# Developer Signal Monitor (`silicon1235/developer-signal-monitor`) Actor

Monitor public npm packages, maintainers, package license changes, GitHub releases, OSV/SBOM advisories, and Docker tags for developer signals.

- **URL**: https://apify.com/silicon1235/developer-signal-monitor.md
- **Developed by:** [X L](https://apify.com/silicon1235) (community)
- **Categories:** Developer tools, Automation, Business
- **Stats:** 2 total users, 1 monthly users, 100.0% runs succeeded, 0 bookmarks
- **User rating**: No ratings yet

## Pricing

Pay per usage

This Actor is paid per platform usage. The Actor is free to use, and you only pay for the Apify platform usage, which gets cheaper the higher subscription plan you have.

Learn more: https://docs.apify.com/platform/actors/running/actors-in-store#pay-per-usage

## What's an Apify Actor?

Actors are a software tools running on the Apify platform, for all kinds of web data extraction and automation use cases.
In Batch mode, an Actor accepts a well-defined JSON input, performs an action which can take anything from a few seconds to a few hours,
and optionally produces a well-defined JSON output, datasets with results, or files in key-value store.
In Standby mode, an Actor provides a web server which can be used as a website, API, or an MCP server.
Actors are written with capital "A".

## How to integrate an Actor?

If asked about integration, you help developers integrate Actors into their projects.
You adapt to their stack and deliver integrations that are safe, well-documented, and production-ready.
The best way to integrate Actors is as follows.

In JavaScript/TypeScript projects, use official [JavaScript/TypeScript client](https://docs.apify.com/api/client/js.md):

```bash
npm install apify-client
```

In Python projects, use official [Python client library](https://docs.apify.com/api/client/python.md):

```bash
pip install apify-client
```

In shell scripts, use [Apify CLI](https://docs.apify.com/cli/docs.md):

````bash
# MacOS / Linux
curl -fsSL https://apify.com/install-cli.sh | bash
# Windows
irm https://apify.com/install-cli.ps1 | iex
```bash

In AI frameworks, you might use the [Apify MCP server](https://docs.apify.com/platform/integrations/mcp.md).

If your project is in a different language, use the [REST API](https://docs.apify.com/api/v2.md).

For usage examples, see the [API](#api) section below.

For more details, see Apify documentation as [Markdown index](https://docs.apify.com/llms.txt) and [Markdown full-text](https://docs.apify.com/llms-full.txt).


# README

## Developer Signal Monitor

Monitor public npm packages, SDK compatibility surfaces, OSV.dev package vulnerabilities, CycloneDX SBOM vulnerability records, GitHub releases, GitHub repository security advisories, and Docker Hub image tags for new developer ecosystem, release-note digest, vulnerability, container, and supply-chain signals.

This Actor is designed for low-support scheduled monitoring:

- no login required for public npm package metadata
- no login required for OSV.dev public vulnerability metadata
- no login required for public CycloneDX JSON SBOM vulnerability parsing
- no login required for public GitHub release metadata
- no login required for public GitHub repository security advisory metadata
- no login required for public Docker Hub tag metadata
- outputs structured `NEW`, `SEEN`, and `ERROR` rows
- adds a normalized developer risk queue with `developerRiskScore`, `developerRiskSeverity`, `developerRiskReasons`, `developerActionHints`, `developerActionPriority`, and `chargeableCandidate`
- adds npm supply-chain metadata such as maintainer count, license posture, dependency count, deprecation status, unpacked size, release age, integrity hash, shasum, registry signatures, attestation URL, and provenance risk flags
- tracks npm license fingerprints so scheduled runs can detect license drift even when the latest version is unchanged
- adds SDK upgrade compatibility metadata such as TypeScript types, ESM/package type, exports map, Node engine range, peer dependencies, optional dependencies, CLI bins, browser field, and action hints
- tracks npm maintainer fingerprints and maintainer email domains so scheduled runs can catch maintainer drift even when the latest version is unchanged
- adds OSV vulnerability metadata such as OSV ID, aliases, CVEs, severity, affected package/ecosystem/ranges, affected version count, references, withdrawn status, and mitigation hints
- adds SBOM vulnerability metadata from CycloneDX JSON documents, including CVEs, severity, affected refs/components/versions, analysis state, remediation hints, and advisory URLs
- adds GitHub release-note digest metrics for breaking, security, fix, feature, CVE, migration, deprecation, configuration, and impact-area signals
- adds GitHub release digest severity such as `SECURITY`, `BREAKING`, `FEATURE`, or `FIX`
- adds GitHub security advisory metadata such as GHSA, CVE, severity, CVSS, CWE, affected ecosystem/package, vulnerable ranges, patched versions, vulnerable functions, and mitigation hints
- adds Docker image tag/digest metadata such as latest non-`latest` tag, digest, digest-backed signal ID, digest coverage, unpinned tags, digest alias groups, size, tag channel, tag status, recent tags, mutable tags, floating-tag risk, prerelease risk, digest-pinning status, digest drift watch, and action hints
- includes `SDK Package Watchlist`, `Release Digest Watchlist`, `GitHub Security Advisory Watchlist`, `OSV Vulnerability Watchlist`, `SBOM Vulnerability Watchlist`, and `Docker Tag Watchlist` report sections for scheduled monitoring
- stores a snapshot key so scheduled runs can detect new signals
- future PPE boundary: `developer-signal-alert`

### Inputs

- `npmPackages`: npm packages to check, such as `apify` or `crawlee`
- `osvPackages`: npm packages to check against OSV.dev; defaults to empty to avoid extra OSV API calls unless explicitly enabled
- `sbomUrls`: public CycloneDX JSON SBOM URLs to parse for embedded vulnerability records; defaults to empty to avoid extra network calls unless explicitly enabled
- `githubRepos`: public repositories in `owner/name` form
- `githubAdvisoryRepos`: public repositories in `owner/name` form to check for repository security advisories; defaults to empty to avoid extra GitHub API calls
- `dockerImages`: public Docker Hub image names, such as `node` or `apify/actor-node`
- `alertKeywords`: words that make a new package or release signal alert-worthy
- `previousSignalIds`: optional IDs from a prior run
- `snapshotKey`: key-value-store record for scheduled monitoring

### Quick-Start Presets

Copy one of these low-cost JSON inputs into the Apify input editor and replace the example packages, repositories, or images with the assets your team ships:

- `examples/presets/sdk-release-risk-watch.json`: two npm SDK packages plus two GitHub release feeds for breaking/security/migration release monitoring.
- `examples/presets/container-digest-drift-watch.json`: two Docker Hub images for tag, digest, mutable-tag, floating-tag, and low-digest-coverage monitoring.
- `examples/presets/supply-chain-security-posture.json`: two npm packages plus explicit OSV checks for vulnerability, maintainer, license, and provenance posture.

Each preset uses a unique `snapshotKey`, enables `saveSnapshot`, keeps every target list to 2 items or fewer, and leaves optional SBOM/advisory inputs empty unless the workflow needs them.

### Output

Dataset rows include:

- `status`
- `alert`
- `priority`
- `source`
- `target`
- `signalType`
- `version`
- `title`
- `url`
- `publishedAt`
- `releaseAgeDays`
- npm metadata: `license`, `maintainerCount`, `dependencyCount`, `peerDependencyCount`, `optionalDependencyCount`, `packageDeprecated`, `deprecatedMessage`, `unpackedSize`
- npm maintainer metadata: `maintainers`, `maintainerFingerprint`, `maintainerDomains`, and `maintainerDomainCount`
- npm provenance metadata: `npmIntegrity`, `npmShasum`, `npmSignatureCount`, `npmSignatureKeyIds`, `npmAttestationUrl`, `npmProvenancePresent`, `npmProvenanceSignals`, `npmProvenanceRiskFlags`, `npmProvenanceActionHints`, and `npmProvenanceRiskScore`
- npm license metadata: `licenseRaw`, `licenseNormalized`, `licenseCategory`, `licenseSignalId`, `licenseRiskFlags`, `licenseActionHints`, and `licenseRiskScore`
- SDK compatibility metadata: `packageType`, `mainEntrypoint`, `moduleEntrypoint`, `typesEntrypoint`, `nodeEngine`, `hasExportsMap`, `binCount`, `sdkPackageCandidate`, `sdkKeywordHits`, `sdkSurfaceSignals`, `sdkCompatibilityRiskSignals`, `sdkActionHints`, `sdkCompatibilityRiskScore`
- OSV vulnerability metadata: `osvId`, `osvAliases`, `osvCves`, `osvSeverity`, `osvSeverityScore`, `osvAffectedPackage`, `osvAffectedPackages`, `osvAffectedEcosystems`, `osvAffectedRanges`, `osvAffectedVersionsCount`, `osvReferenceCount`, `osvWithdrawn`, `osvRiskSignals`, `osvActionHints`, `osvRiskScore`
- SBOM vulnerability metadata: `sbomFormat`, `sbomSerialNumber`, `sbomVersion`, `sbomComponentCount`, `sbomVulnerabilityId`, `sbomAliases`, `sbomCves`, `sbomSeverity`, `sbomSeverityScore`, `sbomCwes`, `sbomAffectedRefs`, `sbomAffectedComponents`, `sbomAffectedVersions`, `sbomAdvisoryUrls`, `sbomAnalysisState`, `sbomRecommendation`, `sbomRiskSignals`, `sbomActionHints`, `sbomRiskScore`
- GitHub release-note digest metadata: `releaseNotesDigest`, `releaseDigestSeverity`, `releaseNoteKeywordHits`, `releaseCves`, `releaseImpactAreas`, `releaseRiskSignals`, `releaseActionHints`, `releaseRiskScore`
- GitHub advisory metadata: `advisoryGhsaId`, `advisoryCveId`, `advisorySeverity`, `advisoryState`, `advisoryCvssScore`, `advisoryCvssVector`, `advisoryCwes`, `advisoryEcosystems`, `advisoryPackages`, `advisoryVulnerableRanges`, `advisoryPatchedVersions`, `advisoryVulnerableFunctions`, `advisoryReferenceCount`, `advisoryWithdrawn`, `advisoryRiskSignals`, `advisoryActionHints`, `advisoryRiskScore`
- Docker image metadata: `imageSize`, `imageDigest`, `dockerTagChannel`, `dockerObservedTags`, `dockerObservedDigests`, `dockerUniqueDigestCount`, `dockerDigestCoveragePct`, `dockerUnpinnedTags`, `dockerDigestAliasGroups`, `dockerDigestSignalId`, `dockerDigestDriftWatch`, `dockerMutableTags`, `dockerFloatingTag`, `dockerPrereleaseTag`, `dockerDigestPinned`, `dockerTagRiskSignals`, `dockerTagRiskScore`, `dockerDigestRiskSignals`, `dockerDigestActionHints`, `dockerDigestRiskScore`, `tagStatus`
- `matchedKeywords`
- `reasons`
- normalized developer risk fields: `developerRiskScore`, `developerRiskSeverity`, `developerRiskReasons`, `developerActionHints`, `developerActionPriority`, and `chargeableCandidate`
- `ppeEventCandidate`

### Local validation

```powershell
npm test
npm run sample
````

The report includes a `Top Developer Risks` section so security, breaking-change, SDK compatibility, license, provenance, OSV, SBOM, advisory, and Docker drift signals can be triaged without inspecting raw dataset rows.

The first release should be free or usage-cost-only. Add PPE only after real usage proves people want alert rows. Strong future paid units are SDK upgrade compatibility alerts, ESM/exports-map/Node-engine/peer-dependency SDK alerts, npm provenance/integrity alerts, npm license drift and license-risk alerts, OSV vulnerability alerts, OSV CVE/high/no-fixed alerts, SBOM vulnerability alerts, SBOM CVE/high/no-remediation/open-analysis alerts, new security/breaking release alerts, GitHub security advisory alerts, high/CVSS/CVE advisory alerts, unpatched advisory alerts, release-note digest alerts with CVE or migration action hints, Docker image tag alerts, Docker digest drift alerts, Docker unpinned/low-coverage digest alerts, Docker mutable/floating tag risk alerts, npm maintainer drift alerts, deprecated npm package alerts, packages with no listed maintainers, and old-release supply-chain risk alerts.

# Actor input Schema

## `npmPackages` (type: `array`):

Public npm package names to monitor for latest-version and maintainer-fingerprint changes.

## `githubRepos` (type: `array`):

Public GitHub repositories in owner/name form to monitor for latest releases.

## `osvPackages` (type: `array`):

Public npm package names to check against OSV.dev vulnerabilities. Defaults to empty to avoid extra OSV API calls unless explicitly enabled.

## `sbomUrls` (type: `array`):

Public CycloneDX JSON SBOM URLs to parse for embedded vulnerability records. Defaults to empty to avoid extra network calls unless explicitly enabled.

## `githubAdvisoryRepos` (type: `array`):

Public GitHub repositories in owner/name form to monitor for repository security advisories. Leave empty to avoid extra GitHub API calls.

## `dockerImages` (type: `array`):

Public Docker Hub images to monitor for latest tags, such as nginx or apify/actor-node.

## `previousSignalIds` (type: `array`):

Optional IDs from a previous run. Missing IDs are marked NEW.

## `alertKeywords` (type: `array`):

Keywords in package names, repository names, release names, release notes, or npm metadata that make a signal alert-worthy.

## `includePrereleases` (type: `boolean`):

Include prerelease GitHub releases when selecting the latest release.

## `snapshotKey` (type: `string`):

Key-value-store record used for scheduled change detection.

## `saveSnapshot` (type: `boolean`):

Save current signal IDs so the next scheduled run can detect new signals.

## `maxPackages` (type: `integer`):

Maximum npm packages to check. Values above 50 are capped by the Actor.

## `maxOsvPackages` (type: `integer`):

Maximum npm packages to check against OSV.dev. Values above 50 are capped by the Actor.

## `maxSbomUrls` (type: `integer`):

Maximum public SBOM JSON URLs to fetch and parse. Values above 50 are capped by the Actor.

## `maxRepos` (type: `integer`):

Maximum GitHub repositories to check. Values above 50 are capped by the Actor.

## `maxDockerImages` (type: `integer`):

Maximum Docker Hub images to check. Values above 50 are capped by the Actor.

## Actor input object example

```json
{
  "npmPackages": [
    "apify",
    "crawlee"
  ],
  "githubRepos": [
    "apify/crawlee",
    "apify/apify-sdk-js"
  ],
  "osvPackages": [],
  "sbomUrls": [],
  "githubAdvisoryRepos": [],
  "dockerImages": [
    "library/node"
  ],
  "previousSignalIds": [],
  "alertKeywords": [
    "major",
    "breaking",
    "security",
    "crawler",
    "scraper",
    "agent",
    "release",
    "docker",
    "image"
  ],
  "includePrereleases": false,
  "snapshotKey": "DEVELOPER_SIGNAL_SNAPSHOT",
  "saveSnapshot": true,
  "maxPackages": 10,
  "maxOsvPackages": 10,
  "maxSbomUrls": 10,
  "maxRepos": 10,
  "maxDockerImages": 10
}
```

# Actor output Schema

## `items` (type: `string`):

Default dataset rows with source, target, version, status, alert, priority, developerRiskScore/developerRiskSeverity/developerActionPriority/chargeableCandidate fields, npm maintainer fingerprint/domain/dependency/deprecation/provenance metadata, SDK compatibility fields, OSV vulnerability fields, SBOM vulnerability fields, GitHub release-note digest fields, GitHub advisory fields, Docker tag and digest drift/risk fields, and future PPE event fields.

## `summary` (type: `string`):

Key-value store record with topDeveloperRisks, highestDeveloperRiskScore, highRiskDeveloperSignalCount, chargeableCandidateCount, and counts for monitored npm packages, npm provenance posture, SDK compatibility surfaces, OSV packages, SBOM URLs, GitHub repositories, GitHub advisory repositories, Docker images, new signals, alerts, errors, deprecated packages, packages without listed maintainers, old releases, OSV/SBOM/GitHub security advisories, Docker tag risks, and Docker digest drift/risk watches.

## `report` (type: `string`):

Human-readable report with top developer risks, alert-worthy developer ecosystem changes plus npm maintainer, SDK package, release digest, OSV vulnerability, SBOM vulnerability, GitHub security advisory, and Docker tag/digest watchlists.

## `alerts` (type: `string`):

Only rows where alert=true. This is the future pay-per-event boundary.

## `snapshot` (type: `string`):

No description

# API

You can run this Actor programmatically using our API. Below are code examples in JavaScript, Python, and CLI, as well as the OpenAPI specification and MCP server setup.

## JavaScript example

```javascript
import { ApifyClient } from 'apify-client';

// Initialize the ApifyClient with your Apify API token
// Replace the '<YOUR_API_TOKEN>' with your token
const client = new ApifyClient({
    token: '<YOUR_API_TOKEN>',
});

// Prepare Actor input
const input = {};

// Run the Actor and wait for it to finish
const run = await client.actor("silicon1235/developer-signal-monitor").call(input);

// Fetch and print Actor results from the run's dataset (if any)
console.log('Results from dataset');
console.log(`💾 Check your data here: https://console.apify.com/storage/datasets/${run.defaultDatasetId}`);
const { items } = await client.dataset(run.defaultDatasetId).listItems();
items.forEach((item) => {
    console.dir(item);
});

// 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/js/docs

```

## Python example

```python
from apify_client import ApifyClient

# Initialize the ApifyClient with your Apify API token
# Replace '<YOUR_API_TOKEN>' with your token.
client = ApifyClient("<YOUR_API_TOKEN>")

# Prepare the Actor input
run_input = {}

# Run the Actor and wait for it to finish
run = client.actor("silicon1235/developer-signal-monitor").call(run_input=run_input)

# Fetch and print Actor results from the run's dataset (if there are any)
print("💾 Check your data here: https://console.apify.com/storage/datasets/" + run["defaultDatasetId"])
for item in client.dataset(run["defaultDatasetId"]).iterate_items():
    print(item)

# 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/python/docs/quick-start

```

## CLI example

```bash
echo '{}' |
apify call silicon1235/developer-signal-monitor --silent --output-dataset

```

## MCP server setup

```json
{
    "mcpServers": {
        "apify": {
            "command": "npx",
            "args": [
                "mcp-remote",
                "https://mcp.apify.com/?tools=silicon1235/developer-signal-monitor",
                "--header",
                "Authorization: Bearer <YOUR_API_TOKEN>"
            ]
        }
    }
}

```

## OpenAPI specification

```json
{
    "openapi": "3.0.1",
    "info": {
        "title": "Developer Signal Monitor",
        "description": "Monitor public npm packages, maintainers, package license changes, GitHub releases, OSV/SBOM advisories, and Docker tags for developer signals.",
        "version": "0.2",
        "x-build-id": "CuFQJKeGC8GShX7g7"
    },
    "servers": [
        {
            "url": "https://api.apify.com/v2"
        }
    ],
    "paths": {
        "/acts/silicon1235~developer-signal-monitor/run-sync-get-dataset-items": {
            "post": {
                "operationId": "run-sync-get-dataset-items-silicon1235-developer-signal-monitor",
                "x-openai-isConsequential": false,
                "summary": "Executes an Actor, waits for its completion, and returns Actor's dataset items in response.",
                "tags": [
                    "Run Actor"
                ],
                "requestBody": {
                    "required": true,
                    "content": {
                        "application/json": {
                            "schema": {
                                "$ref": "#/components/schemas/inputSchema"
                            }
                        }
                    }
                },
                "parameters": [
                    {
                        "name": "token",
                        "in": "query",
                        "required": true,
                        "schema": {
                            "type": "string"
                        },
                        "description": "Enter your Apify token here"
                    }
                ],
                "responses": {
                    "200": {
                        "description": "OK"
                    }
                }
            }
        },
        "/acts/silicon1235~developer-signal-monitor/runs": {
            "post": {
                "operationId": "runs-sync-silicon1235-developer-signal-monitor",
                "x-openai-isConsequential": false,
                "summary": "Executes an Actor and returns information about the initiated run in response.",
                "tags": [
                    "Run Actor"
                ],
                "requestBody": {
                    "required": true,
                    "content": {
                        "application/json": {
                            "schema": {
                                "$ref": "#/components/schemas/inputSchema"
                            }
                        }
                    }
                },
                "parameters": [
                    {
                        "name": "token",
                        "in": "query",
                        "required": true,
                        "schema": {
                            "type": "string"
                        },
                        "description": "Enter your Apify token here"
                    }
                ],
                "responses": {
                    "200": {
                        "description": "OK",
                        "content": {
                            "application/json": {
                                "schema": {
                                    "$ref": "#/components/schemas/runsResponseSchema"
                                }
                            }
                        }
                    }
                }
            }
        },
        "/acts/silicon1235~developer-signal-monitor/run-sync": {
            "post": {
                "operationId": "run-sync-silicon1235-developer-signal-monitor",
                "x-openai-isConsequential": false,
                "summary": "Executes an Actor, waits for completion, and returns the OUTPUT from Key-value store in response.",
                "tags": [
                    "Run Actor"
                ],
                "requestBody": {
                    "required": true,
                    "content": {
                        "application/json": {
                            "schema": {
                                "$ref": "#/components/schemas/inputSchema"
                            }
                        }
                    }
                },
                "parameters": [
                    {
                        "name": "token",
                        "in": "query",
                        "required": true,
                        "schema": {
                            "type": "string"
                        },
                        "description": "Enter your Apify token here"
                    }
                ],
                "responses": {
                    "200": {
                        "description": "OK"
                    }
                }
            }
        }
    },
    "components": {
        "schemas": {
            "inputSchema": {
                "type": "object",
                "properties": {
                    "npmPackages": {
                        "title": "npm packages",
                        "type": "array",
                        "description": "Public npm package names to monitor for latest-version and maintainer-fingerprint changes.",
                        "default": [
                            "apify",
                            "crawlee"
                        ],
                        "items": {
                            "type": "string"
                        }
                    },
                    "githubRepos": {
                        "title": "GitHub repositories",
                        "type": "array",
                        "description": "Public GitHub repositories in owner/name form to monitor for latest releases.",
                        "default": [
                            "apify/crawlee",
                            "apify/apify-sdk-js"
                        ],
                        "items": {
                            "type": "string"
                        }
                    },
                    "osvPackages": {
                        "title": "OSV npm packages",
                        "type": "array",
                        "description": "Public npm package names to check against OSV.dev vulnerabilities. Defaults to empty to avoid extra OSV API calls unless explicitly enabled.",
                        "default": [],
                        "items": {
                            "type": "string"
                        }
                    },
                    "sbomUrls": {
                        "title": "SBOM JSON URLs",
                        "type": "array",
                        "description": "Public CycloneDX JSON SBOM URLs to parse for embedded vulnerability records. Defaults to empty to avoid extra network calls unless explicitly enabled.",
                        "default": [],
                        "items": {
                            "type": "string"
                        }
                    },
                    "githubAdvisoryRepos": {
                        "title": "GitHub advisory repositories",
                        "type": "array",
                        "description": "Public GitHub repositories in owner/name form to monitor for repository security advisories. Leave empty to avoid extra GitHub API calls.",
                        "default": [],
                        "items": {
                            "type": "string"
                        }
                    },
                    "dockerImages": {
                        "title": "Docker images",
                        "type": "array",
                        "description": "Public Docker Hub images to monitor for latest tags, such as nginx or apify/actor-node.",
                        "default": [
                            "library/node"
                        ],
                        "items": {
                            "type": "string"
                        }
                    },
                    "previousSignalIds": {
                        "title": "Previous signal IDs",
                        "type": "array",
                        "description": "Optional IDs from a previous run. Missing IDs are marked NEW.",
                        "default": [],
                        "items": {
                            "type": "string"
                        }
                    },
                    "alertKeywords": {
                        "title": "Alert keywords",
                        "type": "array",
                        "description": "Keywords in package names, repository names, release names, release notes, or npm metadata that make a signal alert-worthy.",
                        "default": [
                            "major",
                            "breaking",
                            "security",
                            "crawler",
                            "scraper",
                            "agent",
                            "release",
                            "docker",
                            "image"
                        ],
                        "items": {
                            "type": "string"
                        }
                    },
                    "includePrereleases": {
                        "title": "Include GitHub prereleases",
                        "type": "boolean",
                        "description": "Include prerelease GitHub releases when selecting the latest release.",
                        "default": false
                    },
                    "snapshotKey": {
                        "title": "Snapshot key",
                        "type": "string",
                        "description": "Key-value-store record used for scheduled change detection.",
                        "default": "DEVELOPER_SIGNAL_SNAPSHOT"
                    },
                    "saveSnapshot": {
                        "title": "Save snapshot",
                        "type": "boolean",
                        "description": "Save current signal IDs so the next scheduled run can detect new signals.",
                        "default": true
                    },
                    "maxPackages": {
                        "title": "Maximum npm packages",
                        "minimum": 1,
                        "maximum": 50,
                        "type": "integer",
                        "description": "Maximum npm packages to check. Values above 50 are capped by the Actor.",
                        "default": 10
                    },
                    "maxOsvPackages": {
                        "title": "Maximum OSV packages",
                        "minimum": 1,
                        "maximum": 50,
                        "type": "integer",
                        "description": "Maximum npm packages to check against OSV.dev. Values above 50 are capped by the Actor.",
                        "default": 10
                    },
                    "maxSbomUrls": {
                        "title": "Maximum SBOM URLs",
                        "minimum": 1,
                        "maximum": 50,
                        "type": "integer",
                        "description": "Maximum public SBOM JSON URLs to fetch and parse. Values above 50 are capped by the Actor.",
                        "default": 10
                    },
                    "maxRepos": {
                        "title": "Maximum GitHub repositories",
                        "minimum": 1,
                        "maximum": 50,
                        "type": "integer",
                        "description": "Maximum GitHub repositories to check. Values above 50 are capped by the Actor.",
                        "default": 10
                    },
                    "maxDockerImages": {
                        "title": "Maximum Docker images",
                        "minimum": 1,
                        "maximum": 50,
                        "type": "integer",
                        "description": "Maximum Docker Hub images to check. Values above 50 are capped by the Actor.",
                        "default": 10
                    }
                }
            },
            "runsResponseSchema": {
                "type": "object",
                "properties": {
                    "data": {
                        "type": "object",
                        "properties": {
                            "id": {
                                "type": "string"
                            },
                            "actId": {
                                "type": "string"
                            },
                            "userId": {
                                "type": "string"
                            },
                            "startedAt": {
                                "type": "string",
                                "format": "date-time",
                                "example": "2025-01-08T00:00:00.000Z"
                            },
                            "finishedAt": {
                                "type": "string",
                                "format": "date-time",
                                "example": "2025-01-08T00:00:00.000Z"
                            },
                            "status": {
                                "type": "string",
                                "example": "READY"
                            },
                            "meta": {
                                "type": "object",
                                "properties": {
                                    "origin": {
                                        "type": "string",
                                        "example": "API"
                                    },
                                    "userAgent": {
                                        "type": "string"
                                    }
                                }
                            },
                            "stats": {
                                "type": "object",
                                "properties": {
                                    "inputBodyLen": {
                                        "type": "integer",
                                        "example": 2000
                                    },
                                    "rebootCount": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "restartCount": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "resurrectCount": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "computeUnits": {
                                        "type": "integer",
                                        "example": 0
                                    }
                                }
                            },
                            "options": {
                                "type": "object",
                                "properties": {
                                    "build": {
                                        "type": "string",
                                        "example": "latest"
                                    },
                                    "timeoutSecs": {
                                        "type": "integer",
                                        "example": 300
                                    },
                                    "memoryMbytes": {
                                        "type": "integer",
                                        "example": 1024
                                    },
                                    "diskMbytes": {
                                        "type": "integer",
                                        "example": 2048
                                    }
                                }
                            },
                            "buildId": {
                                "type": "string"
                            },
                            "defaultKeyValueStoreId": {
                                "type": "string"
                            },
                            "defaultDatasetId": {
                                "type": "string"
                            },
                            "defaultRequestQueueId": {
                                "type": "string"
                            },
                            "buildNumber": {
                                "type": "string",
                                "example": "1.0.0"
                            },
                            "containerUrl": {
                                "type": "string"
                            },
                            "usage": {
                                "type": "object",
                                "properties": {
                                    "ACTOR_COMPUTE_UNITS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATASET_READS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATASET_WRITES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "KEY_VALUE_STORE_READS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "KEY_VALUE_STORE_WRITES": {
                                        "type": "integer",
                                        "example": 1
                                    },
                                    "KEY_VALUE_STORE_LISTS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "REQUEST_QUEUE_READS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "REQUEST_QUEUE_WRITES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATA_TRANSFER_INTERNAL_GBYTES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATA_TRANSFER_EXTERNAL_GBYTES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "PROXY_RESIDENTIAL_TRANSFER_GBYTES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "PROXY_SERPS": {
                                        "type": "integer",
                                        "example": 0
                                    }
                                }
                            },
                            "usageTotalUsd": {
                                "type": "number",
                                "example": 0.00005
                            },
                            "usageUsd": {
                                "type": "object",
                                "properties": {
                                    "ACTOR_COMPUTE_UNITS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATASET_READS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATASET_WRITES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "KEY_VALUE_STORE_READS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "KEY_VALUE_STORE_WRITES": {
                                        "type": "number",
                                        "example": 0.00005
                                    },
                                    "KEY_VALUE_STORE_LISTS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "REQUEST_QUEUE_READS": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "REQUEST_QUEUE_WRITES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATA_TRANSFER_INTERNAL_GBYTES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "DATA_TRANSFER_EXTERNAL_GBYTES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "PROXY_RESIDENTIAL_TRANSFER_GBYTES": {
                                        "type": "integer",
                                        "example": 0
                                    },
                                    "PROXY_SERPS": {
                                        "type": "integer",
                                        "example": 0
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }
}
```
