npm Pulse API

Base URL https://npm-pulse.vercel.app

REST API with JSON responses. No API key required for the free tier (100 requests/day, rate-limited by IP). Paid plans include higher limits and additional features.

Authentication

Free tier requires no authentication — just send requests. For Pro/Team/Enterprise tiers, include your API key as a Bearer token:

Authorization: Bearer pk_live_your_api_key_here

GET/api/v1/score/:package

Get the Pulse score for any npm package. Supports scoped packages and specific versions.

Parameters

:package

stringrequired

Package name. Supports react, @nuxt/kit, react@18.2.0, @nuxt/kit@3.0.0

Try it

Basic: /api/v1/score/react↗Versioned: /api/v1/score/react@18.2.0↗Scoped: /api/v1/score/@nuxt/kit↗

Response

{
  "package": "react",
  "version": "19.1.0",
  "score": 87,
  "grade": "B",
  "breakdown": {
    "maintenance": { "score": 82, "weight": 30, "factors": [...] },
    "quality":     { "score": 91, "weight": 25, "factors": [...] },
    "security":    { "score": 95, "weight": 25, "factors": [...] },
    "popularity":  { "score": 78, "weight": 20, "factors": [...] }
  },
  "signals": [
    { "type": "positive", "code": "HAS_TYPES",      "message": "TypeScript types included" },
    { "type": "positive", "code": "CLEAN_SECURITY", "message": "No known vulnerabilities" },
    { "type": "positive", "code": "WIDELY_ADOPTED", "message": "22.4M weekly downloads" }
  ],
  "meta": {
    "analyzedAt": "2026-03-29T14:22:00.000Z",
    "dataAge": 0,
    "sources": ["npm-registry", "npm-downloads", "osv-dev", "github-api"],
    "cacheHit": false,
    "apiVersion": "0.1.0"
  }
}

POST/api/v1/batch

Analyze up to 50 packages in a single request. Ideal for auditing a package.json file.

Response

// Request body:
{
  "packages": [
    { "package": "react" },
    { "package": "vue" },
    { "package": "svelte" }
  ]
}

// Response:
{
  "results": [ ...PulseScore, ...PulseScore, ...PulseScore ],
  "total": 3,
  "analyzedAt": "2026-03-29T14:22:00.000Z"
}

GET/api/v1/compare

Side-by-side comparison of 2–5 packages with a data-driven recommendation.

Parameters

packages

stringrequired

Comma-separated list of 2–5 package names. E.g. react,vue,svelte

Try it

Compare 3 frameworks: /api/v1/compare?packages=react,vue,svelte↗

Response

{
  "packages": [ ...PulseScore, ...PulseScore, ...PulseScore ],
  "recommendation": "react leads with a Pulse score of 87/100. Strongest in security (95).",
  "comparedAt": "2026-03-29T14:22:00.000Z"
}

Scoring Methodology

Every score is computed from publicly available data. The algorithm is open source and auditable.

30%Maintenance

Publish recency, release frequency, maintainer count, commit activity, archived status

25%Quality

TypeScript types, module format (ESM/CJS), license presence, description quality, repository link, dependency count, deprecation flag, keywords

25%Security

Known CVEs via OSV.dev, vulnerability severity (critical/high/medium/low), bus factor risk, dependency attack surface

20%Popularity

Weekly downloads (log scale), download trend (rising/stable/declining), GitHub stars

Rate Limits

Free

100

per day

Pro

10,000

per day

Team

50,000

per day

Enterprise

Unlimited

per day

Rate limit headers: X-RateLimit-Remaining · X-RateLimit-Reset

Error Responses

400

Bad Request

Invalid package name or missing required parameters.

404

Not Found

Package does not exist on the npm registry.

429

Rate Limited

You have exceeded the rate limit for your tier. Check X-RateLimit-Reset.

500

Server Error

An upstream API failed. The response may include a stale cached result.