depGraph

API Reference

Integrate DepGraph intelligence directly into your own internal tooling using our REST API.

Authentication

All authenticated endpoints accept either a session cookie (from GitHub OAuth login) or an API key via header:

bash
X-API-Key: dg_live_xxxxxxxxxxxxxxxxxxxx

Public Endpoints

GETGET /api/package/:name/score

Returns the health score for a single npm package.

json
{
  "packageName": "express",
  "score": 71,
  "riskLevel": "stable",
  "abandonmentRisk": false,
  "dimensions": {
    "maintenance": 68,
    "busFactor": 75,
    "issueHealth": 72,
    "downloadTrend": 80,
    "depFreshness": 60,
    "vulnerability": 70
  },
  "topFactors": [
    { "label": "Maintenance", "reason": "Last commit 4 months ago" },
    { "label": "Dep Freshness", "reason": "3 dependencies 2+ major versions behind" }
  ],
  "computedAt": "2026-06-01T00:00:00Z"
}

GETGET /api/report/:share_token

Returns a full scan report by its public share token.

Authenticated Endpoints

POSTPOST /api/scan

Scan a list of npm packages and return a full scored report.

json
{
  "packages": ["express@4.18.2", "lodash@4.17.21"],
  "lockfileHash": "abc123"
}

POSTPOST /api/projects

Create a new saved project in your dashboard.

json
{
  "name": "My App",
  "githubRepo": "owner/repo"
}

Error Responses

All errors follow this envelope format:

json
{
  "error": "Human-readable message",
  "code": "ERROR_CODE"
}
CodeHTTP StatusMeaning
UNAUTHORIZED401Missing or invalid auth
PLAN_REQUIRED403Feature requires Pro/Team plan
NOT_FOUND404Resource not found
VALIDATION_ERROR400Invalid request body
RATE_LIMITED429Too many requests