VOOZH about

URL: https://apify.com/conceivable_extension/npm-cve-monitor

โ‡ฑ NPM & PyPI CVE Monitor ยท Apify

Pricing

from $5.00 / 1,000 vulnerability founds

Go to Apify Store

NPM & PyPI CVE Monitor

Checks npm and PyPI packages against the OSV vulnerability database and npm registry. Detects CVEs, suspicious maintainer patterns, and supply chain risks. Paste your package.json or requirements.txt. ยฃ0.001 per package checked.

Pricing

from $5.00 / 1,000 vulnerability founds

Rating

0.0

(0)

Developer

๐Ÿ‘ joseph fadero

joseph fadero

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

24 days ago

Last modified

Share

Check your npm and PyPI packages against the OSV vulnerability database, npm audit, and GitHub Advisory Database in one run. Paste your package.json or requirements.txt. ยฃ0.001/package โ€” protect your supply chain for pennies.

Post-Shai-Hulud (Sep 2025): supply chain monitoring is no longer optional.

Features

  • OSV database โ€” checks against the Open Source Vulnerabilities database (Google, GitHub, CISA โ€” free, no auth)
  • npm registry metadata โ€” detects suspicious maintainer patterns, unusual publish velocity, and ownership transfer signals
  • package.json + requirements.txt โ€” parse and check entire dependency trees in one run
  • Severity filtering โ€” report only critical, high, medium, or all vulnerabilities
  • Remediation paths โ€” suggests upgrade target versions where CVE fixes exist

Inputs

FieldDefaultDescription
packageJsonโ€”Paste package.json content
requirementsTxtโ€”Paste requirements.txt content
npmPackages[]Individual npm package names
pypiPackages[]Individual PyPI package names
checkSuspiciousPatternstrueCheck npm registry for suspicious maintainer patterns
severityFiltermediumMinimum severity to report

Output fields

Each package record includes: packageName, ecosystem, installedVersion, vulnerabilities[], vulnerabilityCount, highestSeverity, hasSuspiciousPatterns, suspiciousPatternDetails, weeklyDownloads, lastPublishedAt, maintainerCount, isDeprecated, recommendedAction, upgradeTarget.

Suspicious pattern detection

Flags packages with:

  • 5 version publishes in 7 days (worm-like velocity)

  • Package <30 days old with >10k weekly downloads
  • Single maintainer on >100k downloads/week package

Pricing (PPE)

  • run-started โ€” ยฃ0.05 per run
  • package-checked โ€” ยฃ0.001 per package examined
  • vulnerability-found โ€” ยฃ0.04 per package with CVEs
  • suspicious-pattern-detected โ€” ยฃ0.05 per package with suspicious patterns

Related actors

  • LLM-Ready Web Scraper โ€” extract security advisory and documentation pages as clean text for AI pipelines
  • Website Change Tracker โ€” monitor npm, PyPI and GitHub Advisory Database pages for new security notices

You might also like

Package Registry Scraper (npm + PyPI)

dami_studio/package-registry-scraper

Scrapes package metadata from the npm and PyPI registries: name, version, author, license, repo, keywords, and npm monthly download counts. Search npm by keyword or look up exact package names on either registry. Top use: compare libraries before pic

2

5.0

NPM Registry Scraper

crawlerbros/npm-registry-scraper

Scrape NPM package metadata, version history, maintainers, dependents, and download stats from the public NPM registry. Search packages or pull a specific list of package names.

npm Package Scraper

plantane/npm-scraper

Scrape npm package data โ€” search packages or get detailed info including versions, maintainers, and download stats.

NPM Package Scraper โ€” npm metadata api

devilscrapes/npm-package-scraper

Pull rich metadata for any NPM package via the npm registry API โ€” current version, dependencies, weekly downloads, repo URL, license, keywords, README excerpt, deprecation flag โ€” export to JSON or CSV. Free npm registry + downloads API, no key required.