Workflow validation

Open Source Package Risk API

A buyer-intent page for developer-platform, AppSec, and tooling teams that want a lightweight API or CSV feed for package advisory, license, deprecation, dependency, and version-change records.

GET /v1/packages/watchlist/changes?ecosystem=npm&packages=sample-package,another-package&since=2026-07-01
{
  "data": [
    {
      "ecosystem": "npm",
      "packageName": "sample-package",
      "version": "1.4.2",
      "changeType": "new_advisory",
      "advisoryId": "OSV-2026-0001",
      "sourceUrl": "https://osv.dev/vulnerability/OSV-2026-0001"
    }
  ],
  "meta": { "sampleOnly": true, "workflow": "open-source-package-risk-api" }
}

Likely Buyers

This page is only a demand test. Build starts after tracked workflow intent beats the broader market pages.

Signals To Watch

These events decide whether this workflow deserves implementation.

Smallest Build

If this page crosses a gate, the first implementation should stay this narrow.

Validation stage. This workflow is not a live paid backend yet. Requests and clicks are tracked under the Package Supply Chain Risk Monitor validation funnel.