Pricing

from $5.00 / 1,000 vulnerability founds

NPM & PyPI CVE Monitor

Checks npm and PyPI packages against the OSV vulnerability database and npm registry. Detects CVEs, suspicious maintainer patterns, and supply chain risks. Paste your package.json or requirements.txt. £0.001 per package checked.

Pricing

from $5.00 / 1,000 vulnerability founds

Rating

0.0

(0)

Developer

joseph fadero

Actor stats

Bookmarked

Total users

Monthly active users

23 days ago

Last modified

Features

OSV database — checks against the Open Source Vulnerabilities database (Google, GitHub, CISA — free, no auth)
npm registry metadata — detects suspicious maintainer patterns, unusual publish velocity, and ownership transfer signals
package.json + requirements.txt — parse and check entire dependency trees in one run
Severity filtering — report only critical, high, medium, or all vulnerabilities
Remediation paths — suggests upgrade target versions where CVE fixes exist

Inputs

Field	Default	Description
`packageJson`	—	Paste package.json content
`requirementsTxt`	—	Paste requirements.txt content
`npmPackages`	[]	Individual npm package names
`pypiPackages`	[]	Individual PyPI package names
`checkSuspiciousPatterns`	true	Check npm registry for suspicious maintainer patterns
`severityFilter`	medium	Minimum severity to report

Output fields

Each package record includes: packageName, ecosystem, installedVersion, vulnerabilities[], vulnerabilityCount, highestSeverity, hasSuspiciousPatterns, suspiciousPatternDetails, weeklyDownloads, lastPublishedAt, maintainerCount, isDeprecated, recommendedAction, upgradeTarget.

Suspicious pattern detection

Flags packages with:

5 version publishes in 7 days (worm-like velocity)
Package <30 days old with >10k weekly downloads
Single maintainer on >100k downloads/week package

Pricing (PPE)

run-started — £0.05 per run
package-checked — £0.001 per package examined
vulnerability-found — £0.04 per package with CVEs
suspicious-pattern-detected — £0.05 per package with suspicious patterns

LLM-Ready Web Scraper — extract security advisory and documentation pages as clean text for AI pipelines
Website Change Tracker — monitor npm, PyPI and GitHub Advisory Database pages for new security notices

Package Registry Scraper (npm + PyPI)

dami_studio/package-registry-scraper

Scrapes package metadata from the npm and PyPI registries: name, version, author, license, repo, keywords, and npm monthly download counts. Search npm by keyword or look up exact package names on either registry. Top use: compare libraries before pic

Dami's Studio

5.0

NPM Package Metadata API

automly/npm-package-metadata-api

Retrieve clean, structured metadata for npm packages from the public npm registry API.

Automly

npm Package & Dependency Scraper

taroyamada/npm-package-dependency-intelligence

Analyze npm package metadata, versions, dependencies, maintainer hints, release cadence, and package risk signals using the official npm registry API.

naoki anzai

npm & PyPI Package Tracker — Metadata + Downloads

agency-shift/npm-pypi-package-tracker

Track npm and PyPI packages. Get metadata, download stats, version history, and dependency info. For developer tools research and open source intelligence.

Valdeir Lima

NPM Registry Scraper

crawlerbros/npm-registry-scraper

Scrape NPM package metadata, version history, maintainers, dependents, and download stats from the public NPM registry. Search packages or pull a specific list of package names.

Crawler Bros

npm Package Scraper

plantane/npm-scraper

Scrape npm package data — search packages or get detailed info including versions, maintainers, and download stats.

Daniel

Npm Registry Scraper

klondikeking/npm-registry-scraper

Pierrick McD0nald

NPM Package Scraper

lulzasaur/npm-scraper

Scrape npm package data from the registry. Search by keyword or fetch specific packages. Extract versions, downloads, dependencies, authors, licenses, and full metadata.

lulz bot

NPM Package Scraper — npm metadata api

devilscrapes/npm-package-scraper

Pull rich metadata for any NPM package via the npm registry API — current version, dependencies, weekly downloads, repo URL, license, keywords, README excerpt, deprecation flag — export to JSON or CSV. Free npm registry + downloads API, no key required.