$ man dep-risk-summary
/dep-risk-summary
PRICE / CALL
$0.03
USDC · base mainnet · scheme: exact
──────────────────────────────────────────────────────────────────────────────
NAME
dep-risk-summary — scores dependency risk for a whole repo from its manifests and lockfiles
SYNOPSIS
POST https://x402.agentutility.ai/dep-risk-summary
Content-Type: application/json
X-PAYMENT: <signed-transferWithAuthorization>
{ ... }↳ first call → 402 Payment Required. Sign USDCtransferWithAuthorization, retry with theX-PAYMENT header.
DESCRIPTION
Scores dependency risk for a whole repo from its manifests and lockfiles. Best-effort scan of package.json, pnpm-lock.yaml, package-lock.json, yarn.lock, bun.lock (JS); requirements.txt, pyproject.toml, poetry.lock (Python); go.mod, go.sum (Go). Samples 10 alphabetically-first direct deps via npm/PyPI registry for deprecation + install-script signals. Returns 0-100 score, per-finding kind/severity/path/evidence/recommendation, and a Venice plain-English verdict. Dual input: {repo: 'owner/name'} or {files: [{path, content}, ...]}. Use it as a package.json + lockfile vetter, unpinned dep detector, transitive dep counter, requirements.txt audit, pyproject dep risk check, deprecated dep detector, install-script dep detector, or Snyk-adjacent repo-level supply-chain risk score.
OUTPUT — response shape
| field | type | description |
|---|
| score | number | Overall dependency risk score from 0 (clean) to 100 (severe), aggregated across findings and sampled registry signals. |
| risk_level | string | Bucketed risk tier derived from score: low, medium, high, or critical. |
| findings | array | Per-issue list with kind, severity, file path, evidence snippet, and recommendation for each detected risk. |
| signals | object | Counters and flags like unpinned deps, deprecated packages, install-script presence, transitive count, and lockfile state. |
| summary | string | Venice-generated plain-English verdict explaining the score and top risks in a few sentences. |
| metadata | object | Scan context including manifests parsed, ecosystems detected, sampled package count, repo or files mode, and timing. |
EXAMPLES — two ways to call
EXAMPLE 1 · curl
curl -X POST https://x402.agentutility.ai/dep-risk-summary \
-H 'Content-Type: application/json' \
-d '{ }'first response = 402 Payment Required with payment requirements; sign + retry with X-PAYMENT.
EXAMPLE 2 · mcp
# Install the MCP package for this endpoint's cluster
npx -y @agentutility/mcp-<cluster>
# Required: EVM private key with USDC on Base
export X402_PRIVATE_KEY=0x...
# Then call the dep-risk-summary tool from your MCP-aware agent.
MCP server handles payment automatically — your coding agent just calls the tool by name.
METADATA
- tags
- securitydependenciessupply-chainnpmpypilockfileprooflayer
- env
- VENICE_API_KEY
- methods
- POST
- cluster
- prooflayer
- price
- $0.03 USDC per call
ADJACENT — other endpoints in prooflayer