{"endpoint":"/api/dev/package-risk","method":"POST","service_trust":"https://defi-shield-hazel.vercel.app/api/trust-signal","free_check":{"endpoint":"https://defi-shield-hazel.vercel.app/api/free/token-check","method":"POST","price":"FREE","note":"Try before you buy — free basic token safety check with risk math."},"also_available_on":{"virtuals_acp":{"agent":"Authensor","agent_id":18805,"offerings":["pre_trade_safety","token_deep_scan","wallet_report","batch_seal"],"marketplace":"https://app.virtuals.io/acp/scan/agents","note":"Same service, accessible to 18,000+ autonomous agents on Virtuals Protocol."},"mcp_server":{"package":"devsecure-mcp","install":"npx devsecure-mcp","tools":67,"note":"Install as MCP server in Claude, Cursor, or any MCP-compatible client for direct tool access."},"bazaar":"https://defi-shield-hazel.vercel.app/.well-known/x402","agent_card":"https://defi-shield-hazel.vercel.app/.well-known/agent-card.json"},"powered_by":"DeFi Shield by Authensor","price":"$0.10","description":"Assess the security risk of an npm package by checking for known CVEs (via OSV.dev), maintainer count, download trends, license status, and update recency.","llm_usage_prompt":"Call this endpoint BEFORE adding any unfamiliar npm package to a project. Provide the package name and ecosystem (default: npm). Returns a 0-100 risk score, list of known CVEs with severity, maintainer count, weekly downloads, latest version, license, and a recommendation (SAFE/CAUTION/RISKY/DANGEROUS). Use this to avoid supply chain attacks and vulnerable dependencies. Costs $0.10.","params":{"package_name":"string (required) - npm package name","ecosystem":"string (optional, default: 'npm') - Package ecosystem"},"exampleRequest":{"package_name":"lodash","ecosystem":"npm"},"exampleResponse":{"package_name":"lodash","ecosystem":"npm","latest_version":"4.17.21","license":"MIT","maintainer_count":3,"weekly_downloads":45000000,"cves":[],"risk_score":5,"recommendation":"SAFE — well-maintained, no known issues"}}