — socket — pelecard-payment-gateway