Package Health
Get maintenance health scores for tracked packages. Scores reflect maintainer activity, orphan status, historical fix velocity, and open issue count.
Endpoints
GET /api/v1/package-health
GET /api/v1/package-health/:nameResponse (All Packages)
json
{
"success": true,
"data": {
"packages": {
"openssl": {
"score": 85,
"grade": "A",
"isOrphaned": false,
"maintainerCount": 3,
"avgFixDays": 8.5,
"openIssueCount": 2
},
"libsoup_3": {
"score": 35,
"grade": "D",
"isOrphaned": true,
"maintainerCount": 0,
"avgFixDays": null,
"openIssueCount": 4
}
},
"totalPackages": 45,
"orphanedCount": 8,
"distribution": {
"A": 10,
"B": 15,
"C": 10,
"D": 5,
"F": 5
}
},
"timestamp": "2026-02-10T12:00:00.000Z"
}Response Fields
Per-package Data
| Field | Type | Description |
|---|---|---|
score | number | Health score 0-100 |
grade | string | Letter grade: A (80+), B (60+), C (40+), D (20+), F (0-19) |
isOrphaned | boolean | Whether the package has no known maintainer |
maintainerCount | number | Number of active maintainers |
avgFixDays | number|null | Historical average days to fix CVEs |
openIssueCount | number | Currently open security issues |
Summary Fields
| Field | Type | Description |
|---|---|---|
totalPackages | number | Total packages with health data |
orphanedCount | number | Packages with no maintainer |
distribution | object | Count of packages by grade |
Single Package
bash
curl https://api.vulnpatch.dev/api/v1/package-health/opensslReturns the health data for the specified package, or null if not tracked.
Example
bash
# All packages
curl https://api.vulnpatch.dev/api/v1/package-health
# Single package
curl https://api.vulnpatch.dev/api/v1/package-health/opensslCode Examples
javascript
async function getOrphanedPackages() {
const response = await fetch('https://api.vulnpatch.dev/api/v1/package-health');
const { data } = await response.json();
const orphaned = Object.entries(data.packages)
.filter(([, pkg]) => pkg.isOrphaned)
.sort((a, b) => b[1].openIssueCount - a[1].openIssueCount);
console.log(`Orphaned packages: ${orphaned.length}`);
orphaned.forEach(([name, pkg]) => {
console.log(` ${name}: ${pkg.openIssueCount} open issues, grade ${pkg.grade}`);
});
}python
import requests
response = requests.get("https://api.vulnpatch.dev/api/v1/package-health")
data = response.json()["data"]
orphaned = {name: pkg for name, pkg in data["packages"].items() if pkg["isOrphaned"]}
print(f"Orphaned: {len(orphaned)} / {data['totalPackages']}")
for name, pkg in sorted(orphaned.items(), key=lambda x: x[1]["openIssueCount"], reverse=True):
print(f" {name}: {pkg['openIssueCount']} issues, grade {pkg['grade']}")Use Cases
- Maintainer recruitment: Identify orphaned packages that need adoption
- Risk assessment: Factor maintenance health into vulnerability prioritization
- Reporting: Track package ecosystem health over time
Caching
Data is computed every 30 minutes via cron.
Related Endpoints
GET /api/v1/fix-etas- Predicted fix timelines (uses health data)GET /api/v1/analytics/time-to-fix- Cross-distro time-to-fixGET /api/v1/rebuild-impact- Rebuild blast radius