REST API documentation
Get Dependencies Id
Fetch the dependencies for a package given its id. This includes the package's name, version, description, and other metadata about contributors.
Query Parameters:
- package_name (str): Name of the package.
- package_type (PackageType): Type of package.
- package_version (Optional[str]): Optional version - defaults to latest if unspecified.
- filter (Optional[str]): CEL filter code to apply.
- sort_by (Optional[List[str]]): List of fields to sort by.
- sort_order (Optional[List[str]]): Corresponding list of sort orders.
- recurse_limit (int): Maximum depth of recursion. Upper limit - should automatically stop at leaf nodes.
- page_from (int): Pagination start.
- page_to (int): Pagination end.
For details on how to use the filter look at the CEL docs Some examples:
- node.score == 0.0
- node.score > 0.0 && node.score < 5
- "Apache-2.0" in node.claims
Authorizations:
HTTPBearer
path Parameters
| id required | string <uuid> (Id) |
query Parameters
Filter (string) or Filter (null) (Filter) | |
Array of Sort By (strings) or Sort By (null) (Sort By) Default: "" | |
Array of Sort Order (strings) or Sort Order (null) (Sort Order) Default: "" | |
| recurse_limit | integer (Recurse Limit) Default: 100 |
| page_from | integer (Page From) Default: 0 |
| page_to | integer (Page To) Default: 100 |
Responses
Response samples
- 200
- 400
- 404
- 422
Content type
application/json
{- "@context": { },
- "summary": {
- "total": 7,
- "max_score": 8.67,
- "min_score": 0,
- "mean_score": 7.688571428571429,
- "declared_licenses": {
- "": 1,
- "BSD-3-Clause": 2
}, - "depths": {
- "1": 6,
- "2": 1
}, - "vuln_severity": { },
- "status": "partial"
}, - "dependencies": [
- {
- "name": "blinker",
- "type": "pypi",
- "version_name": "1.8.2",
- "package_id": "0ac0c8f0-811e-59fb-b0b7-e3c9d81b74bf",
- "version_id": "ccba78e1-5b7a-4c20-b9eb-7e211dea0b43",
- "parents": [
- "e3dfeef2-49f6-4cf8-aa69-b643559be968"
], - "depths": [
- 1
], - "paths": [
- [
- "ccba78e1-5b7a-4c20-b9eb-7e211dea0b43"
]
], - "activity_score": 6.48,
- "declared_license": [ ],
- "vuln_severity": [ ],
- "mal_osv_id": [ ],
- "status": "initial",
- "dependency_status": "complete"
}, - {
- "name": "importlib-metadata",
- "type": "pypi",
- "version_name": "8.5.0",
- "package_id": "c99744b9-ef27-51de-b2a2-4941ead60b16",
- "version_id": "c081ee54-f8ce-4577-9108-a083f34975e4",
- "parents": [
- "e3dfeef2-49f6-4cf8-aa69-b643559be968"
], - "depths": [
- 1
], - "paths": [
- [
- "c081ee54-f8ce-4577-9108-a083f34975e4"
]
], - "activity_score": 7.15,
- "declared_license": [ ],
- "vuln_severity": [ ],
- "mal_osv_id": [ ],
- "status": "initial",
- "dependency_status": "pending"
}, - {
- "name": "markupsafe",
- "type": "pypi",
- "version_name": "3.0.2",
- "package_id": "b39856d8-1bcb-53d5-96b2-ad45be73a4a5",
- "version_id": "47e85320-d1e3-4715-a281-0603f64127bc",
- "parents": [
- "1717e1aa-7402-404e-81bb-6c1f8bd31b6f",
- "842f4257-c450-4032-9056-53280b2852a7"
], - "depths": [
- 2
], - "paths": [
- [
- "1717e1aa-7402-404e-81bb-6c1f8bd31b6f",
- "47e85320-d1e3-4715-a281-0603f64127bc"
], - [
- "842f4257-c450-4032-9056-53280b2852a7",
- "47e85320-d1e3-4715-a281-0603f64127bc"
]
], - "activity_score": 7.22,
- "declared_license": [
- "",
- "BSD-3-Clause"
], - "vuln_severity": [ ],
- "mal_osv_id": [ ],
- "status": "initial",
- "dependency_status": "complete"
}, - {
- "name": "itsdangerous",
- "type": "pypi",
- "version_name": "2.2.0",
- "package_id": "1bbfb416-2b31-5c5e-8000-cd4cf774f3db",
- "version_id": "b9f9efbd-2e26-4957-8504-ae22b0630774",
- "parents": [
- "e3dfeef2-49f6-4cf8-aa69-b643559be968"
], - "depths": [
- 1
], - "paths": [
- [
- "b9f9efbd-2e26-4957-8504-ae22b0630774"
]
], - "activity_score": 7.58,
- "declared_license": [ ],
- "vuln_severity": [ ],
- "mal_osv_id": [ ],
- "status": "initial",
- "dependency_status": "pending"
}, - {
- "name": "werkzeug",
- "type": "pypi",
- "version_name": "3.1.1",
- "package_id": "aa38722a-39cc-54c5-8cdb-1576d1f801f8",
- "version_id": "1717e1aa-7402-404e-81bb-6c1f8bd31b6f",
- "parents": [
- "e3dfeef2-49f6-4cf8-aa69-b643559be968"
], - "depths": [
- 1
], - "paths": [
- [
- "1717e1aa-7402-404e-81bb-6c1f8bd31b6f"
]
], - "activity_score": 8.19,
- "declared_license": [ ],
- "vuln_severity": [ ],
- "mal_osv_id": [ ],
- "status": "initial",
- "dependency_status": "complete"
}, - {
- "name": "click",
- "type": "pypi",
- "version_name": "8.1.7",
- "package_id": "f2cdca7e-6091-5b5c-9d8d-b2821dadce76",
- "version_id": "3e26d054-c47c-4d51-966a-37a51ca9709f",
- "parents": [
- "e3dfeef2-49f6-4cf8-aa69-b643559be968"
], - "depths": [
- 1
], - "paths": [
- [
- "3e26d054-c47c-4d51-966a-37a51ca9709f"
]
], - "activity_score": 8.53,
- "declared_license": [
- "BSD-3-Clause"
], - "vuln_severity": [ ],
- "mal_osv_id": [ ],
- "status": "initial",
- "dependency_status": "pending"
}, - {
- "name": "jinja2",
- "type": "pypi",
- "version_name": "3.1.4",
- "package_id": "53fd69f0-9e1c-5897-91a0-2e3a4d266db7",
- "version_id": "842f4257-c450-4032-9056-53280b2852a7",
- "parents": [
- "e3dfeef2-49f6-4cf8-aa69-b643559be968"
], - "depths": [
- 1
], - "paths": [
- [
- "842f4257-c450-4032-9056-53280b2852a7"
]
], - "activity_score": 8.67,
- "declared_license": [ ],
- "vuln_severity": [ ],
- "mal_osv_id": [ ],
- "status": "initial",
- "dependency_status": "complete"
}
]
}Get Dependencies
Fetch the dependencies for a package given its name version and type. This includes the package's name, version, description, and other metadata about contributors.
Query Parameters:
- package_name (str): Name of the package.
- package_type (PackageType): Type of package.
- package_version (Optional[str]): Optional version - defaults to latest if unspecified.
- filter (Optional[str]): CEL filter code to apply.
- sort_by (Optional[List[str]]): List of fields to sort by.
- sort_order (Optional[List[str]]): Corresponding list of sort orders.
- recurse_limit (int): Maximum depth of recursion. Upper limit - should automatically stop at leaf nodes.
- page_from (int): Pagination start.
- page_to (int): Pagination end.
For details on how to use the filter look at the CEL docs Some examples:
- node.score == 0.0
- node.score > 0.0 && node.score < 5
- "Apache-2.0" in node.claims
Authorizations:
HTTPBearer
query Parameters
| package_name required | string (Package Name) |
| package_type | string (PackageType) Default: "pypi" Enum: "pypi" "npm" "crates" "maven" "go" |
Package Version (string) or Package Version (null) (Package Version) Default: "" | |
Filter (string) or Filter (null) (Filter) | |
Array of Sort By (strings) or Sort By (null) (Sort By) Default: "" | |
Array of Sort Order (strings) or Sort Order (null) (Sort Order) Default: "" | |
| recurse_limit | integer (Recurse Limit) Default: 100 |
| page_from | integer (Page From) Default: 0 |
| page_to | integer (Page To) Default: 100 |
Responses
Response samples
- 200
- 422
Content type
application/json
{- "@context": { },
- "summary": {
- "total": 7,
- "max_score": 8.67,
- "min_score": 0,
- "mean_score": 7.688571428571429,
- "declared_licenses": {
- "": 1,
- "BSD-3-Clause": 2
}, - "depths": {
- "1": 6,
- "2": 1
}, - "vuln_severity": { },
- "status": "partial"
}, - "dependencies": [
- {
- "name": "blinker",
- "type": "pypi",
- "version_name": "1.8.2",
- "package_id": "0ac0c8f0-811e-59fb-b0b7-e3c9d81b74bf",
- "version_id": "ccba78e1-5b7a-4c20-b9eb-7e211dea0b43",
- "parents": [
- "e3dfeef2-49f6-4cf8-aa69-b643559be968"
], - "depths": [
- 1
], - "paths": [
- [
- "ccba78e1-5b7a-4c20-b9eb-7e211dea0b43"
]
], - "activity_score": 6.48,
- "declared_license": [ ],
- "vuln_severity": [ ],
- "mal_osv_id": [ ],
- "status": "initial",
- "dependency_status": "complete"
}, - {
- "name": "importlib-metadata",
- "type": "pypi",
- "version_name": "8.5.0",
- "package_id": "c99744b9-ef27-51de-b2a2-4941ead60b16",
- "version_id": "c081ee54-f8ce-4577-9108-a083f34975e4",
- "parents": [
- "e3dfeef2-49f6-4cf8-aa69-b643559be968"
], - "depths": [
- 1
], - "paths": [
- [
- "c081ee54-f8ce-4577-9108-a083f34975e4"
]
], - "activity_score": 7.15,
- "declared_license": [ ],
- "vuln_severity": [ ],
- "mal_osv_id": [ ],
- "status": "initial",
- "dependency_status": "pending"
}, - {
- "name": "markupsafe",
- "type": "pypi",
- "version_name": "3.0.2",
- "package_id": "b39856d8-1bcb-53d5-96b2-ad45be73a4a5",
- "version_id": "47e85320-d1e3-4715-a281-0603f64127bc",
- "parents": [
- "1717e1aa-7402-404e-81bb-6c1f8bd31b6f",
- "842f4257-c450-4032-9056-53280b2852a7"
], - "depths": [
- 2
], - "paths": [
- [
- "1717e1aa-7402-404e-81bb-6c1f8bd31b6f",
- "47e85320-d1e3-4715-a281-0603f64127bc"
], - [
- "842f4257-c450-4032-9056-53280b2852a7",
- "47e85320-d1e3-4715-a281-0603f64127bc"
]
], - "activity_score": 7.22,
- "declared_license": [
- "",
- "BSD-3-Clause"
], - "vuln_severity": [ ],
- "mal_osv_id": [ ],
- "status": "initial",
- "dependency_status": "complete"
}, - {
- "name": "itsdangerous",
- "type": "pypi",
- "version_name": "2.2.0",
- "package_id": "1bbfb416-2b31-5c5e-8000-cd4cf774f3db",
- "version_id": "b9f9efbd-2e26-4957-8504-ae22b0630774",
- "parents": [
- "e3dfeef2-49f6-4cf8-aa69-b643559be968"
], - "depths": [
- 1
], - "paths": [
- [
- "b9f9efbd-2e26-4957-8504-ae22b0630774"
]
], - "activity_score": 7.58,
- "declared_license": [ ],
- "vuln_severity": [ ],
- "mal_osv_id": [ ],
- "status": "initial",
- "dependency_status": "pending"
}, - {
- "name": "werkzeug",
- "type": "pypi",
- "version_name": "3.1.1",
- "package_id": "aa38722a-39cc-54c5-8cdb-1576d1f801f8",
- "version_id": "1717e1aa-7402-404e-81bb-6c1f8bd31b6f",
- "parents": [
- "e3dfeef2-49f6-4cf8-aa69-b643559be968"
], - "depths": [
- 1
], - "paths": [
- [
- "1717e1aa-7402-404e-81bb-6c1f8bd31b6f"
]
], - "activity_score": 8.19,
- "declared_license": [ ],
- "vuln_severity": [ ],
- "mal_osv_id": [ ],
- "status": "initial",
- "dependency_status": "complete"
}, - {
- "name": "click",
- "type": "pypi",
- "version_name": "8.1.7",
- "package_id": "f2cdca7e-6091-5b5c-9d8d-b2821dadce76",
- "version_id": "3e26d054-c47c-4d51-966a-37a51ca9709f",
- "parents": [
- "e3dfeef2-49f6-4cf8-aa69-b643559be968"
], - "depths": [
- 1
], - "paths": [
- [
- "3e26d054-c47c-4d51-966a-37a51ca9709f"
]
], - "activity_score": 8.53,
- "declared_license": [
- "BSD-3-Clause"
], - "vuln_severity": [ ],
- "mal_osv_id": [ ],
- "status": "initial",
- "dependency_status": "pending"
}, - {
- "name": "jinja2",
- "type": "pypi",
- "version_name": "3.1.4",
- "package_id": "53fd69f0-9e1c-5897-91a0-2e3a4d266db7",
- "version_id": "842f4257-c450-4032-9056-53280b2852a7",
- "parents": [
- "e3dfeef2-49f6-4cf8-aa69-b643559be968"
], - "depths": [
- 1
], - "paths": [
- [
- "842f4257-c450-4032-9056-53280b2852a7"
]
], - "activity_score": 8.67,
- "declared_license": [ ],
- "vuln_severity": [ ],
- "mal_osv_id": [ ],
- "status": "initial",
- "dependency_status": "complete"
}
]
}Get Package
Fetch the info for a package given its id. This includes the package's name, version, description, and other metadata about contributors.
Authorizations:
HTTPBearer
path Parameters
| id required | string <uuid> (Id) |
Responses
Response samples
- 200
- 400
- 404
- 422
Content type
application/json
{- "package_name": "flask",
- "package_type": "pypi",
- "package_version": "3.0.3",
- "package_data": {
- "id": "988abc19-65d8-5f09-99f2-c2628d4b56c8",
- "status": "complete",
- "name": "flask",
- "type": "pypi",
- "version": "3.0.3",
- "version_date": "2024-04-07T19:26:08.569305",
- "package_description": "A simple framework for building complex web applications.",
- "repo_description": "The Python micro framework for building web applications.",
- "origin": "ok",
- "stargazers_count": 68011,
- "watchers_count": 2117,
- "has_issues": true,
- "has_projects": false,
- "has_downloads": true,
- "forks_count": 16215,
- "archived": false,
- "is_deprecated": false,
- "disabled": false,
- "open_issues_count": 2,
- "visibility": "public",
- "default_branch": "main",
- "repository_id": "8cf0ebc0-34ac-5a1a-a1ac-70d7d182f89c",
- "contributor_count": 722,
- "public_repos": 5593,
- "public_gists": 0,
- "followers": 86818,
- "following": 1618,
- "owner": {
- "id": "1d379860-7d4a-43d8-a796-61ef7a0aeeee",
- "author": "pallets",
- "login": "pallets",
- "gravatar_id": "",
- "public_repos": 16,
- "scores": { }
}, - "contributors": [
- {
- "id": "0d518def-efe8-5ca6-90eb-9f1cc272303d",
- "author": "s3rvac",
- "author_email": "s3rvac@petrzemek.net",
- "login": "s3rvac",
- "gravatar_id": "",
- "company": "@Avast",
- "location": "Brno, Czech Republic",
- "email": "s3rvac@petrzemek.net",
- "hireable": false,
- "twitter_username": "s3rvac",
- "public_repos": 48,
- "followers": 200,
- "following": 27,
- "scores": { }
}, - {
- "id": "0facea6d-0936-52fc-b9f5-35cc8434e316",
- "author": "davidism",
- "author_email": "",
- "login": "davidism",
- "gravatar_id": "",
- "location": "San Diego, CA",
- "email": "",
- "hireable": false,
- "public_repos": 18,
- "followers": 2071,
- "following": 22,
- "scores": { }
}
], - "last_update": "2024-11-05T15:15:23.501959",
- "scores": { },
- "has_triggered_reingestion": false
}, - "status": "complete",
- "summary": {
- "score": 8,
- "description": {
- "activity_user": 9.2,
- "activity_repo": 8.7,
- "from": "provenance",
- "activity": 9,
- "typosquatting": 10,
- "provenance": 8,
- "trust-summary": 7.4
}, - "updated_at": "2024-11-05T15:08:52.347662"
}, - "provenance": {
- "score": 8,
- "description": {
- "hp": {
- "tags": 58,
- "common": 58,
- "overlap": 100,
- "versions": 60,
- "over_time": { }
}, - "status": "complete",
- "sigstore": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-11-05T15:08:52.347662"
}, - "activity": {
- "score": 9,
- "description": {
- "repo": 8.7,
- "user": 9.2
}, - "updated_at": "2024-11-05T15:08:52.465030"
}, - "typosquatting": {
- "score": 10,
- "description": {
- "total_similar_names": 8
}, - "updated_at": "2024-11-05T15:08:52.617141"
}, - "alternatives": {
- "status": "complete",
- "packages": [
- {
- "id": "bec33102-1e3b-5a24-b554-db3d82857aab",
- "package_name": "django",
- "package_type": "pypi",
- "package_version": "5.1.3",
- "repo_description": "The Web framework for perfectionists with deadlines.",
- "score": 8,
- "is_malicious": false,
- "provenance": {
- "score": 8,
- "description": {
- "hp": {
- "tags": 128,
- "common": 127,
- "overlap": 99.21875,
- "versions": 366,
- "over_time": { }
}, - "status": "complete",
- "sigstore": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-11-06T05:16:10.317362"
}
}, - {
- "id": "dd835600-a353-5a02-aeb8-43342a5e61ba",
- "package_name": "tornado",
- "package_type": "pypi",
- "package_version": "6.4.1",
- "repo_description": "Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed.",
- "score": 8,
- "is_malicious": false,
- "provenance": {
- "score": 8,
- "description": {
- "hp": {
- "tags": 74,
- "common": 26,
- "overlap": 35.13513513513514,
- "versions": 73,
- "over_time": { }
}, - "status": "complete",
- "sigstore": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-10-31T12:32:24.128241"
}
}
]
}, - "similar_package_names": [
- {
- "id": "d5d8c3cd-c17d-55e8-8325-3e8ca01e67b1",
- "package_name": "dflask",
- "package_type": "pypi",
- "package_version": "1.0.2",
- "repo_description": "Use responses for Flask directly",
- "score": 2.8,
- "is_malicious": false,
- "provenance": {
- "score": 8,
- "description": {
- "hp": {
- "tags": 6,
- "common": 3,
- "overlap": 50,
- "versions": 3,
- "over_time": { }
}, - "score": 0,
- "status": "complete",
- "provenance": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-03-27T09:51:05.934543"
}
}, - {
- "id": "a4c335db-d574-431c-ab3c-b0019d0552fc",
- "package_name": "flaski",
- "package_type": "pypi",
- "package_version": "0.0.0.9",
- "repo_description": "Administra vistas con un enfoque diferente en flask.",
- "score": 1,
- "is_malicious": false,
- "provenance": {
- "score": 5,
- "description": {
- "hp": {
- "tags": 0,
- "common": 0,
- "overlap": 0,
- "versions": 9,
- "over_time": { }
}, - "score": 0,
- "status": "complete",
- "sigstore": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-09-25T13:58:28.635269"
}
}
], - "same_origin_packages_count": 1,
- "has_triggered_reingestion": false
}Post Package
Fetch the info for a package given its id. This includes the package's name, version, description, and other metadata about contributors.
Query Parameters:
- package_name (str): Name of the package.
- package_type (PackageType): Type of package.
- package_version (Optional[str]): Optional version - defaults to latest if unspecified.
Authorizations:
HTTPBearer
Request Body schema: application/jsonrequired
Array
string <uuid>
Responses
Request samples
- Payload
Content type
application/json
[- "497f6eca-6276-4993-bfeb-53cbbbba6f08"
]Response samples
- 200
- 400
- 404
- 422
Content type
application/json
[- {
- "package_name": "flask",
- "package_type": "pypi",
- "package_version": "3.0.3",
- "package_data": {
- "id": "988abc19-65d8-5f09-99f2-c2628d4b56c8",
- "status": "complete",
- "name": "flask",
- "type": "pypi",
- "version": "3.0.3",
- "version_date": "2024-04-07T19:26:08.569305",
- "package_description": "A simple framework for building complex web applications.",
- "repo_description": "The Python micro framework for building web applications.",
- "origin": "ok",
- "stargazers_count": 68011,
- "watchers_count": 2117,
- "has_issues": true,
- "has_projects": false,
- "has_downloads": true,
- "forks_count": 16215,
- "archived": false,
- "is_deprecated": false,
- "disabled": false,
- "open_issues_count": 2,
- "visibility": "public",
- "default_branch": "main",
- "repository_id": "8cf0ebc0-34ac-5a1a-a1ac-70d7d182f89c",
- "contributor_count": 722,
- "public_repos": 5593,
- "public_gists": 0,
- "followers": 86818,
- "following": 1618,
- "owner": {
- "id": "1d379860-7d4a-43d8-a796-61ef7a0aeeee",
- "author": "pallets",
- "login": "pallets",
- "gravatar_id": "",
- "public_repos": 16,
- "scores": { }
}, - "contributors": [
- {
- "id": "0d518def-efe8-5ca6-90eb-9f1cc272303d",
- "author": "s3rvac",
- "author_email": "s3rvac@petrzemek.net",
- "login": "s3rvac",
- "gravatar_id": "",
- "company": "@Avast",
- "location": "Brno, Czech Republic",
- "email": "s3rvac@petrzemek.net",
- "hireable": false,
- "twitter_username": "s3rvac",
- "public_repos": 48,
- "followers": 200,
- "following": 27,
- "scores": { }
}, - {
- "id": "0facea6d-0936-52fc-b9f5-35cc8434e316",
- "author": "davidism",
- "author_email": "",
- "login": "davidism",
- "gravatar_id": "",
- "location": "San Diego, CA",
- "email": "",
- "hireable": false,
- "public_repos": 18,
- "followers": 2071,
- "following": 22,
- "scores": { }
}
], - "last_update": "2024-11-05T15:15:23.501959",
- "scores": { },
- "has_triggered_reingestion": false
}, - "status": "complete",
- "summary": {
- "score": 8,
- "description": {
- "activity_user": 9.2,
- "activity_repo": 8.7,
- "from": "provenance",
- "activity": 9,
- "typosquatting": 10,
- "provenance": 8,
- "trust-summary": 7.4
}, - "updated_at": "2024-11-05T15:08:52.347662"
}, - "provenance": {
- "score": 8,
- "description": {
- "hp": {
- "tags": 58,
- "common": 58,
- "overlap": 100,
- "versions": 60,
- "over_time": { }
}, - "status": "complete",
- "sigstore": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-11-05T15:08:52.347662"
}, - "activity": {
- "score": 9,
- "description": {
- "repo": 8.7,
- "user": 9.2
}, - "updated_at": "2024-11-05T15:08:52.465030"
}, - "typosquatting": {
- "score": 10,
- "description": {
- "total_similar_names": 8
}, - "updated_at": "2024-11-05T15:08:52.617141"
}, - "alternatives": {
- "status": "complete",
- "packages": [
- {
- "id": "bec33102-1e3b-5a24-b554-db3d82857aab",
- "package_name": "django",
- "package_type": "pypi",
- "package_version": "5.1.3",
- "repo_description": "The Web framework for perfectionists with deadlines.",
- "score": 8,
- "is_malicious": false,
- "provenance": {
- "score": 8,
- "description": {
- "hp": {
- "tags": 128,
- "common": 127,
- "overlap": 99.21875,
- "versions": 366,
- "over_time": { }
}, - "status": "complete",
- "sigstore": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-11-06T05:16:10.317362"
}
}, - {
- "id": "dd835600-a353-5a02-aeb8-43342a5e61ba",
- "package_name": "tornado",
- "package_type": "pypi",
- "package_version": "6.4.1",
- "repo_description": "Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed.",
- "score": 8,
- "is_malicious": false,
- "provenance": {
- "score": 8,
- "description": {
- "hp": {
- "tags": 74,
- "common": 26,
- "overlap": 35.13513513513514,
- "versions": 73,
- "over_time": { }
}, - "status": "complete",
- "sigstore": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-10-31T12:32:24.128241"
}
}
]
}, - "similar_package_names": [
- {
- "id": "d5d8c3cd-c17d-55e8-8325-3e8ca01e67b1",
- "package_name": "dflask",
- "package_type": "pypi",
- "package_version": "1.0.2",
- "repo_description": "Use responses for Flask directly",
- "score": 2.8,
- "is_malicious": false,
- "provenance": {
- "score": 8,
- "description": {
- "hp": {
- "tags": 6,
- "common": 3,
- "overlap": 50,
- "versions": 3,
- "over_time": { }
}, - "score": 0,
- "status": "complete",
- "provenance": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-03-27T09:51:05.934543"
}
}, - {
- "id": "a4c335db-d574-431c-ab3c-b0019d0552fc",
- "package_name": "flaski",
- "package_type": "pypi",
- "package_version": "0.0.0.9",
- "repo_description": "Administra vistas con un enfoque diferente en flask.",
- "score": 1,
- "is_malicious": false,
- "provenance": {
- "score": 5,
- "description": {
- "hp": {
- "tags": 0,
- "common": 0,
- "overlap": 0,
- "versions": 9,
- "over_time": { }
}, - "score": 0,
- "status": "complete",
- "sigstore": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-09-25T13:58:28.635269"
}
}
], - "same_origin_packages_count": 1,
- "has_triggered_reingestion": false
}
]Get Pkg
Fetch the metadata for a package.
This includes the package's name, version, description, and other metadata about contributors.
Query Parameters:
- package_name (str): Name of the package.
- package_type (PackageType): Type of package.
- package_version (Optional[str]): Optional version - defaults to latest if unspecified.
Authorizations:
HTTPBearer
query Parameters
| package_name required | string (Package Name) |
| package_type | string (PackageType) Default: "pypi" Enum: "pypi" "npm" "crates" "maven" "go" |
Package Version (string) or Package Version (null) (Package Version) Default: "" |
Responses
Response samples
- 200
- 422
Content type
application/json
{- "package_name": "flask",
- "package_type": "pypi",
- "package_version": "3.0.3",
- "package_data": {
- "id": "988abc19-65d8-5f09-99f2-c2628d4b56c8",
- "status": "complete",
- "name": "flask",
- "type": "pypi",
- "version": "3.0.3",
- "version_date": "2024-04-07T19:26:08.569305",
- "package_description": "A simple framework for building complex web applications.",
- "repo_description": "The Python micro framework for building web applications.",
- "origin": "ok",
- "stargazers_count": 68011,
- "watchers_count": 2117,
- "has_issues": true,
- "has_projects": false,
- "has_downloads": true,
- "forks_count": 16215,
- "archived": false,
- "is_deprecated": false,
- "disabled": false,
- "open_issues_count": 2,
- "visibility": "public",
- "default_branch": "main",
- "repository_id": "8cf0ebc0-34ac-5a1a-a1ac-70d7d182f89c",
- "contributor_count": 722,
- "public_repos": 5593,
- "public_gists": 0,
- "followers": 86818,
- "following": 1618,
- "owner": {
- "id": "1d379860-7d4a-43d8-a796-61ef7a0aeeee",
- "author": "pallets",
- "login": "pallets",
- "gravatar_id": "",
- "public_repos": 16,
- "scores": { }
}, - "contributors": [
- {
- "id": "0d518def-efe8-5ca6-90eb-9f1cc272303d",
- "author": "s3rvac",
- "author_email": "s3rvac@petrzemek.net",
- "login": "s3rvac",
- "gravatar_id": "",
- "company": "@Avast",
- "location": "Brno, Czech Republic",
- "email": "s3rvac@petrzemek.net",
- "hireable": false,
- "twitter_username": "s3rvac",
- "public_repos": 48,
- "followers": 200,
- "following": 27,
- "scores": { }
}, - {
- "id": "0facea6d-0936-52fc-b9f5-35cc8434e316",
- "author": "davidism",
- "author_email": "",
- "login": "davidism",
- "gravatar_id": "",
- "location": "San Diego, CA",
- "email": "",
- "hireable": false,
- "public_repos": 18,
- "followers": 2071,
- "following": 22,
- "scores": { }
}
], - "last_update": "2024-11-05T15:15:23.501959",
- "scores": { },
- "has_triggered_reingestion": false
}, - "status": "complete",
- "summary": {
- "score": 8,
- "description": {
- "activity_user": 9.2,
- "activity_repo": 8.7,
- "from": "provenance",
- "activity": 9,
- "typosquatting": 10,
- "provenance": 8,
- "trust-summary": 7.4
}, - "updated_at": "2024-11-05T15:08:52.347662"
}, - "provenance": {
- "score": 8,
- "description": {
- "hp": {
- "tags": 58,
- "common": 58,
- "overlap": 100,
- "versions": 60,
- "over_time": { }
}, - "status": "complete",
- "sigstore": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-11-05T15:08:52.347662"
}, - "activity": {
- "score": 9,
- "description": {
- "repo": 8.7,
- "user": 9.2
}, - "updated_at": "2024-11-05T15:08:52.465030"
}, - "typosquatting": {
- "score": 10,
- "description": {
- "total_similar_names": 8
}, - "updated_at": "2024-11-05T15:08:52.617141"
}, - "alternatives": {
- "status": "complete",
- "packages": [
- {
- "id": "bec33102-1e3b-5a24-b554-db3d82857aab",
- "package_name": "django",
- "package_type": "pypi",
- "package_version": "5.1.3",
- "repo_description": "The Web framework for perfectionists with deadlines.",
- "score": 8,
- "is_malicious": false,
- "provenance": {
- "score": 8,
- "description": {
- "hp": {
- "tags": 128,
- "common": 127,
- "overlap": 99.21875,
- "versions": 366,
- "over_time": { }
}, - "status": "complete",
- "sigstore": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-11-06T05:16:10.317362"
}
}, - {
- "id": "dd835600-a353-5a02-aeb8-43342a5e61ba",
- "package_name": "tornado",
- "package_type": "pypi",
- "package_version": "6.4.1",
- "repo_description": "Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed.",
- "score": 8,
- "is_malicious": false,
- "provenance": {
- "score": 8,
- "description": {
- "hp": {
- "tags": 74,
- "common": 26,
- "overlap": 35.13513513513514,
- "versions": 73,
- "over_time": { }
}, - "status": "complete",
- "sigstore": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-10-31T12:32:24.128241"
}
}
]
}, - "similar_package_names": [
- {
- "id": "d5d8c3cd-c17d-55e8-8325-3e8ca01e67b1",
- "package_name": "dflask",
- "package_type": "pypi",
- "package_version": "1.0.2",
- "repo_description": "Use responses for Flask directly",
- "score": 2.8,
- "is_malicious": false,
- "provenance": {
- "score": 8,
- "description": {
- "hp": {
- "tags": 6,
- "common": 3,
- "overlap": 50,
- "versions": 3,
- "over_time": { }
}, - "score": 0,
- "status": "complete",
- "provenance": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-03-27T09:51:05.934543"
}
}, - {
- "id": "a4c335db-d574-431c-ab3c-b0019d0552fc",
- "package_name": "flaski",
- "package_type": "pypi",
- "package_version": "0.0.0.9",
- "repo_description": "Administra vistas con un enfoque diferente en flask.",
- "score": 1,
- "is_malicious": false,
- "provenance": {
- "score": 5,
- "description": {
- "hp": {
- "tags": 0,
- "common": 0,
- "overlap": 0,
- "versions": 9,
- "over_time": { }
}, - "score": 0,
- "status": "complete",
- "sigstore": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-09-25T13:58:28.635269"
}
}
], - "same_origin_packages_count": 1,
- "has_triggered_reingestion": false
}Get Alternatives
This will return a list of alternative packages to the one requested.
It is based on AI and will try to provide something with similar functionality.
Query Parameters:
- package_name (str): Name of the package.
- package_type (PackageType): Type of package.
- package_version (Optional[str]): Optional version - defaults to latest if unspecified.
Authorizations:
HTTPBearer
query Parameters
| package_name required | string (Package Name) |
| package_type | string (PackageType) Default: "pypi" Enum: "pypi" "npm" "crates" "maven" "go" |
Package Version (string) or Package Version (null) (Package Version) Default: "" |
Responses
Response samples
- 200
- 422
Content type
application/json
{- "package_name": "flask",
- "package_type": "pypi",
- "package_version": "3.0.3",
- "package_data": {
- "id": "988abc19-65d8-5f09-99f2-c2628d4b56c8",
- "status": "complete",
- "name": "flask",
- "type": "pypi",
- "version": "3.0.3",
- "version_date": "2024-04-07T19:26:08.569305",
- "package_description": "A simple framework for building complex web applications.",
- "repo_description": "The Python micro framework for building web applications.",
- "origin": "ok",
- "stargazers_count": 68011,
- "watchers_count": 2117,
- "has_issues": true,
- "has_projects": false,
- "has_downloads": true,
- "forks_count": 16215,
- "archived": false,
- "is_deprecated": false,
- "disabled": false,
- "open_issues_count": 2,
- "visibility": "public",
- "default_branch": "main",
- "repository_id": "8cf0ebc0-34ac-5a1a-a1ac-70d7d182f89c",
- "contributor_count": 722,
- "public_repos": 5593,
- "public_gists": 0,
- "followers": 86818,
- "following": 1618,
- "owner": {
- "id": "1d379860-7d4a-43d8-a796-61ef7a0aeeee",
- "author": "pallets",
- "login": "pallets",
- "gravatar_id": "",
- "public_repos": 16,
- "scores": { }
}, - "contributors": [
- {
- "id": "0d518def-efe8-5ca6-90eb-9f1cc272303d",
- "author": "s3rvac",
- "author_email": "s3rvac@petrzemek.net",
- "login": "s3rvac",
- "gravatar_id": "",
- "company": "@Avast",
- "location": "Brno, Czech Republic",
- "email": "s3rvac@petrzemek.net",
- "hireable": false,
- "twitter_username": "s3rvac",
- "public_repos": 48,
- "followers": 200,
- "following": 27,
- "scores": { }
}, - {
- "id": "0facea6d-0936-52fc-b9f5-35cc8434e316",
- "author": "davidism",
- "author_email": "",
- "login": "davidism",
- "gravatar_id": "",
- "location": "San Diego, CA",
- "email": "",
- "hireable": false,
- "public_repos": 18,
- "followers": 2071,
- "following": 22,
- "scores": { }
}
], - "last_update": "2024-11-05T15:15:23.501959",
- "scores": { },
- "has_triggered_reingestion": false
}, - "status": "complete",
- "summary": {
- "score": 8,
- "description": {
- "activity_user": 9.2,
- "activity_repo": 8.7,
- "from": "provenance",
- "activity": 9,
- "typosquatting": 10,
- "provenance": 8,
- "trust-summary": 7.4
}, - "updated_at": "2024-11-05T15:08:52.347662"
}, - "provenance": {
- "score": 8,
- "description": {
- "hp": {
- "tags": 58,
- "common": 58,
- "overlap": 100,
- "versions": 60,
- "over_time": { }
}, - "status": "complete",
- "sigstore": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-11-05T15:08:52.347662"
}, - "activity": {
- "score": 9,
- "description": {
- "repo": 8.7,
- "user": 9.2
}, - "updated_at": "2024-11-05T15:08:52.465030"
}, - "typosquatting": {
- "score": 10,
- "description": {
- "total_similar_names": 8
}, - "updated_at": "2024-11-05T15:08:52.617141"
}, - "alternatives": {
- "status": "complete",
- "packages": [
- {
- "id": "bec33102-1e3b-5a24-b554-db3d82857aab",
- "package_name": "django",
- "package_type": "pypi",
- "package_version": "5.1.3",
- "repo_description": "The Web framework for perfectionists with deadlines.",
- "score": 8,
- "is_malicious": false,
- "provenance": {
- "score": 8,
- "description": {
- "hp": {
- "tags": 128,
- "common": 127,
- "overlap": 99.21875,
- "versions": 366,
- "over_time": { }
}, - "status": "complete",
- "sigstore": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-11-06T05:16:10.317362"
}
}, - {
- "id": "dd835600-a353-5a02-aeb8-43342a5e61ba",
- "package_name": "tornado",
- "package_type": "pypi",
- "package_version": "6.4.1",
- "repo_description": "Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed.",
- "score": 8,
- "is_malicious": false,
- "provenance": {
- "score": 8,
- "description": {
- "hp": {
- "tags": 74,
- "common": 26,
- "overlap": 35.13513513513514,
- "versions": 73,
- "over_time": { }
}, - "status": "complete",
- "sigstore": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-10-31T12:32:24.128241"
}
}
]
}, - "similar_package_names": [
- {
- "id": "d5d8c3cd-c17d-55e8-8325-3e8ca01e67b1",
- "package_name": "dflask",
- "package_type": "pypi",
- "package_version": "1.0.2",
- "repo_description": "Use responses for Flask directly",
- "score": 2.8,
- "is_malicious": false,
- "provenance": {
- "score": 8,
- "description": {
- "hp": {
- "tags": 6,
- "common": 3,
- "overlap": 50,
- "versions": 3,
- "over_time": { }
}, - "score": 0,
- "status": "complete",
- "provenance": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-03-27T09:51:05.934543"
}
}, - {
- "id": "a4c335db-d574-431c-ab3c-b0019d0552fc",
- "package_name": "flaski",
- "package_type": "pypi",
- "package_version": "0.0.0.9",
- "repo_description": "Administra vistas con un enfoque diferente en flask.",
- "score": 1,
- "is_malicious": false,
- "provenance": {
- "score": 5,
- "description": {
- "hp": {
- "tags": 0,
- "common": 0,
- "overlap": 0,
- "versions": 9,
- "over_time": { }
}, - "score": 0,
- "status": "complete",
- "sigstore": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-09-25T13:58:28.635269"
}
}
], - "same_origin_packages_count": 1,
- "has_triggered_reingestion": false
}Get Summary
Fetch a summary of Security Signal information for the package.
Query Parameters:
- package_name (str): Name of the package.
- package_type (PackageType): Type of package.
- package_version (Optional[str]): Optional version - defaults to latest if unspecified.
Authorizations:
HTTPBearer
query Parameters
| package_name required | string (Package Name) |
| package_type | string (PackageType) Default: "pypi" Enum: "pypi" "npm" "crates" "maven" "go" |
Package Version (string) or Package Version (null) (Package Version) Default: "" |
Responses
Response samples
- 200
- 422
Content type
application/json
{- "score": 8,
- "description": {
- "activity_user": 9.2,
- "activity_repo": 8.7,
- "from": "provenance",
- "activity": 9,
- "trust-activity": 8.9,
- "typosquatting": 10,
- "trust-summary": 7.4,
- "malicious": false,
- "provenance_type": "historical_provenance_match"
}, - "status": "complete",
- "updated_at": "2024-11-05T15:08:52.347662"
}Get Similar
Similar packages are those that have similar names to others.
This may or may not be a sign of typosquatting, depending on the provenance of the packages.
Query Parameters:
- package_name (str): Name of the package.
- package_type (PackageType): Type of package.
- package_version (Optional[str]): Optional version - defaults to latest if unspecified.
Authorizations:
HTTPBearer
query Parameters
| package_name required | string (Package Name) |
| package_type | string (PackageType) Default: "pypi" Enum: "pypi" "npm" "crates" "maven" "go" |
Package Version (string) or Package Version (null) (Package Version) Default: "" |
Responses
Response samples
- 200
- 422
Content type
application/json
{- "similar_package_names": [
- {
- "id": "d5d8c3cd-c17d-55e8-8325-3e8ca01e67b1",
- "package_name": "dflask",
- "package_type": "pypi",
- "package_version": "1.0.2",
- "repo_description": "Use responses for Flask directly",
- "score": 2.8,
- "is_malicious": false,
- "provenance": {
- "score": 8,
- "description": {
- "hp": {
- "tags": 6,
- "common": 3,
- "overlap": 50,
- "versions": 3,
- "over_time": { }
}, - "score": 0,
- "status": "complete",
- "provenance": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-03-27T09:51:05.934543"
}
}, - {
- "id": "a4c335db-d574-431c-ab3c-b0019d0552fc",
- "package_name": "flaski",
- "package_type": "pypi",
- "package_version": "0.0.0.9",
- "repo_description": "Administra vistas con un enfoque diferente en flask.",
- "score": 1,
- "is_malicious": false,
- "provenance": {
- "score": 5,
- "description": {
- "hp": {
- "tags": 0,
- "common": 0,
- "overlap": 0,
- "versions": 9,
- "over_time": { }
}, - "score": 0,
- "status": "complete",
- "sigstore": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-09-25T13:58:28.635269"
}
}
]
}Get Same Origin
This will return a list of packages sharing the same repo as the one requested. This can be perfectly normal, many repos produce multiple artifacts, or it can be a sign of star-jacking, depending on the provenance of the packages.
Query Parameters:
- package_name (str): Name of the package.
- package_type (PackageType): Type of package.
- package_version (Optional[str]): Optional version - defaults to latest if unspecified.
Authorizations:
HTTPBearer
query Parameters
| package_name required | string (Package Name) |
| package_type | string (PackageType) Default: "pypi" Enum: "pypi" "npm" "crates" "maven" "go" |
| token | string (Token) Default: "" |
Responses
Response samples
- 200
- 422
Content type
application/json
{- "next_token": "",
- "same_origin_packages": [
- {
- "id": "7bd13f89-9c96-4076-8c95-58c9a4bed35c",
- "package_name": "quickwebbasicauth",
- "package_type": "pypi",
- "package_version": "2.3.2",
- "repo_description": "The Python micro framework for building web applications.",
- "score": 1,
- "is_malicious": true,
- "provenance": {
- "score": 1,
- "description": {
- "hp": {
- "tags": 58,
- "common": 0,
- "overlap": 0,
- "versions": 1,
- "over_time": { }
}, - "score": 0,
- "status": "complete",
- "sigstore": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}, - "provenance": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-06-19T15:14:45.066707"
}
}
]
}Get Package Provenance
This will return the provenance of the package with respect to the package origins. Can it be linked with a repo?
This contains the number of tags in the repo, the number of versions
of the package, a count of the common tags and the ratio of tags to common
as overlap.
Also includes the historical information for tags, versions and matches for the given period type and count, by default the last 12 months from the current date.
Query Parameters:
- package_name (str): Name of the package.
- package_type (PackageType): Type of package.
- package_version (Optional[str]): Optional version - defaults to latest if unspecified.
- period_type: (str): Type of period of time - can be 'day', 'month' or 'year'. Defaults to 'month'.
- period_count: (int): How many units of the specified period to search through. Defaults to 12.
Authorizations:
HTTPBearer
query Parameters
| package_name required | string (Package Name) |
| package_type | string (PackageType) Default: "pypi" Enum: "pypi" "npm" "crates" "maven" "go" |
Package Version (string) or Package Version (null) (Package Version) Default: "" | |
| period_type | string (Period Type) Default: "month" |
| period_count | integer (Period Count) Default: 12 |
Responses
Response samples
- 200
- 422
Content type
application/json
{- "status": "complete",
- "hp": {
- "overlap": 100,
- "common": 58,
- "tags": 58,
- "versions": 60,
- "over_time": {
- "period_type": "month",
- "period_count": 12,
- "hp_over_time": {
- "2023-12-01": {
- "tags": 0,
- "vers": 0,
- "matches": 0
}, - "2024-01-01": {
- "tags": 1,
- "vers": 1,
- "matches": 1
}
}
}
}, - "sigstore": {
- "source_repo": "",
- "workflow": "",
- "issuer": "",
- "token_issuer": "",
- "transparency": ""
}, - "score": 8
}Get Contributor Report
Fetch the report for a contributor.
Query Parameters:
- login (str): The contributor's GitHub login name.
Authorizations:
HTTPBearer
query Parameters
| login required | string (Login) |
Responses
Response samples
- 200
- 422
Content type
application/json
{- "package_name": "flask",
- "package_type": "pypi",
- "package_version": "3.0.3",
- "package_data": {
- "id": "988abc19-65d8-5f09-99f2-c2628d4b56c8",
- "status": "complete",
- "name": "flask",
- "type": "pypi",
- "version": "3.0.3",
- "version_date": "2024-04-07T19:26:08.569305",
- "package_description": "A simple framework for building complex web applications.",
- "repo_description": "The Python micro framework for building web applications.",
- "origin": "ok",
- "stargazers_count": 68011,
- "watchers_count": 2117,
- "has_issues": true,
- "has_projects": false,
- "has_downloads": true,
- "forks_count": 16215,
- "archived": false,
- "is_deprecated": false,
- "disabled": false,
- "open_issues_count": 2,
- "visibility": "public",
- "default_branch": "main",
- "repository_id": "8cf0ebc0-34ac-5a1a-a1ac-70d7d182f89c",
- "contributor_count": 722,
- "public_repos": 5593,
- "public_gists": 0,
- "followers": 86818,
- "following": 1618,
- "owner": {
- "id": "1d379860-7d4a-43d8-a796-61ef7a0aeeee",
- "author": "pallets",
- "login": "pallets",
- "gravatar_id": "",
- "public_repos": 16,
- "scores": { }
}, - "contributors": [
- {
- "id": "0d518def-efe8-5ca6-90eb-9f1cc272303d",
- "author": "s3rvac",
- "author_email": "s3rvac@petrzemek.net",
- "login": "s3rvac",
- "gravatar_id": "",
- "company": "@Avast",
- "location": "Brno, Czech Republic",
- "email": "s3rvac@petrzemek.net",
- "hireable": false,
- "twitter_username": "s3rvac",
- "public_repos": 48,
- "followers": 200,
- "following": 27,
- "scores": { }
}, - {
- "id": "0facea6d-0936-52fc-b9f5-35cc8434e316",
- "author": "davidism",
- "author_email": "",
- "login": "davidism",
- "gravatar_id": "",
- "location": "San Diego, CA",
- "email": "",
- "hireable": false,
- "public_repos": 18,
- "followers": 2071,
- "following": 22,
- "scores": { }
}
], - "last_update": "2024-11-05T15:15:23.501959",
- "scores": { },
- "has_triggered_reingestion": false
}, - "status": "complete",
- "summary": {
- "score": 8,
- "description": {
- "activity_user": 9.2,
- "activity_repo": 8.7,
- "from": "provenance",
- "activity": 9,
- "typosquatting": 10,
- "provenance": 8,
- "trust-summary": 7.4
}, - "updated_at": "2024-11-05T15:08:52.347662"
}, - "provenance": {
- "score": 8,
- "description": {
- "hp": {
- "tags": 58,
- "common": 58,
- "overlap": 100,
- "versions": 60,
- "over_time": { }
}, - "status": "complete",
- "sigstore": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-11-05T15:08:52.347662"
}, - "activity": {
- "score": 9,
- "description": {
- "repo": 8.7,
- "user": 9.2
}, - "updated_at": "2024-11-05T15:08:52.465030"
}, - "typosquatting": {
- "score": 10,
- "description": {
- "total_similar_names": 8
}, - "updated_at": "2024-11-05T15:08:52.617141"
}, - "alternatives": {
- "status": "complete",
- "packages": [
- {
- "id": "bec33102-1e3b-5a24-b554-db3d82857aab",
- "package_name": "django",
- "package_type": "pypi",
- "package_version": "5.1.3",
- "repo_description": "The Web framework for perfectionists with deadlines.",
- "score": 8,
- "is_malicious": false,
- "provenance": {
- "score": 8,
- "description": {
- "hp": {
- "tags": 128,
- "common": 127,
- "overlap": 99.21875,
- "versions": 366,
- "over_time": { }
}, - "status": "complete",
- "sigstore": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-11-06T05:16:10.317362"
}
}, - {
- "id": "dd835600-a353-5a02-aeb8-43342a5e61ba",
- "package_name": "tornado",
- "package_type": "pypi",
- "package_version": "6.4.1",
- "repo_description": "Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed.",
- "score": 8,
- "is_malicious": false,
- "provenance": {
- "score": 8,
- "description": {
- "hp": {
- "tags": 74,
- "common": 26,
- "overlap": 35.13513513513514,
- "versions": 73,
- "over_time": { }
}, - "status": "complete",
- "sigstore": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-10-31T12:32:24.128241"
}
}
]
}, - "similar_package_names": [
- {
- "id": "d5d8c3cd-c17d-55e8-8325-3e8ca01e67b1",
- "package_name": "dflask",
- "package_type": "pypi",
- "package_version": "1.0.2",
- "repo_description": "Use responses for Flask directly",
- "score": 2.8,
- "is_malicious": false,
- "provenance": {
- "score": 8,
- "description": {
- "hp": {
- "tags": 6,
- "common": 3,
- "overlap": 50,
- "versions": 3,
- "over_time": { }
}, - "score": 0,
- "status": "complete",
- "provenance": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-03-27T09:51:05.934543"
}
}, - {
- "id": "a4c335db-d574-431c-ab3c-b0019d0552fc",
- "package_name": "flaski",
- "package_type": "pypi",
- "package_version": "0.0.0.9",
- "repo_description": "Administra vistas con un enfoque diferente en flask.",
- "score": 1,
- "is_malicious": false,
- "provenance": {
- "score": 5,
- "description": {
- "hp": {
- "tags": 0,
- "common": 0,
- "overlap": 0,
- "versions": 9,
- "over_time": { }
}, - "score": 0,
- "status": "complete",
- "sigstore": {
- "issuer": "",
- "workflow": "",
- "source_repo": "",
- "token_issuer": "",
- "transparency": ""
}
}, - "updated_at": "2024-09-25T13:58:28.635269"
}
}
], - "same_origin_packages_count": 1,
- "has_triggered_reingestion": false
}Get Repository Report
Fetch the report for a repository.
Query Parameters:
- name (str): Name of the repository.
Authorizations:
HTTPBearer
query Parameters
| name required | string (Name) |
Responses
Response samples
- 200
- 422
Content type
application/json
{- "repository": {
- "id": "8cf0ebc0-34ac-5a1a-a1ac-70d7d182f89c",
- "stargazers_count": 68011,
- "watchers_count": 2117,
- "forks_count": 16215,
- "open_issues_count": 2,
- "contributor_count": 722,
- "scores": {
- "trust-activity": {
- "score": 8.91,
- "description": { },
- "updated_at": "2024-08-15T20:51:07.573582"
}, - "trust-summary": {
- "score": 7.58920116571409,
- "description": { },
- "updated_at": "2024-11-05T15:15:19.332067"
}
}
}, - "contributors": [
- {
- "id": "0d518def-efe8-5ca6-90eb-9f1cc272303d",
- "author": "s3rvac",
- "author_email": "s3rvac@petrzemek.net",
- "login": "s3rvac",
- "gravatar_id": "",
- "company": "@Avast",
- "location": "Brno, Czech Republic",
- "email": "s3rvac@petrzemek.net",
- "hireable": false,
- "twitter_username": "s3rvac",
- "public_repos": 48,
- "followers": 200,
- "following": 27,
- "scores": {
- "trust-activity": {
- "score": 4.3,
- "description": { },
- "updated_at": "2024-08-15T20:51:07.738379"
}, - "trust-summary": {
- "score": 7.05045336109066,
- "description": { },
- "updated_at": "2024-11-05T15:15:19.682308"
}
}
}, - {
- "id": "0facea6d-0936-52fc-b9f5-35cc8434e316",
- "author": "davidism",
- "author_email": "",
- "login": "davidism",
- "gravatar_id": "",
- "location": "San Diego, CA",
- "email": "",
- "hireable": false,
- "public_repos": 18,
- "followers": 2071,
- "following": 22,
- "scores": {
- "trust-activity": {
- "score": 4.67,
- "description": { },
- "updated_at": "2024-08-16T23:31:38.914981"
}, - "trust-summary": {
- "score": 7.20000327776127,
- "description": { },
- "updated_at": "2024-11-05T15:15:19.682308"
}
}
}
], - "packages": [
- {
- "id": "7bd13f89-9c96-4076-8c95-58c9a4bed35c",
- "status": "deleted",
- "status_code": "404",
- "name": "quickwebbasicauth",
- "type": "pypi",
- "version": "2.3.2",
- "author": "Pallets Projects",
- "author_email": "contact@palletsprojects.com",
- "package_description": "flask basic auth for Python",
- "repo_description": "",
- "origin": "ok",
- "home_page": "",
- "is_deprecated": false,
- "visibility": "",
- "default_branch": "",
- "repository_id": "8cf0ebc0-34ac-5a1a-a1ac-70d7d182f89c",
- "repository_name": "",
- "scores": {
- "provenance": {
- "score": 1,
- "description": { },
- "updated_at": "2024-06-19T15:14:45.066707"
}, - "summary": {
- "score": 1,
- "description": { },
- "updated_at": "2024-06-19T15:14:46.710430"
}, - "trust-activity": {
- "score": 0.48,
- "description": { },
- "updated_at": "2024-06-19T15:14:45.260615"
}, - "typosquatting": {
- "score": 10,
- "description": { },
- "updated_at": "2024-06-19T15:14:46.620359"
}, - "activity": {
- "score": 8.38,
- "description": { },
- "updated_at": "2024-06-19T15:14:45.220297"
}, - "trust-summary": {
- "score": 0.673073092866911,
- "description": { },
- "updated_at": "2024-06-20T11:10:15.943044"
}
}, - "has_triggered_reingestion": false
}, - {
- "id": "988abc19-65d8-5f09-99f2-c2628d4b56c8",
- "status": "complete",
- "name": "flask",
- "type": "pypi",
- "version": "3.0.3",
- "author": "",
- "author_email": "",
- "package_description": "A simple framework for building complex web applications.",
- "repo_description": "",
- "origin": "ok",
- "home_page": "",
- "is_deprecated": false,
- "visibility": "",
- "default_branch": "",
- "repository_id": "8cf0ebc0-34ac-5a1a-a1ac-70d7d182f89c",
- "repository_name": "",
- "scores": {
- "provenance": {
- "score": 8,
- "description": { },
- "updated_at": "2024-10-31T12:09:52.091052"
}, - "activity": {
- "score": 9.02,
- "description": { },
- "updated_at": "2024-10-31T12:09:52.141100"
}, - "trust-activity": {
- "score": 8.85,
- "description": { },
- "updated_at": "2024-10-31T12:09:52.151635"
}, - "typosquatting": {
- "score": 10,
- "description": { },
- "updated_at": "2024-10-31T12:09:52.261911"
}, - "summary": {
- "score": 8,
- "description": { },
- "updated_at": "2024-11-05T15:08:52.627460"
}, - "trust-summary": {
- "score": 7.39570182896295,
- "description": { },
- "updated_at": "2024-11-05T15:15:17.485802"
}
}, - "has_triggered_reingestion": false
}
]
}Get Versions
Fetch a list of versions for a package.
Query Parameters:
- package_name (str): Name of the package.
- package_type (PackageType): Type of package.
- package_version (Optional[str]): Optional version - defaults to latest if unspecified.
Authorizations:
HTTPBearer
query Parameters
| package_name required | string (Package Name) |
| package_type | string (PackageType) Default: "pypi" Enum: "pypi" "npm" "crates" "maven" "go" |
Version Prefix (string) or Version Prefix (null) (Version Prefix) Default: "" | |
Version Fragment (string) or Version Fragment (null) (Version Fragment) Default: "" | |
Token (string) or Token (null) (Token) |
Responses
Response samples
- 200
- 422
Content type
application/json
{- "results": [
- {
- "id": "e3dfeef2-49f6-4cf8-aa69-b643559be968",
- "version": "3.0.3",
- "version_date": "2024-04-07T19:26:08.569305",
- "is_deprecated": false,
- "score": 8
}, - {
- "id": "de9923ad-7516-4287-81e4-8db9ae1b6056",
- "version": "3.0.2",
- "version_date": "2024-02-03T21:11:42.661757",
- "is_deprecated": false,
- "score": 8
}
], - "latest": {
- "id": "e3dfeef2-49f6-4cf8-aa69-b643559be968",
- "version": "3.0.3",
- "version_date": "2024-04-07T19:26:08.569305",
- "is_deprecated": false,
- "score": 8
}
}Get Vulnerabilities
Fetch a list of vulnerabilities for all versions of a package. If a version is provided, only the vulnerabilities for that specific version are returned.
Query Parameters:
- package_name (str): Name of the package.
- package_type (PackageType): Type of package.
- package_version (Optional[str]): Optional version - defaults to latest if unspecified.
- num_vulnerabilities (Optional[int]): Number of vulnerabilities to include in the response.
- token: _(Optional[str]): Pagination token.
Authorizations:
HTTPBearer
query Parameters
| package_name required | string (Package Name) |
| package_type | string (PackageType) Default: "pypi" Enum: "pypi" "npm" "crates" "maven" "go" |
Package Version (string) or Package Version (null) (Package Version) Default: "" | |
Token (string) or Token (null) (Token) Default: "" | |
Num Vulnerabilities (integer) or Num Vulnerabilities (null) (Num Vulnerabilities) Default: 999 |
Responses
Response samples
- 200
- 422
Content type
application/json
{- "vulnerabilities": [
- {
- "osv_identifier": "GHSA-562c-5r94-xh97",
- "summary": "Flask is vulnerable to Denial of Service via incorrect encoding of JSON data",
- "severity": [
- {
- "severity_type": "CVSS_V3",
- "severity_level": "High",
- "score": 7.5
}, - {
- "severity_type": "CVSS_V4",
- "severity_level": "High",
- "score": 8.7
}
]
}, - {
- "osv_identifier": "GHSA-5wv5-4vpf-pj6m",
- "summary": "Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage",
- "severity": [
- {
- "severity_type": "CVSS_V3",
- "severity_level": "High",
- "score": 7.5
}, - {
- "severity_type": "CVSS_V4",
- "severity_level": "High",
- "score": 8.7
}
]
}, - {
- "osv_identifier": "GHSA-m2qf-hxjv-5gpq",
- "summary": "Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header",
- "severity": [
- {
- "severity_type": "CVSS_V3",
- "severity_level": "High",
- "score": 7.5
}, - {
- "severity_type": "CVSS_V4",
- "severity_level": "High",
- "score": 8.7
}
]
}
]
}Get Vulnerability
Fetch the data for a vulnerability.
Query Parameters:
- osv_id (str): Name of the package.
Authorizations:
HTTPBearer
query Parameters
| osv_id required | string (Osv Id) |
Responses
Response samples
- 200
- 422
Content type
application/json
{- "id": "11223378-385b-41d7-a2d6-8c25f998a625",
- "data": {
- "id": "PYSEC-2018-66",
- "aliases": [
- "CVE-2018-1000656",
- "GHSA-562c-5r94-xh97"
], - "details": "The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.",
- "affected": [
- {
- "ranges": [
- {
- "type": "ECOSYSTEM",
- "events": [
- {
- "introduced": "0"
}, - {
- "fixed": "0.12.3"
}
]
}
], - "package": {
- "name": "flask",
- "purl": "pkg:pypi/flask",
- "ecosystem": "PyPI"
}, - "versions": [
- "0.1",
- "0.10",
- "0.10.1",
- "0.11",
- "0.11.1",
- "0.12",
- "0.12.1",
- "0.12.2",
- "0.2",
- "0.3",
- "0.3.1",
- "0.4",
- "0.5",
- "0.5.1",
- "0.5.2",
- "0.6",
- "0.6.1",
- "0.7",
- "0.7.1",
- "0.7.2",
- "0.8",
- "0.8.1",
- "0.9"
], - "database_specific": {
}
}
], - "modified": "2023-11-08T03:59:39.887416Z",
- "published": "2018-08-20T19:31:00Z",
- "references": [
], - "schema_version": "1.6.0"
}, - "osv_id": "PYSEC-2018-66",
- "created_at": "2024-07-17T10:06:41.577296",
- "updated_at": "2024-07-17T10:06:41.577296"
}Get Licence
Fetch the license claim for a specified package or repository. The package_name, package_type and version are specified as parameters.
Query Parameters:
- package_name (str): Name of the package.
- package_type (PackageType): Type of package.
- package_version (Optional[str]): Optional version - defaults to latest if unspecified.
Authorizations:
HTTPBearer
query Parameters
| package_name required | string (Package Name) |
| package_type | string (PackageType) Default: "pypi" Enum: "pypi" "npm" "crates" "maven" "go" |
Package Version (string) or Package Version (null) (Package Version) Default: "" |
Responses
Response samples
- 200
- 422
Content type
application/json
{- "claims": [
- {
- "id": "a93cfef8-f2f7-45de-a56a-f10e82f25c6e",
- "owner_id": "8cf0ebc0-34ac-5a1a-a1ac-70d7d182f89c",
- "licenses": [
- "BSD-3-Clause"
], - "claim": "BSD-3-Clause",
- "content": "bsd-3-clause",
- "source": "github",
- "description": "See BSD 3-Clause \"New\" or \"Revised\" License (bsd-3-clause) at http://choosealicense.com/licenses/bsd-3-clause/)"
}
], - "license": "BSD-3-Clause"
}Get Licence Owner
Fetch the license claim for a specified repository by repository ID. The UUID of the repository is supplied on the path to fetch its associated license claims.
Authorizations:
HTTPBearer
path Parameters
| id required | string <uuid> (Id) |
Responses
Response samples
- 200
- 422
Content type
application/json
{- "claims": [
- {
- "id": "a93cfef8-f2f7-45de-a56a-f10e82f25c6e",
- "owner_id": "8cf0ebc0-34ac-5a1a-a1ac-70d7d182f89c",
- "licenses": [
- "BSD-3-Clause"
], - "claim": "BSD-3-Clause",
- "content": "bsd-3-clause",
- "source": "github",
- "description": "See BSD 3-Clause \"New\" or \"Revised\" License (bsd-3-clause) at http://choosealicense.com/licenses/bsd-3-clause/)"
}
], - "license": "BSD-3-Clause"
}Get Licence Claim Id
Fetch the license claim by its ID. The UUID of the claim is specified on the path.
Authorizations:
HTTPBearer
path Parameters
| id required | string <uuid> (Id) |
Responses
Response samples
- 200
- 400
- 404
- 422
Content type
application/json
{- "id": "a93cfef8-f2f7-45de-a56a-f10e82f25c6e",
- "owner_id": "8cf0ebc0-34ac-5a1a-a1ac-70d7d182f89c",
- "licenses": [
- "BSD-3-Clause"
], - "claim": "BSD-3-Clause",
- "content": "bsd-3-clause",
- "source": "github",
- "description": "See BSD 3-Clause \"New\" or \"Revised\" License (bsd-3-clause) at http://choosealicense.com/licenses/bsd-3-clause/)"
}