Pricing

$1,250.00 / 1,000 oss risk reports

OSS Supply Chain Risk Report - PyPI, npm, OSV and Docker Hub

Audit Python packages, npm packages, Docker images, lockfiles, SBOMs, and Dockerfiles for vulnerability, maintenance, freshness, popularity, and metadata risk signals.

Pricing

$1,250.00 / 1,000 oss risk reports

Rating

0.0

(0)

Developer

Sean

Actor stats

Bookmarked

Total users

Monthly active users

12 hours ago

Last modified

Categories

Developer tools

Business

Automation

PyPI packages

pypiPackages

Optional

Python packages to audit with PyPI JSON and OSV vulnerability data.

Type:string[]

Min. items:0

Max. items:20

Default:

[
  "requests",
  "django"
]

PyPI package versions

pypiPackageVersions

Optional

Exact package versions to audit, for example requests==2.31.0. Exact versions let OSV answer whether the installed version is affected.

Type:string[]

Min. items:0

Max. items:50

Default:

[
  "requests==2.31.0"
]

requirements.txt

requirementsText

Optional

Optional requirements.txt contents. Exact == pins are checked as versioned components; unpinned packages are checked against latest metadata.

Type:string

Default:

Docker images

dockerImages

Optional

Docker Hub repositories to audit. Use namespace/name, or official image name such as nginx.

Type:string[]

Min. items:0

Max. items:20

Default:

[
  "library/redis",
  "nginx"
]

Dockerfile

dockerfileText

Optional

Optional Dockerfile contents. FROM image references are extracted and audited as Docker Hub components.

Type:string

Default:

package-lock.json

packageLockJson

Optional

Optional npm package-lock.json object. Package names and versions are extracted and checked through npm registry metadata and OSV.

Type:object

Default:

{}

SBOM JSON

sbomJson

Optional

Optional CycloneDX or SPDX-like SBOM JSON. PyPI and Docker package URLs are extracted when present.

Type:object

Default:

{}

Include NVD keyword search

includeNvdKeywordSearch

Optional

Add a bounded NVD keyword search for recent CVE mentions related to each package or image name.

Type:boolean

Default:true

NVD lookback days

nvdLookbackDays

Optional

How far back to search NVD CVEs by keyword.

Type:integer

Minimum:30

Maximum:730

Default:365

Concurrency

concurrency

Optional

Number of package/image audits to run in parallel.

Type:integer

Minimum:1

Maximum:3

Default:1

PyPI Vulnerability Scraper

taroyamada/pypi-package-intelligence

Extract Python package metadata from PyPI and enrich it with OSV database alerts. Monitor dependencies for new version releases and critical CVE identifiers.

太郎山田

npm License & Deprecation Checker

taroyamada/npm-package-intelligence

Audit npm libraries for deprecated versions, abandoned repositories, and specific open-source licenses to maintain healthy JavaScript supply chains.

太郎山田

PyPI Packages Scraper

parseforge/pypi-packages-scraper

Pull Python package data from PyPI. Returns name, version, summary, description, classifiers, license, author, project URLs (homepage, source, issues, docs), Python version requirement, dependencies, release history, last upload, and total release count. Direct lookup by package name.

ParseForge

OSV Open Source Vulnerabilities Scraper

parseforge/osv-vulnerabilities-scraper

Query the OSV.dev open-source vulnerabilities database. Search by package (PyPI/npm/Go/Maven/RubyGems/crates.io/NuGet/Packagist), commit hash, or fetch a specific vulnerability by ID. Returns affected ranges, CVE aliases, severity, and references.

ParseForge

OSV & GitHub Security Scraper

taroyamada/oss-vulnerability-monitor

Scrape GitHub Security Advisories and OSV databases to extract CVSS v3.1 base scores, fixed version tags, and patching details for your tech stack.

太郎山田

🐳 Docker Hub Scraper — Images & Pull Counts

nexgendata/dockerhub-scraper

Extract Docker Hub image data — pull counts, tags, descriptions, maintainers, version history. Snyk, Anchore & Sysdig alternative for container intelligence, SBOMs, supply-chain audits and DevOps dashboards. Pay per image.

NexGenData

Docker Hub Container Images Scraper

parseforge/docker-hub-images-scraper

Search Docker Hub for container images. Returns repository name, owner, full and short description, official/automated/verified flags, star count, total pull count, last updated, available tags. Search by keyword or look up specific images by name with full tag listings.

ParseForge

SPDX Software Licenses Scraper

parseforge/spdx-software-licenses-scraper

Pull the SPDX License List with standardized identifiers: license ID, full name, OSI approved flag, FSF libre flag, deprecated status, reference URL, text, and cross references. Export to JSON, CSV, or Excel for SBOM, open source compliance, license scanning, and supply chain audits.

ParseForge

Crates.io Rust Crates Scraper

parseforge/crates-io-rust-scraper

Search crates.io, the Rust package registry. Returns crate name, version, description, repository, homepage, documentation, license, downloads, recent downloads, last updated, categories, keywords, owner team, dependencies, and yank status. Search by keyword or look up specific crates by name.

ParseForge

RubyGems Scraper | Ruby Package Registry and Stats

parseforge/rubygems-scraper

Scrape RubyGems package registry data including gem names, versions, downloads, authors, dependencies, runtime requirements, source code repositories, project URLs, and release dates. Extract metadata for monitoring, security audits, and developer ecosystem analysis

ParseForge