Comprehensive NPM package safety report combining npm registry metadata, OSV vul...
Comprehensive NPM package safety report combining npm registry metadata, OSV vulnerability database, npms.io quality scores, and GitHub repo health. Returns risk_summary (low/medium/high/critical), CVE breakdown by severity, maintainer info, dependency counts, last-commit recency, archival status. Use ?package=react or ?package=react and version=18.2.0. Built for AI code-review agents and supply-chain auditors.
Start with a quote-only recipe. Payment signing stays in your project.
const response = await fetch("https://api.x402node.dev/npm/safety", {
method: "GET",
});
console.log(response.status);
console.log(Object.fromEntries(response.headers));
console.log((await response.text()).slice(0, 1000));
// A valid 402 is a quote, not a completed paid call.This sends no payment. Inspect the 402 response before adding a wallet-enabled client.
- Live 402 quote confirmed
GET returned a protocol-valid 402 quote (402). No payment was made.
- Origin reachable
HEAD https://api.x402node.dev/ returned 404.
- Observed in cdp-bazaar
The registry record was observed and retained with provenance.
- Observed in 402-index
Discovered through bazaar.
- Registry record checked
Registry health: healthy.
EVIDENCE
Each record has an exact-route quote outcome. Unresolved templates and potentially mutating methods are labeled instead of being invoked without provider-specific test input. A quote is still separate from a settled paid call.