The playground

Try any of 919 endpoints — live.

Pick an endpoint, load a working example, tweak the params, and send — no signup to try. Results render the way the data deserves; raw JSON, headers & code are one tab away.

Playground demo key · api.reefapi.com

post/enrich-package/v1/lockfile_scan5 credits

manifest/lockfile text → dependency list + each dep's vuln/risk summary via one batched vuln scan (BOUNDED: direct + lockfile-pinned deps, max 100; truncated:true when capped). package.json/lock, requirements.txt, go.sum/mod, Cargo.lock, Gemfile.lock

Working example

Parameters

contentrequired

Raw manifest/lockfile text: package.json, package-lock.json, requirements.txt, go.sum/go.mod, Cargo.lock, or Gemfile.lock. Direct (+ lockfile-pinned) deps are scanned; bounded to 100 deps.

filenameoptional

Optional filename hint to disambiguate the manifest format (e.g. 'package-lock.json', 'go.sum'). Auto-detected if omitted.

ecosystemoptional

Optional ecosystem hint when the manifest format is ambiguous.

request preview

curl -X POST https://api.reefapi.com/enrich-package/v1/lockfile_scan \
  -H "x-api-key: $REEF_KEY" \
  -H "content-type: application/json" \
  -d '{"content":"lodash\nflask==2.0.0\nrequests==2.20.0","filename":"requirements.txt"}'

Hit Send to run this endpoint live.