The playground

Try any of 919 endpoints — live.

Pick an endpoint, load a working example, tweak the params, and send — no signup to try. Results render the way the data deserves; raw JSON, headers & code are one tab away.

Playground demo key · api.reefapi.com

post/enrich-package/v1/package_trust3 credits

ecosystem+package → registry metadata + downloads + maintainers + license + resolved repository health + vulnerabilities + partial trust score (with per-sub-score inputs)

Working example

Parameters

ecosystemrequired

Package ecosystem. npm/pypi get full registry metadata + downloads; maven/rubygems/crates/go get vulnerabilities + declared-repository health (the wider OSV ecosystem set).

packagerequired

Package name as published in its registry (npm 'lodash', PyPI 'requests', Maven 'group:artifact', Go import path). Scoped npm names like '@scope/pkg' are supported.

versionoptional

Exact installed version to assess for vulnerabilities. Omit to assess the latest published version + ALL known vulns of the package.

modeoptional

basic = registry metadata + license + repo health + score; rich (default) adds the full vulnerability scan, release cadence, contributor bus-factor and a stackoverflow community signal.

request preview

curl -X POST https://api.reefapi.com/enrich-package/v1/package_trust \
  -H "x-api-key: $REEF_KEY" \
  -H "content-type: application/json" \
  -d '{"ecosystem":"npm","package":"lodash","version":"4.17.15","mode":"rich"}'

Hit Send to run this endpoint live.