Originally published at endoflife.ai/api.
Every outage post-mortem has a cousin: the "we were running an EOL version and didn't know" security incident. Debian 12 just went EOL this month, Spring Framework 6.2 and Spring Boot 3.5 hit end of support in June, and PostgreSQL 14 goes EOL in November. If your tooling can't answer "is anything in my stack out of support?", you find out the hard way.
We run endoflife.ai, which tracks end-of-life dates and security-support status for 460+ software products and scores every version with a 0-100 EOL Risk Score (factors: how long past EOL, attack surface, CISA KEV exposure, whether extended support exists). Today the whole dataset is queryable over a plain REST API.
One request, no auth
curl https://api.endoflife.ai/v1/score/nodejs/18
{
"product": "nodejs",
"version": "18",
"eol_date": "2025-04-30",
"status": "eol",
"days_past_eol": 439,
"score": 85,
"grade": "F",
"band": "Critical",
"extended_support_available": true
}
What's in the box
-
GET /v1/score/:slug/:version- risk score for a specific version -
GET /v1/status/:slug/:version- simple is-it-supported check for CI gates -
POST /v1/batch- score your whole stack in one call -
GET /v1/metrics?stack=nodejs:18,python:3.8- Prometheus exposition format, ready to scrape into Grafana -
GET /v1/badge/:slug/:version- Shields.io endpoint badges for your README - OpenAPI 3.0 spec - import into Postman/Insomnia or generate a client
Limits
Anonymous: 100 requests/day. A free API key (emailed instantly, no card) raises that to 500/day. Paid tiers exist for production volumes.
Lifecycle data is served live from endoflife.date cycle data (cached at the edge), with our own scoring layer on top: EOL recency, attack-surface weighting, CISA KEV mapping, and extended-support vendor coverage.
A CI example
Fail a pipeline when anything in the stack goes EOL:
STATUS=$(curl -s https://api.endoflife.ai/v1/status/nodejs/18 | jq -r .is_eol)
if [ "$STATUS" = "true" ]; then
echo "::error::Node 18 is past end-of-life"
exit 1
fi
(There's also a ready-made GitHub Action, a VS Code extension, and an MCP server if you'd rather your AI agent checks for you.)
Docs and live playground: endoflife.ai/api
Questions or weird edge cases? Comments welcome.
Top comments (0)