API Reference
Authentication
All authenticated endpoints accept either:
- Session cookie (from dashboard login via GitHub OAuth)
- API key via
X-API-Keyheader (for CLI and GitHub Action)
X-API-Key: dg_live_xxxxxxxxxxxxxxxxxxxxPublic Endpoints
GET /api/package/:name/score
Returns the health score for a single npm package.
Response:
{
"packageName": "express",
"score": 71,
"riskLevel": "stable",
"abandonmentRisk": false,
"dimensions": {
"maintenance": 68,
"busFactor": 75,
"issueHealth": 72,
"downloadTrend": 80,
"depFreshness": 60,
"vulnerability": 70
},
"topFactors": [
{ "label": "Maintenance", "reason": "Last commit 4 months ago" },
{ "label": "Dep Freshness", "reason": "3 dependencies 2+ major versions behind" }
],
"computedAt": "2026-06-01T00:00:00Z"
}GET /api/report/:share_token
Returns a full scan report by its public share token.
Authenticated Endpoints
POST /api/scan
Scan a list of npm packages and return a full scored report.
Body:
{
"packages": ["express@4.18.2", "lodash@4.17.21"],
"lockfileHash": "abc123"
}POST /api/projects
Create a new saved project.
Body:
{
"name": "My App",
"githubRepo": "owner/repo"
}Error Responses
All errors follow this format:
{
"error": "Human-readable message",
"code": "ERROR_CODE"
}| Code | Status | Meaning |
|---|---|---|
UNAUTHORIZED | 401 | Missing or invalid auth |
PLAN_REQUIRED | 403 | Feature requires Pro/Team plan |
NOT_FOUND | 404 | Resource not found |
VALIDATION_ERROR | 400 | Invalid request body |
RATE_LIMITED | 429 | Too many requests |