Name: dep-risk-summary
Price: 0.03 USDC
Availability: InStock

$ man dep-risk-summary

agentutility / prooflayer / dep-risk-summary

PRICE / CALL

$0.03

USDC · base mainnet · scheme: exact

METHOD

POST

CLUSTER

prooflayer

CATEGORY

STATUS

● live

NAME

dep-risk-summary — repo dependency risk audit / package.json + lockfile vetter / unpinned dep detector / transitive dep counter / requirements.txt audit / p…

SYNOPSIS

POST https://x402.org/v1/dep-risk-summary
     Content-Type: application/json
     X-PAYMENT:    <signed-transferWithAuthorization>

     { ... }

↳ first call → 402 Payment Required. Sign USDCtransferWithAuthorization, retry with theX-PAYMENT header.

DESCRIPTION

repo dependency risk audit / package.json + lockfile vetter / unpinned dep detector / transitive dep counter / requirements.txt audit / pyproject dep risk / repo-level supply-chain risk score / Snyk-adjacent / deprecated dep detector / install-script dep detector. Best-effort scan of package.json, pnpm-lock.yaml, package-lock.json, yarn.lock, bun.lock (JS); requirements.txt, pyproject.toml, poetry.lock (Python); go.mod, go.sum (Go). Samples 10 alphabetically-first direct deps via npm/PyPI registry for deprecation + install-script signals. Returns 0-100 score, per-finding kind/severity/path/evidence/recommendation, and a Venice plain-English verdict. Dual input: {repo: 'owner/name'} or {files: [{path, content}, …]}.

OUTPUT — response shape

field	type	description
score	number	Overall dependency risk score from 0 (clean) to 100 (severe), aggregated across findings and sampled registry signals.
risk_level	string	Bucketed risk tier derived from score: low, medium, high, or critical.
findings	array	Per-issue list with kind, severity, file path, evidence snippet, and recommendation for each detected risk.
signals	object	Counters and flags like unpinned deps, deprecated packages, install-script presence, transitive count, and lockfile state.
summary	string	Venice-generated plain-English verdict explaining the score and top risks in a few sentences.
metadata	object	Scan context including manifests parsed, ecosystems detected, sampled package count, repo or files mode, and timing.

EXAMPLES — two ways to call

EXAMPLE 1 · curl

curl -X POST https://x402.org/v1/dep-risk-summary \
  -H 'Content-Type: application/json' \
  -d '{ }'

first response = 402 Payment Required with payment requirements; sign + retry with X-PAYMENT.

EXAMPLE 2 · mcp

# install once
claude mcp add x402 --command "npx x402-deployer-mcp"

# then ask Claude Code:
# "use the dep-risk-summary tool to ..."

MCP server handles payment automatically — your coding agent just calls the tool by name.

METADATA

tags: securitydependenciessupply-chainnpmpypilockfileprooflayer
env: VENICE_API_KEY
methods: POST
cluster: prooflayer
price: $0.03 USDC per call

ADJACENT — other endpoints in prooflayer

endpoint	description	price
ai-content-detector	AI content detector / GPT detector / ChatGPT plagiarism checker.	$0.03
github-repo-health	GitHub repo health score / open-source maintainability checker.	$0.03
package-risk-npm	npm package risk score / supply-chain scanner / typosquat detector.	$0.03
prompt-injection-surface	AI prompt injection surface scanner / LLM call-site audit / unsanitized user input in prompts detector / system-message mixing flag / unb…	$0.03
db-migration-risk	DB migration risk audit / SQL migration safety check / DROP COLUMN detector / unsafe ALTER TABLE detector / Postgres CREATE INDEX CONCURR…	$0.02
deploy-config-risk	deploy config audit / Dockerfile lint / vercel.json hardening / wrangler.toml review / docker-compose.yml safety / fly.toml secrets check…	$0.02
secrets-exposure-check	secrets exposure scan / hardcoded API key detector / .env-committed-key audit / Next.js client env leak detector / pre-deploy secret gate.	$0.02
pypi-package-risk	PyPI package risk score / Python supply-chain scanner.	$0.01

/dep-risk-summary(1)