# PyPI Package Dependency Intelligence (`taroyamada/pypi-package-dependency-intelligence`) Actor Extract Python package dependency declarations, release cadence, maintainer hints, download stats, and OSV vulnerability summaries from the official PyPI JSON API. - **URL**: https://apify.com/taroyamada/pypi-package-dependency-intelligence.md - **Developed by:** [åĪŠéƒŽ åąąį”°](https://apify.com/taroyamada) (community) - **Categories:** Developer tools, Automation - **Stats:** 2 total users, 1 monthly users, 100.0% runs succeeded, NaN bookmarks - **User rating**: No ratings yet ## Pricing Pay per usage This Actor is paid per platform usage. The Actor is free to use, and you only pay for the Apify platform usage, which gets cheaper the higher subscription plan you have. Learn more: https://docs.apify.com/platform/actors/running/actors-in-store#pay-per-usage ## What's an Apify Actor? Actors are a software tools running on the Apify platform, for all kinds of web data extraction and automation use cases. In Batch mode, an Actor accepts a well-defined JSON input, performs an action which can take anything from a few seconds to a few hours, and optionally produces a well-defined JSON output, datasets with results, or files in key-value store. In Standby mode, an Actor provides a web server which can be used as a website, API, or an MCP server. Actors are written with capital "A". ## How to integrate an Actor? If asked about integration, you help developers integrate Actors into their projects. You adapt to their stack and deliver integrations that are safe, well-documented, and production-ready. The best way to integrate Actors is as follows. In JavaScript/TypeScript projects, use official [JavaScript/TypeScript client](https://docs.apify.com/api/client/js.md): ```bash npm install apify-client ``` In Python projects, use official [Python client library](https://docs.apify.com/api/client/python.md): ```bash pip install apify-client ``` In shell scripts, use [Apify CLI](https://docs.apify.com/cli/docs.md): ````bash # MacOS / Linux curl -fsSL https://apify.com/install-cli.sh | bash # Windows irm https://apify.com/install-cli.ps1 | iex ```bash In AI frameworks, you might use the [Apify MCP server](https://docs.apify.com/platform/integrations/mcp.md). If your project is in a different language, use the [REST API](https://docs.apify.com/api/v2.md). For usage examples, see the [API](#api) section below. For more details, see Apify documentation as [Markdown index](https://docs.apify.com/llms.txt) and [Markdown full-text](https://docs.apify.com/llms-full.txt). # README ## PyPI Package Dependency Intelligence Analyze Python packages from the official PyPI JSON API and export flattened rows for package summaries, release cadence, dependency declarations, maintainer hints, optional download stats, and optional OSV vulnerability signals. This actor is built for direct package watchlists. It does not scrape PyPI HTML search pages. ### Inputs | Field | Default | Notes | |---|---:|---| | `packages` | required | PyPI package names such as `requests`, `fastapi`, `django`, or `numpy`. | | `includeReleaseHistory` | `true` | Emit `release_version` rows. | | `includeDownloadStats` | `false` | Add recent counts from pypistats.org when available. | | `includeVulnerabilities` | `false` | Add OSV advisory summaries. | | `maxReleaseRowsPerPackage` | `100` | Cap release rows per package. | | `maxDependencyRowsPerPackage` | `250` | Cap dependency rows per package. | | `concurrency` | `5` | Parallel package fetches. | | `timeoutMs` | `15000` | Per-request timeout in ms. | | `delivery` | `dataset` | `dataset` or `webhook`. | | `webhookUrl` | empty | Required when `delivery=webhook`. | | `dryRun` | `false` | Skip dataset and webhook delivery. | ### Dataset Rows The dataset is flattened so it can be filtered and joined without unpacking one large object. `package_summary` - `packageName`, `normalizedPackageName`, `requestedName`, `status` - `version`, `summary`, `license`, `requiresPython` - `author`, `authorEmail`, `maintainer`, `maintainerEmail` - `homePage`, `sourceUrl`, `issueTrackerUrl`, `projectUrls` - `releaseCount`, `firstReleaseAt`, `latestReleaseAt`, `releaseCadenceDays` - `dependencyCount`, `emittedDependencyCount` - `downloadLastDay`, `downloadLastWeek`, `downloadLastMonth` when enabled - `vulnerabilityCount`, `vulnerabilities` when enabled - `contactHints`, `warnings`, `fetchedAt` `release_version` - `packageName`, `version`, `uploadTime`, `fileCount` - `packageTypes`, `yanked`, `yankReason`, `fetchedAt` `dependency` - `packageName`, `packageVersion` - `dependencyName`, `normalizedDependencyName` - `dependencyGroup` such as `runtime`, `conditional`, or `extra:socks` - `versionSpec`, `extras`, `environmentMarker` - `rawRequirement`, `parseStatus`, `fetchedAt` ### Example Input ```json { "packages": ["requests", "fastapi"], "includeReleaseHistory": true, "includeDownloadStats": false, "includeVulnerabilities": false, "maxReleaseRowsPerPackage": 25, "maxDependencyRowsPerPackage": 250, "concurrency": 3, "timeoutMs": 15000, "delivery": "dataset", "webhookUrl": "", "dryRun": false } ```` ### Local Development ```bash npm install npm test node src/index.js ``` `output/result.json` contains the full payload for local inspection. On Apify, dataset delivery writes the flattened rows. ### Limitations - V1 is direct package lookup only; PyPI HTML search is out of scope. - `Requires-Dist` parsing is pragmatic. The original PEP 508 string is always preserved as `rawRequirement`. - pypistats.org and OSV are optional external enrichments and can return warnings without failing the package. - OSV output is an advisory summary and should not be treated as a complete vulnerability audit. # Actor input Schema ## `packages` (type: `array`): PyPI package names to fetch from the official JSON API. Use names such as requests, fastapi, pandas, django, or numpy. ## `includeReleaseHistory` (type: `boolean`): When true, writes one release\_version row per version in addition to the package summary and dependency rows. ## `includeDownloadStats` (type: `boolean`): Fetch recent package download counts from pypistats.org. Warnings are returned if the enrichment is unavailable. ## `includeVulnerabilities` (type: `boolean`): Query OSV for known advisories for each package. Results are advisory summaries, not a complete security audit. ## `maxReleaseRowsPerPackage` (type: `integer`): Maximum release\_version rows to emit per package when release rows are enabled. ## `maxDependencyRowsPerPackage` (type: `integer`): Maximum dependency rows to emit per package. ## `concurrency` (type: `integer`): Number of packages to fetch in parallel. ## `timeoutMs` (type: `integer`): Per-request timeout in milliseconds. ## `delivery` (type: `string`): Send flattened rows to the dataset or POST the full payload to a webhook. ## `webhookUrl` (type: `string`): Required when delivery is webhook. ## `dryRun` (type: `boolean`): Run without saving dataset rows or sending a webhook. ## Actor input object example ```json { "packages": [ "requests", "fastapi" ], "includeReleaseHistory": true, "includeDownloadStats": false, "includeVulnerabilities": false, "maxReleaseRowsPerPackage": 100, "maxDependencyRowsPerPackage": 250, "concurrency": 5, "timeoutMs": 15000, "delivery": "dataset", "dryRun": false } ``` # API You can run this Actor programmatically using our API. Below are code examples in JavaScript, Python, and CLI, as well as the OpenAPI specification and MCP server setup. ## JavaScript example ```javascript import { ApifyClient } from 'apify-client'; // Initialize the ApifyClient with your Apify API token // Replace the '' with your token const client = new ApifyClient({ token: '', }); // Prepare Actor input const input = { "packages": [ "requests", "fastapi" ] }; // Run the Actor and wait for it to finish const run = await client.actor("taroyamada/pypi-package-dependency-intelligence").call(input); // Fetch and print Actor results from the run's dataset (if any) console.log('Results from dataset'); console.log(`ðŸ’ū Check your data here: https://console.apify.com/storage/datasets/${run.defaultDatasetId}`); const { items } = await client.dataset(run.defaultDatasetId).listItems(); items.forEach((item) => { console.dir(item); }); // 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/js/docs ``` ## Python example ```python from apify_client import ApifyClient # Initialize the ApifyClient with your Apify API token # Replace '' with your token. client = ApifyClient("") # Prepare the Actor input run_input = { "packages": [ "requests", "fastapi", ] } # Run the Actor and wait for it to finish run = client.actor("taroyamada/pypi-package-dependency-intelligence").call(run_input=run_input) # Fetch and print Actor results from the run's dataset (if there are any) print("ðŸ’ū Check your data here: https://console.apify.com/storage/datasets/" + run["defaultDatasetId"]) for item in client.dataset(run["defaultDatasetId"]).iterate_items(): print(item) # 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/python/docs/quick-start ``` ## CLI example ```bash echo '{ "packages": [ "requests", "fastapi" ] }' | apify call taroyamada/pypi-package-dependency-intelligence --silent --output-dataset ``` ## MCP server setup ```json { "mcpServers": { "apify": { "command": "npx", "args": [ "mcp-remote", "https://mcp.apify.com/?tools=taroyamada/pypi-package-dependency-intelligence", "--header", "Authorization: Bearer " ] } } } ``` ## OpenAPI specification ```json { "openapi": "3.0.1", "info": { "title": "PyPI Package Dependency Intelligence", "description": "Extract Python package dependency declarations, release cadence, maintainer hints, download stats, and OSV vulnerability summaries from the official PyPI JSON API.", "version": "0.1", "x-build-id": "jHr2NBnju9UkrGbzv" }, "servers": [ { "url": "https://api.apify.com/v2" } ], "paths": { "/acts/taroyamada~pypi-package-dependency-intelligence/run-sync-get-dataset-items": { "post": { "operationId": "run-sync-get-dataset-items-taroyamada-pypi-package-dependency-intelligence", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for its completion, and returns Actor's dataset items in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } }, "/acts/taroyamada~pypi-package-dependency-intelligence/runs": { "post": { "operationId": "runs-sync-taroyamada-pypi-package-dependency-intelligence", "x-openai-isConsequential": false, "summary": "Executes an Actor and returns information about the initiated run in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/runsResponseSchema" } } } } } } }, "/acts/taroyamada~pypi-package-dependency-intelligence/run-sync": { "post": { "operationId": "run-sync-taroyamada-pypi-package-dependency-intelligence", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for completion, and returns the OUTPUT from Key-value store in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } } }, "components": { "schemas": { "inputSchema": { "type": "object", "required": [ "packages" ], "properties": { "packages": { "title": "Package Names", "type": "array", "description": "PyPI package names to fetch from the official JSON API. Use names such as requests, fastapi, pandas, django, or numpy.", "items": { "type": "string" } }, "includeReleaseHistory": { "title": "Include Release Rows", "type": "boolean", "description": "When true, writes one release_version row per version in addition to the package summary and dependency rows.", "default": true }, "includeDownloadStats": { "title": "Include Download Stats", "type": "boolean", "description": "Fetch recent package download counts from pypistats.org. Warnings are returned if the enrichment is unavailable.", "default": false }, "includeVulnerabilities": { "title": "Include OSV Vulnerability Summary", "type": "boolean", "description": "Query OSV for known advisories for each package. Results are advisory summaries, not a complete security audit.", "default": false }, "maxReleaseRowsPerPackage": { "title": "Max Release Rows Per Package", "minimum": 1, "maximum": 1000, "type": "integer", "description": "Maximum release_version rows to emit per package when release rows are enabled.", "default": 100 }, "maxDependencyRowsPerPackage": { "title": "Max Dependency Rows Per Package", "minimum": 1, "maximum": 1000, "type": "integer", "description": "Maximum dependency rows to emit per package.", "default": 250 }, "concurrency": { "title": "Concurrency", "minimum": 1, "maximum": 10, "type": "integer", "description": "Number of packages to fetch in parallel.", "default": 5 }, "timeoutMs": { "title": "Request Timeout (ms)", "minimum": 1000, "maximum": 30000, "type": "integer", "description": "Per-request timeout in milliseconds.", "default": 15000 }, "delivery": { "title": "Delivery", "enum": [ "dataset", "webhook" ], "type": "string", "description": "Send flattened rows to the dataset or POST the full payload to a webhook.", "default": "dataset" }, "webhookUrl": { "title": "Webhook URL", "type": "string", "description": "Required when delivery is webhook." }, "dryRun": { "title": "Dry Run", "type": "boolean", "description": "Run without saving dataset rows or sending a webhook.", "default": false } } }, "runsResponseSchema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "id": { "type": "string" }, "actId": { "type": "string" }, "userId": { "type": "string" }, "startedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "finishedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "status": { "type": "string", "example": "READY" }, "meta": { "type": "object", "properties": { "origin": { "type": "string", "example": "API" }, "userAgent": { "type": "string" } } }, "stats": { "type": "object", "properties": { "inputBodyLen": { "type": "integer", "example": 2000 }, "rebootCount": { "type": "integer", "example": 0 }, "restartCount": { "type": "integer", "example": 0 }, "resurrectCount": { "type": "integer", "example": 0 }, "computeUnits": { "type": "integer", "example": 0 } } }, "options": { "type": "object", "properties": { "build": { "type": "string", "example": "latest" }, "timeoutSecs": { "type": "integer", "example": 300 }, "memoryMbytes": { "type": "integer", "example": 1024 }, "diskMbytes": { "type": "integer", "example": 2048 } } }, "buildId": { "type": "string" }, "defaultKeyValueStoreId": { "type": "string" }, "defaultDatasetId": { "type": "string" }, "defaultRequestQueueId": { "type": "string" }, "buildNumber": { "type": "string", "example": "1.0.0" }, "containerUrl": { "type": "string" }, "usage": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "integer", "example": 1 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } }, "usageTotalUsd": { "type": "number", "example": 0.00005 }, "usageUsd": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "number", "example": 0.00005 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } } } } } } } } } ```