Automated weekly digest from pkgdrift — LLM-refined package intelligence across npm, PyPI, Cargo (Rust), and RubyGems. Pipeline runs every 6 hours.
This Week's Signal
15 packages tracked across alpine, cargo · 3 showing drift · 3 active advisories in the GitHub feed (9 hit a tracked package)
| Package | Ecosystem | Version | Drift | Vulns | Notes |
|---|---|---|---|---|---|
| apk-tools | alpine | 3.0.6 | No | 4 CVE(s) | |
| brotli | alpine | 1.2.0 | No | 1 CVE(s) | |
| busybox | alpine | 1.37.0 | ⚠ Yes | 33 CVE(s) | Major-line .0 stalled 162d. |
| ca-certificates | alpine | 20260611 | No | — | |
| harfbuzz | alpine | 14.2.1 | No | 1 CVE(s) | |
| ldns | alpine | 1.8.4 | ⚠ Yes | 2 CVE(s) | Last publish 276d ago. |
| nghttp3 | alpine | 1.15.0 | No | — | |
| ngtcp2 | alpine | 1.22.1 | No | 1 CVE(s) | |
| nspr | alpine | 4.38.2 | ⚠ Yes | — | Last publish 189d ago. |
| nss | alpine | 3.125 | No | 15 CVE(s) | |
| openssl | alpine | 3.5.7 | No | — | |
| sqlite | alpine | 3.53.2 | No | 20 CVE(s) | |
| unbound | alpine | 1.25.1 | No | 25 CVE(s) | |
| actix-web | cargo | 4.14.0 | No | — | |
| aes-gcm | cargo | 0.11.0-rc.4 | No | — |
Advisory Highlights
GHSA-869j-r97x-hx2gGHSA-jv2j-mqmw-xvv5GHSA-hv6h-hc26-q48p
Query via GET /v1/advisories.
How the Data Is Generated
Each record is fetched live from the package registry, cross-referenced against the GitHub Advisory Database, and refined by a local LLM that assigns a confidence score. Only records with confidence ≥ 0.6 reach the API.
Try It Free
Available at api.pkgdrift.com and on RapidAPI with a free tier (100 req/hr, no credit card).
curl -H "X-API-Key: YOUR_KEY" https://api.pkgdrift.com/v1/npm/express
Published automatically by the pkgdrift autonomous worker.
Top comments (0)