Workflow validation
Open Source Package Risk API
A buyer-intent page for developer-platform, AppSec, and tooling teams that want a lightweight API or CSV feed for package advisory, license, deprecation, dependency, and version-change records.
GET /v1/packages/watchlist/changes?ecosystem=npm&packages=sample-package,another-package&since=2026-07-01
{
"data": [
{
"ecosystem": "npm",
"packageName": "sample-package",
"version": "1.4.2",
"changeType": "new_advisory",
"advisoryId": "OSV-2026-0001",
"sourceUrl": "https://osv.dev/vulnerability/OSV-2026-0001"
}
],
"meta": { "sampleOnly": true, "workflow": "open-source-package-risk-api" }
}
Likely Buyers
This page is only a demand test. Build starts after tracked workflow intent beats the broader market pages.
- Developer-tool teams building package watchlist and SBOM features.
- AppSec teams that need source-linked package advisory deltas.
- Platform teams enriching internal dependency dashboards.
Signals To Watch
These events decide whether this workflow deserves implementation.
- Request clicks from package risk, OSV, deps.dev, and advisory API keywords.
- Package risk sample CSV downloads.
- Demo clicks from developers comparing response shape before a build.
Smallest Build
If this page crosses a gate, the first implementation should stay this narrow.
- OSV and deps.dev-backed watchlist for one or two ecosystems first.
- Daily cached JSON and CSV exports with package, version, advisory, and source fields.
- No repository upload, proprietary malware detection, reachability scoring, or legal advice.