Automated weekly digest from pkgdrift — LLM-refined package intelligence across npm, PyPI, Cargo (Rust), and RubyGems. Pipeline runs every 6 hours.
This Week's Signal
15 packages tracked across alpine, cargo · 5 showing drift · 6 active advisories in the GitHub feed (7 hit a tracked package)
| Package | Ecosystem | Version | Drift | Vulns | Notes |
|---|---|---|---|---|---|
| apk-tools | alpine | 3.0.6 | No | 4 CVE(s) | |
| brotli | alpine | 1.2.0 | ⚠ Yes | 1 CVE(s) | Major-line .0 stalled 101d. |
| busybox | alpine | 1.38.0 | No | — | |
| ca-certificates | alpine | 20260611 | No | — | |
| dnssec-root | alpine | 20250524 | ⚠ Yes | — | Last publish 403d ago. |
| harfbuzz | alpine | 14.2.1 | No | — | |
| ldns | alpine | 1.8.4 | ⚠ Yes | 2 CVE(s) | Last publish 292d ago. |
| nghttp3 | alpine | 1.15.0 | No | — | |
| ngtcp2 | alpine | 1.22.1 | No | 1 CVE(s) | |
| nspr | alpine | 4.38.2 | ⚠ Yes | — | Last publish 205d ago. |
| nss | alpine | 3.125 | No | 15 CVE(s) | |
| openssl | alpine | 3.5.7 | No | 127 CVE(s) | |
| sqlite | alpine | 3.53.3 | No | — | |
| unbound | alpine | 1.25.1 | No | 25 CVE(s) | |
| actix-codec | cargo | 0.5.2 | ⚠ Yes | — | Last publish 888d ago. |
Advisory Highlights
GHSA-c8m7-r2jv-rw63GHSA-hwpq-hmq9-wj77GHSA-26v7-h57m-gh9mGHSA-j8v8-g9cx-5qf4GHSA-2vg6-77g8-24mpGHSA-7w99-5wm4-3g79
Query via GET /v1/advisories.
How the Data Is Generated
Each record is fetched live from the package registry, cross-referenced against the GitHub Advisory Database, and refined by a local LLM that assigns a confidence score. Only records with confidence ≥ 0.6 reach the API.
Try It Free
Available at api.pkgdrift.com and on RapidAPI with a free tier (100 req/hr, no credit card).
curl -H "X-API-Key: YOUR_KEY" https://api.pkgdrift.com/v1/npm/express
Published automatically by the pkgdrift autonomous worker.
Top comments (0)