I Built a Python Supply Chain Risk Scanner Using Only Free APIs

Last year, a malicious package on PyPI stole AWS credentials from thousands of developers. The package name was one typo away from a popular library. I wanted to check if MY projects were at risk. Turns out, you can build a surprisingly effective supply chain scanner using three free APIs — no authentication required. The Three Free APIs PyPI JSON API — package metadata, versions, maintainers GitHub API — repo health, contributor count, last commit Libraries.io API — dependency trees, SourceRank scores Step 1: Check Package Health via PyPI import requests from datetime import datetime def check_pypi_health ( package_name ): resp = requests . get ( f " https://pypi.org/pypi/ { package_name } /json " ) if resp . status_code != 200 : return { " package " : package_name , " risk " : " HIGH " , " reason " : " Not found " } data = resp . json () info = data [ " info " ] releases = data [ " releases " ] risks = [] if not info . get ( " home_page " ) and not info . get ( " project_urls " ): ri

I Built a Python Supply Chain Risk Scanner Using Only Free APIs

Related Articles

Crusoe makes big battery buys for its data centers

What Your Engineering Manager Actually Does All Day

The Lego Game Boy makes for a great gift, and it’s $10 off today

How To Apply Global Filters With EF Core Query Filters

Pokémon Champions is coming to the Nintendo Switch on April 8th

Related Articles

How-To
Crusoe makes big battery buys for its data centers
TechCrunch • 2h ago

How-To
What Your Engineering Manager Actually Does All Day
Medium Programming • 3h ago

How-To
The Lego Game Boy makes for a great gift, and it’s $10 off today
The Verge • 4h ago

How-To
How To Apply Global Filters With EF Core Query Filters
Medium Programming • 4h ago

How-To
Pokémon Champions is coming to the Nintendo Switch on April 8th
The Verge • 7h ago