deps.dev API
Software supply-chain and dependency intelligence as an API, powered by deps.dev — Google's Open Source Insights service. Across six package ecosystems (npm, PyPI, Maven, Cargo, Go and NuGet) it answers the questions a registry cannot: what does installing this package actually pull in, and how healthy is the project behind it. List a package's published versions and its default version; read a specific version's declared licenses, the keys of any known security advisories, useful links (source repository, homepage, issue tracker) and related projects; resolve a version's complete TRANSITIVE dependency graph — the total dependency count, the direct dependencies and every transitive node with its exact resolved version and whether it is a direct or indirect dependency; and look up a source project's OpenSSF Scorecard — the overall security score plus per-check results for Maintained, Code-Review, Branch-Protection, Dangerous-Workflow, Vulnerabilities and more — alongside its stars, forks, open issues, license and homepage. For Go modules and Maven artifacts the package name is the full module path or group:artifact (URL-encoded automatically). Ideal for dependency auditing, software-bill-of-materials (SBOM) enrichment, supply-chain risk assessment and license-compliance tooling. Data from deps.dev (Google, CC-BY).
api.oanor.com/depsdev-api
