api

API Overview

Programmatic access to sus package security assessments

Introduction

The sus API provides programmatic access to package security assessments. Use it to:

Look up package risk levels before installation
Request scans for packages not yet in the database
Bulk check all dependencies in a project
Integrate security scanning into CI/CD pipelines

The API powers the sus CLI and can be used directly for custom integrations.

Base URL

All API requests use the following base URL:

Text

https://api.sus-pm.com/v1

Quick Example

Check if a package is safe:

Bash

curl https://api.sus-pm.com/v1/packages/express

Response:

JSON

{
  "name": "express",
  "version": "4.21.0",
  "risk_level": "clean",
  "trust_score": 95,
  "publisher": {
    "name": "expressjs",
    "verified": true
  },
  "weekly_downloads": 32000000,
  "cves": [],
  "agentic_threats": [],
  "capabilities": {
    "network": {
      "makes_requests": false,
      "domains": [],
      "protocols": []
    },
    "filesystem": {
      "reads": true,
      "writes": false,
      "paths": []
    },
    "process": {
      "spawns_children": false,
      "commands": []
    },
    "environment": {
      "accessed_vars": ["NODE_ENV"]
    },
    "native": {
      "has_native": false,
      "native_modules": []
    }
  },
  "scanned_at": "2025-01-15T10:30:00Z"
}

Response Format

All responses are JSON. Package assessments include:

Field	Type	Description
`risk_level`	string	One of: `clean`, `warning`, `critical`
`trust_score`	number	0-100 based on maintainers, downloads, age
`cves`	array	Known vulnerabilities with severity and fix versions
`agentic_threats`	array	Detected threats targeting AI agents
`capabilities`	object	Network, filesystem, process, environment access
`docs_md`	string	Generated package documentation (optional)

Authentication

The API is currently publicly accessible. No API key is required.

Rate limiting may apply. If you're building a high-volume integration, contact us for enterprise access.

Error Handling

The API uses standard HTTP status codes:

Status	Description
200	Success
400	Bad request (invalid parameters)
404	Package not found
500	Server error

Error responses include a JSON body:

JSON

{
  "error": "Package not found"
}

Next Steps

Endpoints - Full API reference with all endpoints

On this page

Share feedback