Skip to main content
API Live Now

PkgWatch: Know which packages will fail before they break your build

Predictive health scores for npm and Python packages. Get warned about abandonment risk months before it becomes your 3am incident.

Try Live Demo View API Docs
2,500+ packages tracked
Free tier available
Try free no signup
The Problem

Packages are ticking time bombs

Every year, critical packages get abandoned, compromised, or sabotaged. By the time you notice, it's already breaking production.

💥
colors + faker
January 2022

Maintainer intentionally corrupted packages with infinite loops, breaking thousands of projects overnight.

25M+ weekly downloads affected
🎯
event-stream
November 2018

Maintainer handed off project to attacker who injected cryptocurrency-stealing malware.

2M+ downloads with malware
🐍
PyPI ctx + phpass
May 2022

Attackers hijacked legitimate packages through expired maintainer domains, injecting credential-stealing malware.

Account takeover attack

These weren't security vulnerabilities. They were maintainer problems—a blind spot in traditional tooling.

Live Demo

Try it now - no signup required

Enter any npm or PyPI package name to see its health score and risk assessment in real-time.

Enter a package name to check its health score

Try:
Predictive Intelligence

The first tool that predicts package health

Security scanners alert you to known CVEs. We predict abandonment 6-12 months before it happens. Different problem, different solution.

Predictive
emerging space
PkgWatch We created this category
Reactive
Snyk Dependabot npm audit
deps.dev libraries.io

Your security tools find known vulnerabilities. PkgWatch finds the packages that will cause problems next year.

Developer Tools

Integrate anywhere in your workflow

Use the CLI for local development or the GitHub Action for CI/CD. Both connect to the same API.

CLI

@pkgwatch/cli

Catch risky packages before they ship — right from your terminal.

# Try without installing (demo mode)
npx @pkgwatch/cli check express
# Or install globally
npm install -g @pkgwatch/cli
# Configure your API key
pkgwatch config set
# Scan npm project (CI-friendly)
pkgwatch scan --fail-on HIGH
# Scan Python project
pkgwatch scan -e pypi --fail-on HIGH
# Scan entire monorepo
pkgwatch scan --recursive --max-manifests 200

GitHub Action

Dlaranjo/pkgwatch/action

Block risky packages from ever reaching main. Automatic scanning on every PR. 

- name: Scan dependencies
  uses: Dlaranjo/pkgwatch/action@v1
  with:
    api-key: ${{ secrets.PKGWATCH_API_KEY }}
    fail-on: HIGH
    scan-mode: recursive
    max-manifests: '200'  # default: 100

Both tools work in demo mode (20 requests/hour) without an API key. Try the live demo above.

Start watching your packages today

Get your free API key and unlock 5,000 requests per month.

Get Free API Key View on GitHub
5,000 free requests/month
No credit card required
2,500+ packages tracked

Predictions validated with academic survival analysis methodology.

Want to try first? The CLI works without an API key:

npx @pkgwatch/cli check express

Demo mode: 20 requests/hour