Ecosystem Stats
Get aggregate vulnerability counts from OSV.dev across all tracked ecosystems.
Endpoint
GET /api/v1/ecosystem-statsResponse
json
{
"success": true,
"data": {
"totalEcosystems": 38,
"totalVulnerabilities": 567073,
"topEcosystems": [
{ "name": "npm", "count": 214344 },
{ "name": "PyPI", "count": 17625 },
{ "name": "Maven", "count": 6135 }
],
"allEcosystems": {
"npm": 214344,
"Debian": 52172,
"Ubuntu": 50032,
"PyPI": 17625,
"Maven": 6135
}
},
"timestamp": "2024-01-15T12:00:00.000Z"
}Response Fields
| Field | Type | Description |
|---|---|---|
totalEcosystems | number | Total number of ecosystems tracked by OSV |
totalVulnerabilities | number | Total vulnerabilities across all ecosystems |
topEcosystems | array | Top 3 package manager ecosystems by count |
allEcosystems | object | Vulnerability counts for all ecosystems |
Top Ecosystem Object
| Field | Type | Description |
|---|---|---|
name | string | Ecosystem name (e.g., npm, PyPI) |
count | number | Number of vulnerabilities in this ecosystem |
Example
bash
curl https://api.vulnpatch.dev/api/v1/ecosystem-statsCode Examples
javascript
async function getEcosystemStats() {
const response = await fetch('https://api.vulnpatch.dev/api/v1/ecosystem-stats');
const { data } = await response.json();
console.log(`Tracking ${data.totalEcosystems} ecosystems`);
console.log(`Total vulnerabilities: ${data.totalVulnerabilities.toLocaleString()}`);
console.log('\nTop ecosystems:');
for (const eco of data.topEcosystems) {
console.log(` ${eco.name}: ${eco.count.toLocaleString()}`);
}
}python
import requests
response = requests.get('https://api.vulnpatch.dev/api/v1/ecosystem-stats')
data = response.json()['data']
print(f"Tracking {data['totalEcosystems']} ecosystems")
print(f"Total vulnerabilities: {data['totalVulnerabilities']:,}")
print("\nTop ecosystems:")
for eco in data['topEcosystems']:
print(f" {eco['name']}: {eco['count']:,}")Use Cases
- Dashboard widgets: Display ecosystem coverage and vulnerability counts
- Landing pages: Show live statistics about vulnerability tracking
- Monitoring: Track growth of vulnerability databases over time
Data Source
This endpoint aggregates data from OSV.dev, which tracks vulnerabilities across 38+ ecosystems including:
- Package managers: npm, PyPI, Maven, Go, crates.io, RubyGems
- Linux distributions: Debian, Ubuntu, Alpine, Red Hat, SUSE
- Container images: Chainguard, Wolfi, Bitnami
Caching
This endpoint is cached for 24 hours since ecosystem counts are relatively stable. The X-Cache header indicates cache status.