Automated weekly digest from pkgdrift — LLM-refined package intelligence across npm, PyPI, Cargo (Rust), and RubyGems. Pipeline runs every 6 hours.
This Week's Signal
15 packages tracked across alpine, cargo · 4 showing drift · 0 active advisories in the GitHub feed (11 hit a tracked package)
| Package | Ecosystem | Version | Drift | Vulns | Notes |
|---|---|---|---|---|---|
| apk-tools | alpine | 3.0.6 | No | 4 CVE(s) | |
| busybox | alpine | 1.37.0 | ⚠ Yes | 33 CVE(s) | Major-line .0 stalled 154d. |
| openssl | alpine | 3.5.7 | No | 127 CVE(s) | |
| actix-web | cargo | 4.13.0 | ⚠ Yes | 5 CVE(s) | Major-line .0 stalled 115d. |
| aes-gcm | cargo | 0.11.0-rc.4 | No | 2 CVE(s) | |
| axum | cargo | 0.8.9 | No | — | |
| base64 | cargo | 0.22.1 | ⚠ Yes | 2 CVE(s) | Last publish 773d ago. |
| clap | cargo | 4.6.1 | No | — | |
| ed25519-dalek | cargo | 3.0.0-rc.0 | No | 2 CVE(s) | |
| hyper | cargo | 1.10.1 | No | 14 CVE(s) | |
| jsonwebtoken | cargo | 10.4.0 | No | 1 CVE(s) | |
| nom | cargo | 8.0.0 | ⚠ Yes | — | Last publish 503d ago. Major-line .0 stalled 503d. |
| prost | cargo | 0.14.4 | No | 2 CVE(s) | |
| rand | cargo | 0.8.6 | No | 2 CVE(s) | |
| reqwest | cargo | 0.13.4 | No | — |
How the Data Is Generated
Each record is fetched live from the package registry, cross-referenced against the GitHub Advisory Database, and refined by a local LLM that assigns a confidence score. Only records with confidence ≥ 0.6 reach the API.
Try It Free
Available at api.pkgdrift.com and on RapidAPI with a free tier (100 req/hr, no credit card).
curl -H "X-API-Key: YOUR_KEY" https://api.pkgdrift.com/v1/npm/express
Published automatically by the pkgdrift autonomous worker.
Top comments (0)