Package advisory watchlist
Poll public advisory and package metadata sources for new risk records affecting packages a team already tracks.
Market validation
A proposed public-data API and feed for teams that need open-source package advisories, version metadata, license signals, dependency changes, and source-linked risk flags in automation-friendly JSON or spreadsheet-ready CSV.
{
"data": [
{
"ecosystem": "npm",
"packageName": "sample-package",
"version": "1.4.2",
"eventType": "new_advisory",
"advisoryId": "OSV-2026-0001",
"riskFlag": "vulnerability",
"source": "OSV"
}
],
"meta": { "sampleOnly": true, "market": "package-supply-chain" }
}
This concept is only built further if tracked requests, demo clicks, or marketplace intent justify the build.
The initial product would normalize public records into stable polling endpoints and exports.
These are the specific self-serve workflows this page is testing before any backend is built.
Poll public advisory and package metadata sources for new risk records affecting packages a team already tracks.
Surface source-linked release, dependency, deprecation, and license changes for spreadsheet or SBOM review queues.
Normalize ecosystem, package, version, advisory, license, and source fields for tools that already own policy decisions.
These pages test sharper buyer searches before implementation.
Pricing only becomes meaningful after tracked demand appears. The first offer should stay narrow and low-touch.
No. This is a validation page. It tests demand for public package advisory and dependency-change data before building an API, scanner, or CSV feed.
No. The proposed product would provide source-linked public data and normalized records only. Buyers remain responsible for policy, license, exploitability, and remediation decisions.