Package Drift & Vulnerability Intelligence
PkgDrift provides structured package intelligence and trust signals across npm, PyPI, Cargo, RubyGems, and NVD. Package metadata is continuously refined and cross-referenced against vulnerability databases, dependency relationships, maintainer activity, and historical package behavior to produce actionable security insights. The /v1/intelligence endpoint returns a unified response with risk…
1 subscribers
8.5/10 popularity
98 ms avg latency
40% success rate
34 endpoints
The in-depth APIMemo review for this API hasn't been published yet —
the data below comes straight from the public marketplace listing.
Package Drift & Vulnerability Intelligence endpoints
| Method | Endpoint | Description |
|---|---|---|
| Infrastructure | ||
| GET |
getHealth /health |
API status, record count, and confidence threshold. No authentication required. Use for uptime monitoring. |
| Packages | ||
| GET |
getPackageDependencies /v1/package/{ecosystem}/{name}/dependencies |
Returns the declared dependencies extracted from the refinery record. Empty array is a valid response — the refinery may not have captured all dependencies for every package. |
| GET |
getPackageVulnerabilities /v1/package/{ecosystem}/{name}/vulnerabilities |
Returns the known vulnerability list from the refinery record. Always returns an array — empty means none detected, not that none exist. |
| GET |
listPackages /v1/packages |
Returns all packages currently in the refinery with their source registry. |
| GET |
getPackage /v1/package/{ecosystem}/{name} |
Returns the highest-confidence LLM-refined record for a package. HTTP 206 is returned when confidence is below threshold — data is included but marked unreliable. |
| Signals | ||
| GET |
getPackageRemediation /v1/package/{ecosystem}/{name}/remediation |
Returns a prioritised list of remediation actions derived from the package record: patching exploits, reviewing CVEs, checking for abandonment, evaluating alternatives, and… |
| GET |
getPackageRiskGraph /v1/package/{ecosystem}/{name}/risk-graph |
Walks the transitive dependency graph up to the requested depth and returns nodes and edges with per-node risk metadata. Depth is capped at 5; node count at 50 per request… |
| GET |
getPackageReputation /v1/package/{ecosystem}/{name}/reputation |
Multi-signal reputation score (0–10) with a risk tier and human-readable reasons. Signals include: base risk score, exploit availability, maintainer churn over snapshot history,… |
| GET |
getPackageShock /v1/package/{ecosystem}/{name}/shock |
Scans the full snapshot history for anomalous transitions: sudden maintainer drops, confidence collapses, exploit appearances, and inactivity spikes. Requires at least 2… |
| Intelligence | ||
| POST |
bulkIntelligence /v1/intelligence/bulk |
Assess up to 50 packages in one request. Rate-limited by `packages.length` units (not 1 per HTTP call) — a 10-package batch costs 10 units. Returns HTTP 207 if any packages are… |
| GET |
getIntelligence /v1/intelligence/{ecosystem}/{name} |
Flagship endpoint. Composes reputation, shock, remediation, and transitive risk into a single prescriptive decision. Suitable for CI/CD pipeline integration and AI coding tool… |
| Feeds | ||
| GET |
getAdvisories /v1/advisories |
Latest LLM-refined snapshot of the GitHub Security Advisory feed. |
| GET |
getNvdCves /v1/nvd |
Latest LLM-refined snapshot of CVEs from the NIST National Vulnerability Database (last 30 days). |
| Other endpoints | ||
| GET |
getHealth /health |
API status, record count, and confidence threshold. No authentication required. Use for uptime monitoring. |
| GET |
getPackageVulnerabilities /v1/package/{ecosystem}/{name}/vulnerabilities |
Returns the known vulnerability list from the refinery record. Always returns an array — empty means none detected, not that none exist. |
| GET |
getPackageDependencies /v1/package/{ecosystem}/{name}/dependencies |
Returns the declared dependencies extracted from the refinery record. Empty array is a valid response — the refinery may not have captured all dependencies for every package. |
| GET |
getPackage /v1/package/{ecosystem}/{name} |
Returns the highest-confidence LLM-refined record for a package. HTTP 206 is returned when confidence is below threshold — data is included but marked unreliable. |
| POST |
bulkIntelligence /v1/intelligence/bulk |
Assess up to 50 packages in one request. Rate-limited by `packages.length` units (not 1 per HTTP call) — a 10-package batch costs 10 units. Returns HTTP 207 if any packages are… |
| GET |
listPackages /v1/packages |
Returns all packages currently in the refinery with their source registry. |
| GET |
getAdvisories /v1/advisories |
Latest LLM-refined snapshot of the GitHub Security Advisory feed. |
| GET |
getNvdCves /v1/nvd |
Latest LLM-refined snapshot of CVEs from the NIST National Vulnerability Database (last 30 days). |
| GET |
getPackageRemediation /v1/package/{ecosystem}/{name}/remediation |
Returns a prioritised list of remediation actions derived from the package record: patching exploits, reviewing CVEs, checking for abandonment, evaluating alternatives, and… |
| GET |
getPackageShock /v1/package/{ecosystem}/{name}/shock |
Scans the full snapshot history for anomalous transitions: sudden maintainer drops, confidence collapses, exploit appearances, and inactivity spikes. Requires at least 2… |
| GET |
getPackageReputation /v1/package/{ecosystem}/{name}/reputation |
Multi-signal reputation score (0–10) with a risk tier and human-readable reasons. Signals include: base risk score, exploit availability, maintainer churn over snapshot history,… |
| GET |
getPackageRiskGraph /v1/package/{ecosystem}/{name}/risk-graph |
Walks the transitive dependency graph up to the requested depth and returns nodes and edges with per-node risk metadata. Depth is capped at 5; node count at 50 per request… |
| GET |
getIntelligence /v1/intelligence/{ecosystem}/{name} |
Flagship endpoint. Composes reputation, shock, remediation, and transitive risk into a single prescriptive decision. Suitable for CI/CD pipeline integration and AI coding tool… |
| GET |
getRubyGem /v1/rubygems/{package} |
Returns the latest LLM-refined intelligence record for a Ruby gem from rubygems.org. |
| GET |
listPackages /v1/packages |
Returns all packages currently in the refinery with their source registry. |
| GET |
getNvdCves /v1/nvd |
Returns the most recent LLM-refined snapshot of CVEs from the NIST National Vulnerability Database (last 30 days). |
| GET |
getPypiPackage /v1/pypi/{package} |
Returns the latest LLM-refined intelligence record for a PyPI package. |
| GET |
getAdvisories /v1/advisories |
Returns the most recent LLM-refined GitHub Advisory feed snapshot. |
| GET |
getNpmPackage /v1/npm/{package} |
Returns the latest LLM-refined intelligence record for an npm package. HTTP 206 is returned if confidence is below threshold — data is included but flagged as low-confidence. |
| GET |
getCargoCrate /v1/cargo/{package} |
Returns the latest LLM-refined intelligence record for a Rust crate from crates.io. |
| GET |
getHealth /health |
Returns API system status, record count, and confidence threshold. No authentication required. Use this endpoint for RapidAPI uptime monitoring. |
Package Drift & Vulnerability Intelligence pricing
| Plan | Price | Rate limit | Quotas |
|---|---|---|---|
| BASIC | Free | 100 / hour |
|
| PRO | $9.99 / month | 500 / hour |
|
| ULTRA | $29.99 / month | 1000 / hour |
|
| MEGA | $99.99 / month | 5000 / hour |
|
