Skip to main content
API Live Now

Know which packages will fail before they break your build

Predictive health scores for npm packages. Get warned about abandonment risk months before it becomes your 3am incident.

Try Live Demo View API Docs
2,500+ packages tracked
Free tier available
Try free no signup
The Problem

Packages are ticking time bombs

Every year, critical packages get abandoned, compromised, or sabotaged. By the time you notice, it's already breaking production.

💥
colors + faker
January 2022

Maintainer intentionally corrupted packages with infinite loops, breaking thousands of projects overnight.

25M+ weekly downloads affected
🎯
event-stream
November 2018

Maintainer handed off project to attacker who injected cryptocurrency-stealing malware.

2M+ downloads with malware
🕳️
left-pad
March 2016

11-line package was unpublished, breaking React, Babel, and thousands of builds worldwide.

Global npm outage
Live Demo

Try it now - no signup required

Enter any npm package name to see its health score and risk assessment in real-time.

Enter an npm package name to check its health score

Try:
REST API

Simple API, powerful insights

Get health scores for any npm package with a single API call. Scan entire projects in seconds.

api.pkgwatch.laranjo.dev
$ curl -H "X-API-Key: YOUR_KEY" \
https://api.pkgwatch.laranjo.dev/packages/npm/express 
{
  "package": "express",
  "ecosystem": "npm",
  "health_score": 83.5,
  "risk_level": "LOW",
  "abandonment_risk": {
    "probability": 3.5,
    "time_horizon_months": 12
  },
  "components": {
    "maintainer_health": 100,
    "evolution_health": 86.5,
    "community_health": 73.7,
    "user_centric": 69.3
  },
  "signals": {
    "weekly_downloads": 37871062,
    "stars": 68517,
    "days_since_last_commit": 0,
    "maintainer_count": 5
  }
}
Available Endpoints
GET /v1/packages/npm/{name} Get package health
POST /v1/scan Scan package.json
GET /v1/usage Check your usage
Features

Everything you need to stay safe

📊

Health Scores

Get 0-100 scores based on maintainer activity, community health, release cadence, and adoption metrics.

🔮

Predict Abandonment

Identify at-risk packages 6-12 months before problems emerge with statistical predictions.

📦

Bulk Scanning

Scan your entire package.json in one API call. Get a complete risk breakdown instantly.

🛡️

Security Signals

Get alerted to deprecations, archived repos, and security advisories before they become blockers.

Developer Tools

Integrate anywhere in your workflow

Use the CLI for local development or the GitHub Action for CI/CD. Both connect to the same API.

CLI

@pkgwatch/cli

Catch risky packages before they ship — right from your terminal.

# Try without installing (demo mode)
npx @pkgwatch/cli check express
# Or install globally
npm install -g @pkgwatch/cli
# Scan your project (CI-friendly)
pkgwatch scan --fail-on HIGH

GitHub Action

Dlaranjo/pkgwatch

Block risky packages from ever reaching main. Automatic scanning on every PR. 

- name: Scan dependencies
  uses: Dlaranjo/pkgwatch@v1
  with:
    api-key: ${{ secrets.PKGWATCH_API_KEY }}
    fail-on: HIGH

Both tools work in demo mode (20 requests/hour) without an API key. Try the live demo above.

Start watching your packages today

Get your free API key and unlock 5,000 requests per month.

Get Free API Key View on GitHub
5,000 free requests/month
No credit card required
2,500+ npm packages tracked

Want to try first? The CLI works without an API key:

npx @pkgwatch/cli check express

Demo mode: 20 requests/hour