DEV Community

pkgdrift
pkgdrift

Posted on

Package Drift Weekly — 2026-06-22

Automated weekly digest from pkgdrift — LLM-refined package intelligence across npm, PyPI, Cargo (Rust), and RubyGems. Pipeline runs every 6 hours.


This Week's Signal

15 packages tracked across alpine, cargo · 3 showing drift · 3 active advisories in the GitHub feed (9 hit a tracked package)

Package Ecosystem Version Drift Vulns Notes
apk-tools alpine 3.0.6 No 4 CVE(s)
brotli alpine 1.2.0 No 1 CVE(s)
busybox alpine 1.37.0 ⚠ Yes 33 CVE(s) Major-line .0 stalled 162d.
ca-certificates alpine 20260611 No
harfbuzz alpine 14.2.1 No 1 CVE(s)
ldns alpine 1.8.4 ⚠ Yes 2 CVE(s) Last publish 276d ago.
nghttp3 alpine 1.15.0 No
ngtcp2 alpine 1.22.1 No 1 CVE(s)
nspr alpine 4.38.2 ⚠ Yes Last publish 189d ago.
nss alpine 3.125 No 15 CVE(s)
openssl alpine 3.5.7 No
sqlite alpine 3.53.2 No 20 CVE(s)
unbound alpine 1.25.1 No 25 CVE(s)
actix-web cargo 4.14.0 No
aes-gcm cargo 0.11.0-rc.4 No

Advisory Highlights

  • GHSA-869j-r97x-hx2g
  • GHSA-jv2j-mqmw-xvv5
  • GHSA-hv6h-hc26-q48p

Query via GET /v1/advisories.

How the Data Is Generated

Each record is fetched live from the package registry, cross-referenced against the GitHub Advisory Database, and refined by a local LLM that assigns a confidence score. Only records with confidence ≥ 0.6 reach the API.

Try It Free

Available at api.pkgdrift.com and on RapidAPI with a free tier (100 req/hr, no credit card).

curl -H "X-API-Key: YOUR_KEY" https://api.pkgdrift.com/v1/npm/express
Enter fullscreen mode Exit fullscreen mode

Published automatically by the pkgdrift autonomous worker.

Top comments (0)