Data feed subscription
Package Supply Chain Risk CSV Feed
A validation page for developer tooling, platform, and AppSec teams that may want package advisory, license, dependency, and release changes as a recurring CSV feed before integrating an API.
Daily CSV export
observed_at,ecosystem,package_name,version,event_type,advisory_id,risk_flag,source
2026-07-02T14:15:00Z,npm,sample-package,1.4.2,new_advisory,OSV-2026-0001,vulnerability,OSV
2026-07-02T13:30:00Z,pypi,sample-framework,3.2.1,license_changed,,license_review,deps.dev
2026-07-01T18:45:00Z,maven,com.example:sample-lib,2.0.0,dependency_changed,,dependency_review,deps.dev
Likely Buyers
This page tests whether non-developer buyers prefer a recurring feed or report before we build export automation.
- Developer-platform teams maintaining internal dependency dashboards.
- AppSec teams reviewing package advisory and license deltas.
- SaaS tools that enrich SBOM or package-watchlist workflows.
Validation Path
Views are weak signal. Sample downloads, request clicks, demo clicks, and RapidAPI clicks are stronger evidence for build order.
- CSV feed for small package watchlists and dependency review queues.
- API subscription for package/advisory polling if developer demand appears.
- No proprietary malware, reachability, legal, or exploitability claims until validated.
Inspect the sample first
The current public CSV sample is available at
/datasets/package-risk-sample.csv. Larger recurring feeds are not built
until validation gates are met.