DEV Community

endoflife-ai
endoflife-ai

Posted on • Originally published at endoflife.ai

We built a free API for software end-of-life dates and risk scores (460+ products)

Originally published at endoflife.ai/api.

Every outage post-mortem has a cousin: the "we were running an EOL version and didn't know" security incident. Debian 12 just went EOL this month, Spring Framework 6.2 and Spring Boot 3.5 hit end of support in June, and PostgreSQL 14 goes EOL in November. If your tooling can't answer "is anything in my stack out of support?", you find out the hard way.

We run endoflife.ai, which tracks end-of-life dates and security-support status for 460+ software products and scores every version with a 0-100 EOL Risk Score (factors: how long past EOL, attack surface, CISA KEV exposure, whether extended support exists). Today the whole dataset is queryable over a plain REST API.

One request, no auth

curl https://api.endoflife.ai/v1/score/nodejs/18
Enter fullscreen mode Exit fullscreen mode
{
  "product": "nodejs",
  "version": "18",
  "eol_date": "2025-04-30",
  "status": "eol",
  "days_past_eol": 439,
  "score": 85,
  "grade": "F",
  "band": "Critical",
  "extended_support_available": true
}
Enter fullscreen mode Exit fullscreen mode

What's in the box

  • GET /v1/score/:slug/:version - risk score for a specific version
  • GET /v1/status/:slug/:version - simple is-it-supported check for CI gates
  • POST /v1/batch - score your whole stack in one call
  • GET /v1/metrics?stack=nodejs:18,python:3.8 - Prometheus exposition format, ready to scrape into Grafana
  • GET /v1/badge/:slug/:version - Shields.io endpoint badges for your README
  • OpenAPI 3.0 spec - import into Postman/Insomnia or generate a client

Limits

Anonymous: 100 requests/day. A free API key (emailed instantly, no card) raises that to 500/day. Paid tiers exist for production volumes.

Lifecycle data is served live from endoflife.date cycle data (cached at the edge), with our own scoring layer on top: EOL recency, attack-surface weighting, CISA KEV mapping, and extended-support vendor coverage.

A CI example

Fail a pipeline when anything in the stack goes EOL:

STATUS=$(curl -s https://api.endoflife.ai/v1/status/nodejs/18 | jq -r .is_eol)
if [ "$STATUS" = "true" ]; then
  echo "::error::Node 18 is past end-of-life"
  exit 1
fi
Enter fullscreen mode Exit fullscreen mode

(There's also a ready-made GitHub Action, a VS Code extension, and an MCP server if you'd rather your AI agent checks for you.)

Docs and live playground: endoflife.ai/api

Questions or weird edge cases? Comments welcome.

Top comments (0)