$ man pypi-package-risk
/pypi-package-risk(1)
PRICE / CALL
$0.01
USDC · base mainnet · scheme: exact
METHOD
POST
CLUSTER
prooflayerCATEGORY
ai
STATUS
● live
NAME
pypi-package-risk — pypi package risk score / python supply-chain scanner
SYNOPSIS
POST https://x402.org/v1/pypi-package-risk
Content-Type: application/json
X-PAYMENT: <signed-transferWithAuthorization>
{ ... }↳ first call →
402 Payment Required. Sign USDCtransferWithAuthorization, retry with theX-PAYMENT header.DESCRIPTION
PyPI package risk score / Python supply-chain scanner. Age, monthly downloads, install-script hooks (cmdclass/setup.py), dependency depth, deprecation, typosquat distance to 50 popular Python packages. Plus LLM risk summary.
INPUT — request schema
| property | type | description | req? |
|---|---|---|---|
| package_name | string | PyPI package distribution name (e.g. 'requests', 'django'). Case-insensitive; resolved via pypi.org/pypi/{name}/json. | required |
| version | string | Optional specific version (e.g. '2.31.0'). Default: latest stable release. | optional |
OUTPUT — response shape
| field | type | description |
|---|---|---|
| package_name | string | PyPI package name that was scanned. |
| version | string | Package version evaluated for the risk score, usually the latest release on PyPI. |
| score | number | Overall risk score from 0 (safe) to 100 (high risk) combining all supply-chain signals. |
| risk_level | string | Categorical risk bucket like low, medium, high, or critical derived from the score. |
| summary | string | LLM-written plain-English risk summary covering the main red flags found in the package. |
| signals | object | Per-check signals: age, monthly downloads, install-script hooks, dep depth, deprecation, typosquat distance. |
| metadata | object | PyPI metadata snapshot: author, upload date, homepage, license, project URLs, and release count. |
EXAMPLES — two ways to call
EXAMPLE 1 · curl
curl -X POST https://x402.org/v1/pypi-package-risk \
-H 'Content-Type: application/json' \
-d '{ }'first response =
402 Payment Required with payment requirements; sign + retry with X-PAYMENT.EXAMPLE 2 · mcp
# install once claude mcp add x402 --command "npx x402-deployer-mcp" # then ask Claude Code: # "use the pypi-package-risk tool to ..."
MCP server handles payment automatically — your coding agent just calls the tool by name.
METADATA
- tags
- pypipythonsupply-chainsecurityrisk
- env
- VENICE_API_KEY
- methods
- POST
- cluster
- prooflayer
- price
- $0.01 USDC per call
ADJACENT — other endpoints in prooflayer
| endpoint | description | price |
|---|---|---|
| cve | CVE lookup / vulnerability database. | $0.005 |
| cve-lookup | CVE lookup / vulnerability database. | $0.005 |
| db-migration-risk | DB migration risk audit / SQL migration safety check / DROP COLUMN detector / unsafe ALTER TABLE detector / Postgres CREATE INDEX CONCURR… | $0.02 |
| deploy-config-risk | deploy config audit / Dockerfile lint / vercel.json hardening / wrangler.toml review / docker-compose.yml safety / fly.toml secrets check… | $0.02 |
| secrets-exposure-check | secrets exposure scan / hardcoded API key detector / .env-committed-key audit / Next.js client env leak detector / pre-deploy secret gate. | $0.02 |
| ai-content-detector | AI content detector / GPT detector / ChatGPT plagiarism checker. | $0.03 |
| dep-risk-summary | repo dependency risk audit / package.json + lockfile vetter / unpinned dep detector / transitive dep counter / requirements.txt audit / p… | $0.03 |
| github-repo-health | GitHub repo health score / open-source maintainability checker. | $0.03 |
SEE ALSO