The problem
The EU Cyber Resilience Act deadline is September 11, 2026 — 150 days away.
Developers need a simple way to check if their WordPress plugins or
Rust crates are compliant — without installing anything or reading
through JSON files.
What I built
CRA Compliance API — a free public REST API built with PHP 8.4
and Symfony 8.0.
Three endpoints, zero authentication required:
Check API status
GET https://web-production-8ad02.up.railway.app/api/status
Check WordPress plugin
GET https://web-production-8ad02.up.railway.app/api/check/plugin/{slug}
Check Rust crate
GET https://web-production-8ad02.up.railway.app/api/check/crate/{name}
Example response
{
"slug": "woocommerce",
"name": "WooCommerce",
"version": "10.6.2",
"cra_status": "ok",
"issues": [],
"checked_at": "2026-04-14T11:04:34+00:00"
}
Status values
-
ok— no issues -
warning— not updated in 6+ months -
risk— not updated in 12+ months -
unknown— cannot determine status
Try it now
Check WooCommerce:
https://web-production-8ad02.up.railway.app/api/check/plugin/woocommerce
Check an old abandoned crate:
https://web-production-8ad02.up.railway.app/api/check/crate/rustc-serialize
What's next
- Add WPScan vulnerability data
- Add rate limiting
- Add caching with Redis
GitHub: https://github.com/gritzon/cra-api
Free and open source. Feedback welcome!
Top comments (0)