Skip to main content

REST API documentation

Stacklok Insight API (v2)

Download OpenAPI specification:Download

Stacklok Insight API

Dependencies

Get Dependencies Id

Fetch the dependencies for a package given its id. This includes the package's name, version, description, and other metadata about contributors.

Query Parameters:

  • package_name (str): Name of the package.
  • package_type (PackageType): Type of package.
  • package_version (Optional[str]): Optional version - defaults to latest if unspecified.
  • filter (Optional[str]): CEL filter code to apply.
  • sort_by (Optional[List[str]]): List of fields to sort by.
  • sort_order (Optional[List[str]]): Corresponding list of sort orders.
  • recurse_limit (int): Maximum depth of recursion. Upper limit - should automatically stop at leaf nodes.
  • page_from (int): Pagination start.
  • page_to (int): Pagination end.

For details on how to use the filter look at the CEL docs Some examples:

  • node.score == 0.0
  • node.score > 0.0 && node.score < 5
  • "Apache-2.0" in node.claims
Authorizations:
HTTPBearer
path Parameters
id
required
string <uuid> (Id)
query Parameters
Filter (string) or Filter (null) (Filter)
Array of Sort By (strings) or Sort By (null) (Sort By)
Default: ""
Array of Sort Order (strings) or Sort Order (null) (Sort Order)
Default: ""
recurse_limit
integer (Recurse Limit)
Default: 3
page_from
integer (Page From)
Default: 0
page_to
integer (Page To)
Default: 100

Responses

Response samples

Content type
application/json
{
  • "@context": { },
  • "summary": {
    },
  • "dependencies": [
    ]
}

Get Dependencies

Fetch the dependencies for a package given its name version and type. This includes the package's name, version, description, and other metadata about contributors.

Query Parameters:

  • package_name (str): Name of the package.
  • package_type (PackageType): Type of package.
  • package_version (Optional[str]): Optional version - defaults to latest if unspecified.
  • filter (Optional[str]): CEL filter code to apply.
  • sort_by (Optional[List[str]]): List of fields to sort by.
  • sort_order (Optional[List[str]]): Corresponding list of sort orders.
  • recurse_limit (int): Maximum depth of recursion. Upper limit - should automatically stop at leaf nodes.
  • page_from (int): Pagination start.
  • page_to (int): Pagination end.

For details on how to use the filter look at the CEL docs Some examples:

  • node.score == 0.0
  • node.score > 0.0 && node.score < 5
  • "Apache-2.0" in node.claims
Authorizations:
HTTPBearer
query Parameters
package_name
required
string (Package Name)
package_type
string (PackageType)
Default: "pypi"
Enum: "pypi" "npm" "crates" "maven" "go"
Package Version (string) or Package Version (null) (Package Version)
Default: ""
Filter (string) or Filter (null) (Filter)
Array of Sort By (strings) or Sort By (null) (Sort By)
Default: ""
Array of Sort Order (strings) or Sort Order (null) (Sort Order)
Default: ""
recurse_limit
integer (Recurse Limit)
Default: 3
page_from
integer (Page From)
Default: 0
page_to
integer (Page To)
Default: 100

Responses

Response samples

Content type
application/json
{
  • "@context": { },
  • "summary": {
    },
  • "dependencies": [
    ]
}

Packages

Get Package

Fetch the info for a package given its id. This includes the package's name, version, description, and other metadata about contributors.

Authorizations:
HTTPBearer
path Parameters
id
required
string <uuid> (Id)

Responses

Response samples

Content type
application/json
{
  • "package_name": "flask",
  • "package_type": "pypi",
  • "package_version": "3.0.3",
  • "package_data": {},
  • "status": "complete",
  • "summary": {
    },
  • "provenance": {
    },
  • "activity": {
    },
  • "typosquatting": {
    },
  • "alternatives": {
    },
  • "similar_package_names": [
    ],
  • "same_origin_packages_count": 1,
  • "has_triggered_reingestion": false
}

Post Package

Fetch the info for a package given its id. This includes the package's name, version, description, and other metadata about contributors.

Query Parameters:

  • package_name (str): Name of the package.
  • package_type (PackageType): Type of package.
  • package_version (Optional[str]): Optional version - defaults to latest if unspecified.
Authorizations:
HTTPBearer
Request Body schema: application/json
required
Array
string <uuid>

Responses

Request samples

Content type
application/json
[
  • "497f6eca-6276-4993-bfeb-53cbbbba6f08"
]

Response samples

Content type
application/json
[
  • {
    }
]

Get Pkg

Fetch the metadata for a package.

This includes the package's name, version, description, and other metadata about contributors.

Query Parameters:

  • package_name (str): Name of the package.
  • package_type (PackageType): Type of package.
  • package_version (Optional[str]): Optional version - defaults to latest if unspecified.
Authorizations:
HTTPBearer
query Parameters
package_name
required
string (Package Name)
package_type
string (PackageType)
Default: "pypi"
Enum: "pypi" "npm" "crates" "maven" "go"
Package Version (string) or Package Version (null) (Package Version)
Default: ""

Responses

Response samples

Content type
application/json
{}

Get Alternatives

This will return a list of alternative packages to the one requested.

It is based on AI and will try to provide something with similar functionality.

Query Parameters:

  • package_name (str): Name of the package.
  • package_type (PackageType): Type of package.
  • package_version (Optional[str]): Optional version - defaults to latest if unspecified.
Authorizations:
HTTPBearer
query Parameters
package_name
required
string (Package Name)
package_type
string (PackageType)
Default: "pypi"
Enum: "pypi" "npm" "crates" "maven" "go"
Package Version (string) or Package Version (null) (Package Version)
Default: ""

Responses

Response samples

Content type
application/json
{
  • "status": "complete",
  • "packages": [
    ]
}

Security Signals

Get Summary

Fetch a summary of Security Signal information for the package.

Query Parameters:

  • package_name (str): Name of the package.
  • package_type (PackageType): Type of package.
  • package_version (Optional[str]): Optional version - defaults to latest if unspecified.
Authorizations:
HTTPBearer
query Parameters
package_name
required
string (Package Name)
package_type
string (PackageType)
Default: "pypi"
Enum: "pypi" "npm" "crates" "maven" "go"
Package Version (string) or Package Version (null) (Package Version)
Default: ""

Responses

Response samples

Content type
application/json
{
  • "score": 8,
  • "description": {
    },
  • "status": "complete",
  • "updated_at": "2024-11-05T15:08:52.347662"
}

Get Similar

Similar packages are those that have similar names to others.

This may or may not be a sign of typosquatting, depending on the provenance of the packages.

Query Parameters:

  • package_name (str): Name of the package.
  • package_type (PackageType): Type of package.
  • package_version (Optional[str]): Optional version - defaults to latest if unspecified.
Authorizations:
HTTPBearer
query Parameters
package_name
required
string (Package Name)
package_type
string (PackageType)
Default: "pypi"
Enum: "pypi" "npm" "crates" "maven" "go"
Package Version (string) or Package Version (null) (Package Version)
Default: ""

Responses

Response samples

Content type
application/json
{
  • "similar_package_names": [
    ]
}

Get Same Origin

This will return a list of packages sharing the same repo as the one requested. This can be perfectly normal, many repos produce multiple artifacts, or it can be a sign of star-jacking, depending on the provenance of the packages.

Query Parameters:

  • package_name (str): Name of the package.
  • package_type (PackageType): Type of package.
  • package_version (Optional[str]): Optional version - defaults to latest if unspecified.
Authorizations:
HTTPBearer
query Parameters
package_name
required
string (Package Name)
package_type
string (PackageType)
Default: "pypi"
Enum: "pypi" "npm" "crates" "maven" "go"
token
string (Token)
Default: ""

Responses

Response samples

Content type
application/json
{
  • "next_token": "",
  • "same_origin_packages": [
    ]
}

Get Package Provenance

This will return the provenance of the package with respect to the package origins. Can it be linked with a repo?

This contains the number of tags in the repo, the number of versions of the package, a count of the common tags and the ratio of tags to common as overlap.

Also includes the historical information for tags, versions and matches for the given period type and count, by default the last 12 months from the current date.

Query Parameters:

  • package_name (str): Name of the package.
  • package_type (PackageType): Type of package.
  • package_version (Optional[str]): Optional version - defaults to latest if unspecified.
  • period_type: (str): Type of period of time - can be 'day', 'month' or 'year'. Defaults to 'month'.
  • period_count: (int): How many units of the specified period to search through. Defaults to 12.
Authorizations:
HTTPBearer
query Parameters
package_name
required
string (Package Name)
package_type
string (PackageType)
Default: "pypi"
Enum: "pypi" "npm" "crates" "maven" "go"
Package Version (string) or Package Version (null) (Package Version)
Default: ""
period_type
string (Period Type)
Default: "month"
period_count
integer (Period Count)
Default: 12

Responses

Response samples

Content type
application/json
{
  • "status": "complete",
  • "hp": {
    },
  • "sigstore": {
    },
  • "score": 8
}

Contributors

Get Contributor Report

Fetch the report for a contributor.

Query Parameters:

  • login (str): The contributor's GitHub login name.
Authorizations:
HTTPBearer
query Parameters
login
required
string (Login)

Responses

Response samples

Content type
application/json
{
  • "package_name": "flask",
  • "package_type": "pypi",
  • "package_version": "3.0.3",
  • "package_data": {},
  • "status": "complete",
  • "summary": {
    },
  • "provenance": {
    },
  • "activity": {
    },
  • "typosquatting": {
    },
  • "alternatives": {
    },
  • "similar_package_names": [
    ],
  • "same_origin_packages_count": 1,
  • "has_triggered_reingestion": false
}

Repositories

Get Repository Report

Fetch the report for a repository.

Query Parameters:

  • name (str): Name of the repository.
Authorizations:
HTTPBearer
query Parameters
name
required
string (Name)

Responses

Response samples

Content type
application/json
{
  • "repository": {
    },
  • "contributors": [],
  • "packages": [
    ]
}

Versions

Get Versions

Fetch a list of versions for a package.

Query Parameters:

  • package_name (str): Name of the package.
  • package_type (PackageType): Type of package.
  • package_version (Optional[str]): Optional version - defaults to latest if unspecified.
Authorizations:
HTTPBearer
query Parameters
package_name
required
string (Package Name)
package_type
string (PackageType)
Default: "pypi"
Enum: "pypi" "npm" "crates" "maven" "go"
Version Prefix (string) or Version Prefix (null) (Version Prefix)
Default: ""
Version Fragment (string) or Version Fragment (null) (Version Fragment)
Default: ""
Token (string) or Token (null) (Token)

Responses

Response samples

Content type
application/json
{
  • "results": [
    ],
  • "latest": {
    }
}

Vulnerabilities

Get Vulnerabilities

Fetch a list of vulnerabilities for all versions of a package. If a version is provided, only the vulnerabilities for that specific version are returned.

Query Parameters:

  • package_name (str): Name of the package.
  • package_type (PackageType): Type of package.
  • package_version (Optional[str]): Optional version - defaults to latest if unspecified.
  • num_vulnerabilities (Optional[int]): Number of vulnerabilities to include in the response.
  • token: _(Optional[str]): Pagination token.
Authorizations:
HTTPBearer
query Parameters
package_name
required
string (Package Name)
package_type
string (PackageType)
Default: "pypi"
Enum: "pypi" "npm" "crates" "maven" "go"
Package Version (string) or Package Version (null) (Package Version)
Default: ""
Token (string) or Token (null) (Token)
Default: ""
Num Vulnerabilities (integer) or Num Vulnerabilities (null) (Num Vulnerabilities)
Default: 999

Responses

Response samples

Content type
application/json
{
  • "vulnerabilities": [
    ]
}

Get Vulnerability

Fetch the data for a vulnerability.

Query Parameters:

  • osv_id (str): Name of the package.
Authorizations:
HTTPBearer
query Parameters
osv_id
required
string (Osv Id)

Responses

Response samples

Content type
application/json
{}

Licenses

Get Licence

Fetch the license claim for a specified package or repository. The package_name, package_type and version are specified as parameters.

Query Parameters:

  • package_name (str): Name of the package.
  • package_type (PackageType): Type of package.
  • package_version (Optional[str]): Optional version - defaults to latest if unspecified.
Authorizations:
HTTPBearer
query Parameters
package_name
required
string (Package Name)
package_type
string (PackageType)
Default: "pypi"
Enum: "pypi" "npm" "crates" "maven" "go"
Package Version (string) or Package Version (null) (Package Version)
Default: ""

Responses

Response samples

Content type
application/json
{
  • "claims": [
    ],
  • "license": "BSD-3-Clause"
}

Get Licence Owner

Fetch the license claim for a specified repository by repository ID. The UUID of the repository is supplied on the path to fetch its associated license claims.

Authorizations:
HTTPBearer
path Parameters
id
required
string <uuid> (Id)

Responses

Response samples

Content type
application/json
{
  • "claims": [
    ],
  • "license": "BSD-3-Clause"
}

Get Licence Claim Id

Fetch the license claim by its ID. The UUID of the claim is specified on the path.

Authorizations:
HTTPBearer
path Parameters
id
required
string <uuid> (Id)

Responses

Response samples

Content type
application/json
{
  • "id": "a93cfef8-f2f7-45de-a56a-f10e82f25c6e",
  • "owner_id": "8cf0ebc0-34ac-5a1a-a1ac-70d7d182f89c",
  • "licenses": [
    ],
  • "claim": "BSD-3-Clause",
  • "content": "bsd-3-clause",
  • "source": "github",
  • "description": "See BSD 3-Clause \"New\" or \"Revised\" License (bsd-3-clause) at http://choosealicense.com/licenses/bsd-3-clause/)"
}