Pricing

from $8.00 / 1,000 results

npm License & Deprecation Checker

Audit npm libraries for deprecated versions, abandoned repositories, and specific open-source licenses to maintain healthy JavaScript supply chains.

Pricing

from $8.00 / 1,000 results

Rating

0.0

(0)

Developer

naoki anzai

Actor stats

Bookmarked

Total users

Monthly active users

11 days ago

Last modified

NPM Package Intelligence API | Downloads, Dependencies & Licenses

Audit public npm libraries for deprecated versions, abandoned repositories, and specific open-source licenses to guarantee a secure software supply chain. This specialized npm license scraper and deprecation checker enables engineering teams and compliance officers to systematically evaluate third-party JavaScript dependencies. Rather than manually inspecting individual repository web pages, you can run bulk scans across your entire dependency tree to extract actionable metadata directly from the official npm platform. Users frequently deploy this tool to enforce corporate compliance policies, ensuring that no unauthorized licenses slip into production codebases. It is also an essential asset for identifying abandoned packages that lack recent updates or have active deprecation flags, which often signal impending security vulnerabilities. Running this scraper on a weekly schedule empowers teams to maintain automated watchlists and catch risky dependencies before they are merged. Each execution yields highly detailed, structured results, featuring the exact open-source license, deprecation status, author contact details, direct dependency arrays, repository URLs, and current weekly download stats. Automate your open-source governance, extract critical security details, and eliminate the blind spots in your node modules using precision data extraction tools.

Store Quickstart

Start with 3–5 exact package names in packages for the cleanest first run.
Add searchTerm only when you need discovery, and keep searchSize around 10–20 until you know the category you want.
Use dryRun: true to validate webhook or dataset delivery before a larger audit.
After the first useful run, move the account to the recurring watchlist template, then use the webhook handoff template for release alerts or downstream actions.

Key Features

📦 Full package metadata — version, description, author, homepage, repo
📥 Weekly download stats — Usage signal for popularity
🔗 Dependencies tree — Direct deps with version specs
⚖️ License info — MIT, Apache-2.0, GPL-3.0 detection
⚠️ Deprecation detection — Flags deprecated packages
🔑 No API key needed — Uses official npm registry

Use Cases

Who	Why
DevOps teams	Dependency security audits
Engineering leaders	Track tech stack across projects
OSS maintainers	Competitor package analysis
License compliance	Verify all deps are commercially usable
Recruiters/founders	Research packages/maintainers for hiring

Input

Field	Type	Default	Description
packages	string[]	(required)	npm package names (max 100)
includeDownloads	boolean	true	Weekly download stats
includeDeprecated	boolean	false	Include deprecated warnings

Input Example

{
  "packages": ["express", "react", "axios"],
  "includeDownloads": true,
  "includeDeprecated": false
}

Input Examples

Example: Single-target audit

{
  "targets": [
    "example-target-1"
  ],
  "maxResultsPerTarget": 30
}

Example: Bulk portfolio

{
  "targets": [
    "target-1",
    "target-2",
    "target-3"
  ],
  "maxResultsPerTarget": 50,
  "snapshotKey": "npm-package-intelligence-state"
}

Example: Recurring delta watch

{
  "targets": [
    "target-1"
  ],
  "snapshotKey": "npm-package-intelligence-state",
  "emitChangedOnly": true
}

Output

Field	Type	Description
`name`	string	Package name
`version`	string	Latest version
`description`	string	Package description
`downloads`	object	Download stats by period (if includeDownloads)
`downloads.lastWeek`	integer	Last 7 days downloads
`downloads.lastMonth`	integer	Last 30 days downloads
`vulnerabilities`	object[]	Known CVEs (if includeVulnerabilities)
`maintainers`	string[]	Maintainer usernames
`license`	string	SPDX license identifier
`repository`	string	Source repo URL

Output Example

{
  "name": "express",
  "version": "4.21.2",
  "description": "Fast, unopinionated web framework",
  "author": "TJ Holowaychuk",
  "license": "MIT",
  "dependencies": {"body-parser": "~1.20.0"},
  "weeklyDownloads": 32000000,
  "deprecated": false
}

API Usage

Run this actor programmatically using the Apify API. Replace YOUR_API_TOKEN with your token from Apify Console → Settings → Integrations.

cURL

curl -X POST "https://api.apify.com/v2/acts/taroyamada~npm-package-intelligence/run-sync-get-dataset-items?token=YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ "packages": ["express", "react", "axios"], "includeDownloads": true, "includeDeprecated": false }'

Python

from apify_client import ApifyClient

client = ApifyClient("YOUR_API_TOKEN")
run = client.actor("taroyamada/npm-package-intelligence").call(run_input={
  "packages": ["express", "react", "axios"],
  "includeDownloads": true,
  "includeDeprecated": false
})

for item in client.dataset(run["defaultDatasetId"]).iterate_items():
    print(item)

JavaScript / Node.js

import { ApifyClient } from 'apify-client';

const client = new ApifyClient({ token: 'YOUR_API_TOKEN' });
const run = await client.actor('taroyamada/npm-package-intelligence').call({
  "packages": ["express", "react", "axios"],
  "includeDownloads": true,
  "includeDeprecated": false
});

const { items } = await client.dataset(run.defaultDatasetId).listItems();
console.log(items);

Tips & Limitations

Audit your dependency list monthly to catch new CVEs and abandoned packages.
Track competitor packages' download trends for market intel.
Combine with GitHub data for full open-source intelligence.
Use in CI/CD to fail builds when vulnerabilities are introduced.

FAQ

Where do download stats come from?

npm's official npms.io API. Weekly counts are reliable popularity signals.

Can I get security vulnerability data?

Not directly. Pair with npm audit or Snyk for security scanning.

Does it work with private packages?

No — only public npm registry. Private packages require authentication.

Deprecated packages?

Flagged via the 'deprecated' field. Useful for migration planning.

Where do vulnerabilities come from?

GitHub Advisory Database via the npm audit endpoint.

Are private npm packages supported?

Public packages only. Private registries require authentication that this actor doesn't handle.

Pair this actor with other flagship intelligence APIs in the same portfolio:

PyPI Package Intelligence API — audit Python packages with release history, dependency declarations, and optional OSV signals.
Docker Hub Image Intelligence API — inspect public container repositories, tags, pulls, and star signals for supply-chain research.
Shopify Store Intelligence API — add public storefront and catalog context when evaluating ecommerce stacks built on these packages.

Pricing & Cost Control

Apify Store pricing is usage-based, so total cost mainly follows how many packages you process and whether you also run discovery via searchTerm. Check the Store pricing card for the current per-event rates.

Start with a short packages list or keep searchSize small for discovery runs.
Turn includeDownloads on only when popularity signals matter.
Use dryRun: true to validate the input before larger audits.
Prefer dataset delivery while iterating; switch to webhooks once the payload shape is stable.

⭐ Was this helpful?

If this actor saved you time, please leave a ★ rating on Apify Store. It takes 10 seconds, helps other developers discover it, and keeps updates free.

Bug report or feature request? Open an issue on the Issues tab of this actor.

NPM Package Scraper — npm metadata api

devilscrapes/npm-package-scraper

Pull rich metadata for any NPM package via the npm registry API — current version, dependencies, weekly downloads, repo URL, license, keywords, README excerpt, deprecation flag — export to JSON or CSV. Free npm registry + downloads API, no key required.

DevilScrapes

npm Registry Scraper - Search & Download Stats

parseforge/npm-registry-scraper

Search and scrape npm package data including versions, descriptions, authors, licenses, keywords, and weekly/total download counts from the public npm registry API.

ParseForge

NPM Package Metadata API

automly/npm-package-metadata-api

Retrieve clean, structured metadata for npm packages from the public npm registry API.

Automly

Npm Registry Scraper

klondikeking/npm-registry-scraper

Pierrick McD0nald

Npm Package Intelligence

viralanalyzer/npm-package-intelligence

Extract NPM package data: downloads, dependencies, versions, maintainers, and README. Track JavaScript ecosystem trends.

viralanalyzer

5.0

npm Package Registry Scraper

cloud9_ai/npm-package-scraper

Search and extract JavaScript package data from npm. Get download stats, dependencies, versions, and maintainers for 3M+ packages.

cloud9

NPM Package Health Enricher

nxv107/npm-package-health-enricher

Enrich npm packages with downloads, license, repository, freshness, maintainers, deprecation status, and practical health flags.

Navpreet Singh

NPM Packages Scraper

gio21/npm-packages-scraper

Search and scrape NPM packages by keyword. Extract name, version, description, downloads, dependencies, license, repository, and quality scores. Uses the public NPM registry API. Pay per result.

Gio

npm Package Scraper

plantane/npm-scraper

Scrape npm package data — search packages or get detailed info including versions, maintainers, and download stats.

Daniel

npm Dependency Tree & License Scraper

taroyamada/open-source-license-dependency-audit

Scrape npm to map transitive dependency trees up to three levels deep. Extract exact license types, deprecation warnings, and active maintainer counts.