Optional OSV.dev lookup for malicious npm package advisories.
The OpenSSF malicious-packages dataset is published in OSV format and is ingested by OSV.dev. Calls are opt-in so normal installs remain offline and deterministic unless a caller explicitly enables online checks.
Summary
Functions
Build the OSV batch query body for npm package versions.
Return whether an OSV advisory is a malicious-package report.
Build the OSV package-version query body for an npm package.
Query OSV.dev for one npm package version.
Query OSV.dev for multiple npm package versions.
Functions
Build the OSV batch query body for npm package versions.
Return whether an OSV advisory is a malicious-package report.
Build the OSV package-version query body for an npm package.
Query OSV.dev for one npm package version.
@spec query_packages( [{String.t(), String.t()}], keyword() ) :: {:ok, %{required(String.t()) => [map()]}} | {:error, term()}
Query OSV.dev for multiple npm package versions.