Pricing

from $5.00 / 1,000 vulnerability founds

NPM & PyPI CVE Monitor

Checks npm and PyPI packages against the OSV vulnerability database and npm registry. Detects CVEs, suspicious maintainer patterns, and supply chain risks. Paste your package.json or requirements.txt. £0.001 per package checked.

Pricing

from $5.00 / 1,000 vulnerability founds

Rating

0.0

(0)

Developer

joseph fadero

Actor stats

Bookmarked

Total users

Monthly active users

2 days ago

Last modified

Features

OSV database — checks against the Open Source Vulnerabilities database (Google, GitHub, CISA — free, no auth)
npm registry metadata — detects suspicious maintainer patterns, unusual publish velocity, and ownership transfer signals
package.json + requirements.txt — parse and check entire dependency trees in one run
Severity filtering — report only critical, high, medium, or all vulnerabilities
Remediation paths — suggests upgrade target versions where CVE fixes exist

Inputs

Field	Default	Description
`packageJson`	—	Paste package.json content
`requirementsTxt`	—	Paste requirements.txt content
`npmPackages`	[]	Individual npm package names
`pypiPackages`	[]	Individual PyPI package names
`checkSuspiciousPatterns`	true	Check npm registry for suspicious maintainer patterns
`severityFilter`	medium	Minimum severity to report

Output fields

Each package record includes: packageName, ecosystem, installedVersion, vulnerabilities[], vulnerabilityCount, highestSeverity, hasSuspiciousPatterns, suspiciousPatternDetails, weeklyDownloads, lastPublishedAt, maintainerCount, isDeprecated, recommendedAction, upgradeTarget.

Suspicious pattern detection

Flags packages with:

5 version publishes in 7 days (worm-like velocity)
Package <30 days old with >10k weekly downloads
Single maintainer on >100k downloads/week package

Pricing (PPE)

run-started — £0.05 per run
package-checked — £0.001 per package examined
vulnerability-found — £0.04 per package with CVEs
suspicious-pattern-detected — £0.05 per package with suspicious patterns

LLM-Ready Web Scraper — extract security advisory and documentation pages as clean text for AI pipelines
Website Change Tracker — monitor npm, PyPI and GitHub Advisory Database pages for new security notices

OSV & GitHub Security Scraper

taroyamada/oss-vulnerability-monitor

Scrape GitHub Security Advisories and OSV databases to extract CVSS v3.1 base scores, fixed version tags, and patching details for your tech stack.

naoki anzai

Tech Events & CFP Calendar Scraper

taroyamada/tech-events-intelligence

Extract upcoming developer conferences, local meetups, and open Call for Papers (CFP) deadlines to build a comprehensive speaking schedule for your DevRel team.

naoki anzai

OSV Package Vulnerability Monitor

orbiscribe/osv-package-vulnerability-monitor

Monitor package vulnerability records from OSV.dev for npm, PyPI, Go, Maven, crates.io, RubyGems, and SBOM-derived package lists.

Orbiscribe Labs

OSS Dependency Risk Report — Bus Factor, CVEs & SBOM Compliance

ryanclinton/oss-dependency-risk-report

Analyze the risk profile of any open-source package or repository by querying 7 data sources in parallel — GitHub repositories, NVD CVE vulnerabilities, CISA Known Exploited Vulnerabilities (KEV), StackExchange discussions, Hacker News mentions, Federal Register SBOM regulations, and Congress...

Ryan Clinton

PyPI Vulnerability Scraper

taroyamada/pypi-package-intelligence

Extract Python package metadata from PyPI and enrich it with OSV database alerts. Monitor dependencies for new version releases and critical CVE identifiers.

naoki anzai

Docs & Changelog Drift Scraper

taroyamada/docs-changelog-drift-monitor

Track developer portals and software release notes to feed accurate, structured update data into your RAG pipelines and LLM models.

naoki anzai

GitHub Release & Tag Scraper

taroyamada/github-release-monitor

Automate your dependency tracking by monitoring GitHub repositories for new releases, extracting version bumps and changelog summaries.

naoki anzai

CISA KEV Known Exploited Vulnerabilities Scraper

parseforge/cisa-kev-scraper

Scrape the CISA Known Exploited Vulnerabilities (KEV) catalog. Filter by CVE ID, vendor, product, or date added. Returns required actions, due dates, ransomware campaign use, and CWE references for every actively-exploited CVE tracked by CISA.