We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/safedep/vet'
If you have feedback or need assistance with the MCP directory API, please join our Discord server
openapi: 3.0.2
info:
title: SafeDep OSS Insights API
contact:
name: SafeDep API
url: 'https://safedep.io'
description: |
The Insights API expose various metadata about OSS artifacts. Clients can
query this API to gather the data required for rich policy decision making
for various use-cases.
version: 1.0.0
servers:
- url: 'https://{apiHost}/{apiBase}'
variables:
apiHost:
default: api.safedep.io
apiBase:
default: insights/v1
tags:
- name: Package Meta Data
description: Package meta data related operations
- name: Infrastructure
description: Infrastructure support operations
paths:
/healthz:
get:
description: Get health check status
operationId: getHealthCheckStatus
tags:
- Infrastructure
security: []
responses:
'200':
description: Server is operational
'/{ecosystem}/packages/{name}/versions/{version}':
get:
description: Get metadata for a package version
operationId: getPackageVersionInsight
tags:
- Package Meta Data
security:
- api_key: []
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/PackageVersionInsight'
'403':
description: Access to the API is denied
content:
application/json:
schema:
$ref: '#/components/schemas/ApiError'
'404':
description: Requested resource was not found
content:
application/json:
schema:
$ref: '#/components/schemas/ApiError'
'429':
description: Rate limit block
content:
application/json:
schema:
$ref: '#/components/schemas/ApiError'
'500':
description: Failed due to internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/ApiError'
parameters:
- name: ecosystem
in: path
required: true
schema:
type: string
description: Case insensitive ecosystem name
enum:
- Maven
- RubyGems
- Go
- npm
- PyPI
- Cargo
- NuGet
- Linux
- Debian
- Github Actions
- name: name
in: path
required: true
schema:
type: string
- name: version
in: path
required: true
schema:
type: string
components:
securitySchemes:
api_key:
type: apiKey
name: Authorization
in: header
schemas:
ApiError:
type: object
properties:
message:
type: string
description: A descriptive message about the error meant for developer consumption
type:
type: string
description: An optional service or domain specific error group
code:
type: string
description: An error code identifying the error
params:
type: object
description: Optional error specific attributes
additionalProperties:
type: object
properties:
key:
type: string
value:
type: string
PackageVersion:
type: object
required:
- ecosystem
- name
- version
properties:
ecosystem:
type: string
description: The ecosystem where this package belongs to
name:
type: string
description: The name of the package
version:
type: string
description: The version of the package
License:
type: string
description: License SPDX code
enum:
- 0BSD
- AAL
- Abstyles
- Adobe-2006
- Adobe-Glyph
- ADSL
- AFL-1.1
- AFL-1.2
- AFL-2.0
- AFL-2.1
- AFL-3.0
- Afmparse
- AGPL-1.0
- AGPL-1.0-only
- AGPL-1.0-or-later
- AGPL-3.0
- AGPL-3.0-only
- AGPL-3.0-or-later
- Aladdin
- AMDPLPA
- AML
- AMPAS
- ANTLR-PD
- ANTLR-PD-fallback
- Apache-1.0
- Apache-1.1
- Apache-2.0
- APAFML
- APL-1.0
- App-s2p
- APSL-1.0
- APSL-1.1
- APSL-1.2
- APSL-2.0
- Arphic-1999
- Artistic-1.0
- Artistic-1.0-cl8
- Artistic-1.0-Perl
- Artistic-2.0
- Baekmuk
- Bahyph
- Barr
- Beerware
- Bitstream-Vera
- BitTorrent-1.0
- BitTorrent-1.1
- blessing
- BlueOak-1.0.0
- Borceux
- BSD-1-Clause
- BSD-2-Clause
- BSD-2-Clause-FreeBSD
- BSD-2-Clause-NetBSD
- BSD-2-Clause-Patent
- BSD-2-Clause-Views
- BSD-3-Clause
- BSD-3-Clause-Attribution
- BSD-3-Clause-Clear
- BSD-3-Clause-LBNL
- BSD-3-Clause-Modification
- BSD-3-Clause-No-Military-License
- BSD-3-Clause-No-Nuclear-License
- BSD-3-Clause-No-Nuclear-License-2014
- BSD-3-Clause-No-Nuclear-Warranty
- BSD-3-Clause-Open-MPI
- BSD-4-Clause
- BSD-4-Clause-Shortened
- BSD-4-Clause-UC
- BSD-Protection
- BSD-Source-Code
- BSL-1.0
- BUSL-1.1
- bzip2-1.0.5
- bzip2-1.0.6
- C-UDA-1.0
- CAL-1.0
- CAL-1.0-Combined-Work-Exception
- Caldera
- CATOSL-1.1
- CC-BY-1.0
- CC-BY-2.0
- CC-BY-2.5
- CC-BY-2.5-AU
- CC-BY-3.0
- CC-BY-3.0-AT
- CC-BY-3.0-DE
- CC-BY-3.0-IGO
- CC-BY-3.0-NL
- CC-BY-3.0-US
- CC-BY-4.0
- CC-BY-NC-1.0
- CC-BY-NC-2.0
- CC-BY-NC-2.5
- CC-BY-NC-3.0
- CC-BY-NC-3.0-DE
- CC-BY-NC-4.0
- CC-BY-NC-ND-1.0
- CC-BY-NC-ND-2.0
- CC-BY-NC-ND-2.5
- CC-BY-NC-ND-3.0
- CC-BY-NC-ND-3.0-DE
- CC-BY-NC-ND-3.0-IGO
- CC-BY-NC-ND-4.0
- CC-BY-NC-SA-1.0
- CC-BY-NC-SA-2.0
- CC-BY-NC-SA-2.0-FR
- CC-BY-NC-SA-2.0-UK
- CC-BY-NC-SA-2.5
- CC-BY-NC-SA-3.0
- CC-BY-NC-SA-3.0-DE
- CC-BY-NC-SA-3.0-IGO
- CC-BY-NC-SA-4.0
- CC-BY-ND-1.0
- CC-BY-ND-2.0
- CC-BY-ND-2.5
- CC-BY-ND-3.0
- CC-BY-ND-3.0-DE
- CC-BY-ND-4.0
- CC-BY-SA-1.0
- CC-BY-SA-2.0
- CC-BY-SA-2.0-UK
- CC-BY-SA-2.1-JP
- CC-BY-SA-2.5
- CC-BY-SA-3.0
- CC-BY-SA-3.0-AT
- CC-BY-SA-3.0-DE
- CC-BY-SA-4.0
- CC-PDDC
- CC0-1.0
- CDDL-1.0
- CDDL-1.1
- CDL-1.0
- CDLA-Permissive-1.0
- CDLA-Permissive-2.0
- CDLA-Sharing-1.0
- CECILL-1.0
- CECILL-1.1
- CECILL-2.0
- CECILL-2.1
- CECILL-B
- CECILL-C
- CERN-OHL-1.1
- CERN-OHL-1.2
- CERN-OHL-P-2.0
- CERN-OHL-S-2.0
- CERN-OHL-W-2.0
- checkmk
- ClArtistic
- CNRI-Jython
- CNRI-Python
- CNRI-Python-GPL-Compatible
- COIL-1.0
- Community-Spec-1.0
- Condor-1.1
- copyleft-next-0.3.0
- copyleft-next-0.3.1
- CPAL-1.0
- CPL-1.0
- CPOL-1.02
- Crossword
- CrystalStacker
- CUA-OPL-1.0
- Cube
- curl
- D-FSL-1.0
- diffmark
- DL-DE-BY-2.0
- DOC
- Dotseqn
- DRL-1.0
- DSDP
- dvipdfm
- ECL-1.0
- ECL-2.0
- eCos-2.0
- EFL-1.0
- EFL-2.0
- eGenix
- Elastic-2.0
- Entessa
- EPICS
- EPL-1.0
- EPL-2.0
- ErlPL-1.1
- etalab-2.0
- EUDatagrid
- EUPL-1.0
- EUPL-1.1
- EUPL-1.2
- Eurosym
- Fair
- FDK-AAC
- Frameworx-1.0
- FreeBSD-DOC
- FreeImage
- FSFAP
- FSFUL
- FSFULLR
- FSFULLRWD
- FTL
- GD
- GFDL-1.1
- GFDL-1.1-invariants-only
- GFDL-1.1-invariants-or-later
- GFDL-1.1-no-invariants-only
- GFDL-1.1-no-invariants-or-later
- GFDL-1.1-only
- GFDL-1.1-or-later
- GFDL-1.2
- GFDL-1.2-invariants-only
- GFDL-1.2-invariants-or-later
- GFDL-1.2-no-invariants-only
- GFDL-1.2-no-invariants-or-later
- GFDL-1.2-only
- GFDL-1.2-or-later
- GFDL-1.3
- GFDL-1.3-invariants-only
- GFDL-1.3-invariants-or-later
- GFDL-1.3-no-invariants-only
- GFDL-1.3-no-invariants-or-later
- GFDL-1.3-only
- GFDL-1.3-or-later
- Giftware
- GL2PS
- Glide
- Glulxe
- GLWTPL
- gnuplot
- GPL-1.0
- GPL-1.0+
- GPL-1.0-only
- GPL-1.0-or-later
- GPL-2.0
- GPL-2.0+
- GPL-2.0-only
- GPL-2.0-or-later
- GPL-2.0-with-autoconf-exception
- GPL-2.0-with-bison-exception
- GPL-2.0-with-classpath-exception
- GPL-2.0-with-font-exception
- GPL-2.0-with-GCC-exception
- GPL-3.0
- GPL-3.0+
- GPL-3.0-only
- GPL-3.0-or-later
- GPL-3.0-with-autoconf-exception
- GPL-3.0-with-GCC-exception
- gSOAP-1.3b
- HaskellReport
- Hippocratic-2.1
- HPND
- HPND-sell-variant
- HTMLTIDY
- IBM-pibs
- ICU
- IJG
- ImageMagick
- iMatix
- Imlib2
- Info-ZIP
- Intel
- Intel-ACPI
- Interbase-1.0
- IPA
- IPL-1.0
- ISC
- Jam
- JasPer-2.0
- JPNIC
- JSON
- Knuth-CTAN
- LAL-1.2
- LAL-1.3
- Latex2e
- Leptonica
- LGPL-2.0
- LGPL-2.0+
- LGPL-2.0-only
- LGPL-2.0-or-later
- LGPL-2.1
- LGPL-2.1+
- LGPL-2.1-only
- LGPL-2.1-or-later
- LGPL-3.0
- LGPL-3.0+
- LGPL-3.0-only
- LGPL-3.0-or-later
- LGPLLR
- Libpng
- libpng-2.0
- libselinux-1.0
- libtiff
- libutil-David-Nugent
- LiLiQ-P-1.1
- LiLiQ-R-1.1
- LiLiQ-Rplus-1.1
- Linux-man-pages-copyleft
- Linux-OpenIB
- LOOP
- LPL-1.0
- LPL-1.02
- LPPL-1.0
- LPPL-1.1
- LPPL-1.2
- LPPL-1.3a
- LPPL-1.3c
- LZMA-SDK-9.11-to-9.20
- LZMA-SDK-9.22
- MakeIndex
- Minpack
- MirOS
- MIT
- MIT-0
- MIT-advertising
- MIT-CMU
- MIT-enna
- MIT-feh
- MIT-Modern-Variant
- MIT-open-group
- MITNFA
- Motosoto
- mpi-permissive
- mpich2
- MPL-1.0
- MPL-1.1
- MPL-2.0
- MPL-2.0-no-copyleft-exception
- mplus
- MS-LPL
- MS-PL
- MS-RL
- MTLL
- MulanPSL-1.0
- MulanPSL-2.0
- Multics
- Mup
- NAIST-2003
- NASA-1.3
- Naumen
- NBPL-1.0
- NCGL-UK-2.0
- NCSA
- Net-SNMP
- NetCDF
- Newsletr
- NGPL
- NICTA-1.0
- NIST-PD
- NIST-PD-fallback
- NLOD-1.0
- NLOD-2.0
- NLPL
- Nokia
- NOSL
- Noweb
- NPL-1.0
- NPL-1.1
- NPOSL-3.0
- NRL
- NTP
- NTP-0
- Nunit
- O-UDA-1.0
- OCCT-PL
- OCLC-2.0
- ODbL-1.0
- ODC-By-1.0
- OFL-1.0
- OFL-1.0-no-RFN
- OFL-1.0-RFN
- OFL-1.1
- OFL-1.1-no-RFN
- OFL-1.1-RFN
- OGC-1.0
- OGDL-Taiwan-1.0
- OGL-Canada-2.0
- OGL-UK-1.0
- OGL-UK-2.0
- OGL-UK-3.0
- OGTSL
- OLDAP-1.1
- OLDAP-1.2
- OLDAP-1.3
- OLDAP-1.4
- OLDAP-2.0
- OLDAP-2.0.1
- OLDAP-2.1
- OLDAP-2.2
- OLDAP-2.2.1
- OLDAP-2.2.2
- OLDAP-2.3
- OLDAP-2.4
- OLDAP-2.5
- OLDAP-2.6
- OLDAP-2.7
- OLDAP-2.8
- OML
- OpenSSL
- OPL-1.0
- OPUBL-1.0
- OSET-PL-2.1
- OSL-1.0
- OSL-1.1
- OSL-2.0
- OSL-2.1
- OSL-3.0
- Parity-6.0.0
- Parity-7.0.0
- PDDL-1.0
- PHP-3.0
- PHP-3.01
- Plexus
- PolyForm-Noncommercial-1.0.0
- PolyForm-Small-Business-1.0.0
- PostgreSQL
- PSF-2.0
- psfrag
- psutils
- Python-2.0
- Python-2.0.1
- Qhull
- QPL-1.0
- Rdisc
- RHeCos-1.1
- RPL-1.1
- RPL-1.5
- RPSL-1.0
- RSA-MD
- RSCPL
- Ruby
- SAX-PD
- Saxpath
- SCEA
- SchemeReport
- Sendmail
- Sendmail-8.23
- SGI-B-1.0
- SGI-B-1.1
- SGI-B-2.0
- SHL-0.5
- SHL-0.51
- SimPL-2.0
- SISSL
- SISSL-1.2
- Sleepycat
- SMLNJ
- SMPPL
- SNIA
- Spencer-86
- Spencer-94
- Spencer-99
- SPL-1.0
- SSH-OpenSSH
- SSH-short
- SSPL-1.0
- StandardML-NJ
- SugarCRM-1.1.3
- SWL
- Symlinks
- TAPR-OHL-1.0
- TCL
- TCP-wrappers
- TMate
- TORQUE-1.1
- TOSL
- TU-Berlin-1.0
- TU-Berlin-2.0
- UCL-1.0
- Unicode-DFS-2015
- Unicode-DFS-2016
- Unicode-TOU
- Unlicense
- UPL-1.0
- Vim
- VOSTROM
- VSL-1.0
- W3C
- W3C-19980720
- W3C-20150513
- Watcom-1.0
- Wsuipa
- WTFPL
- wxWindows
- X11
- X11-distribute-modifications-variant
- Xerox
- XFree86-1.1
- xinetd
- Xnet
- xpp
- XSkat
- YPL-1.0
- YPL-1.1
- Zed
- Zend-2.0
- Zimbra-1.3
- Zimbra-1.4
- Zlib
- zlib-acknowledgement
- ZPL-1.1
- ZPL-2.0
- ZPL-2.1
ScorecardContentV2Version:
type: object
properties:
version:
type: string
commit:
type: string
ScorecardContentV2Repository:
type: object
properties:
name:
type: string
commit:
type: string
description: Commit SHA where the scorecard checks where executed
ScorecardV2Check:
type: object
properties:
name:
type: string
enum:
- CII-Best-Practices
- Fuzzing
- Pinned-Dependencies
- CI-Tests
- Maintained
- Packaging
- SAST
- Dependency-Update-Tool
- Token-Permissions
- Security-Policy
- Signed-Releases
- Binary-Artifacts
- Branch-Protection
- Code-Review
- Contributors
- Vulnerabilities
- Dangerous-Workflow
- License
- Webhooks
score:
type: number
reason:
type: string
details:
type: array
items:
type: string
ScorecardContentV2:
type: object
properties:
date:
type: string
example: '2010-01-01'
format: date
repository:
$ref: '#/components/schemas/ScorecardContentV2Repository'
scorecard:
$ref: '#/components/schemas/ScorecardContentV2Version'
score:
type: number
checks:
type: array
items:
$ref: '#/components/schemas/ScorecardV2Check'
Scorecard:
type: object
properties:
version:
type: string
enum:
- V2
content:
$ref: '#/components/schemas/ScorecardContentV2'
PackageDependency:
type: object
properties:
package_version:
$ref: '#/components/schemas/PackageVersion'
description:
type: string
licenses:
type: array
items:
$ref: '#/components/schemas/License'
distance:
type: integer
PackageDependents:
type: object
properties:
total_dependents:
type: integer
direct_dependents:
type: integer
indirect_dependents:
type: integer
PackageProjectInfo:
type: object
properties:
type:
type: string
name:
type: string
display_name:
type: string
issues:
type: integer
forks:
type: integer
stars:
type: integer
link:
type: string
PackageVulnerability:
type: object
description: |
Subset of OSV schema required to perform policy
decision by various tools
properties:
id:
type: string
description: Vulnerability identifier
summary:
type: string
description: Short summary of vulnerability
aliases:
type: array
items:
type: string
description: |
Alias identifiers of the same vulnerability in
other databases
related:
type: array
items:
type: string
description: |
Related vulnerability identifiers for similar issues
in
severities:
type: array
items:
type: object
properties:
type:
type: string
enum:
- UNSPECIFIED
- CVSS_V3
- CVSS_V2
score:
type: string
description: Type specific vulnerability score
risk:
type: string
enum:
- CRITICAL
- HIGH
- MEDIUM
- LOW
- UNKNOWN
description: Normalized risk rating computed from score
PackageVersionInsight:
type: object
properties:
package_version:
$ref: '#/components/schemas/PackageVersion'
package_current_version:
type: string
description: The latest version available for the package
projects:
type: array
items:
$ref: '#/components/schemas/PackageProjectInfo'
licenses:
type: array
items:
$ref: '#/components/schemas/License'
dependents:
$ref: '#/components/schemas/PackageDependents'
dependencies:
type: array
items:
$ref: '#/components/schemas/PackageDependency'
scorecard:
$ref: '#/components/schemas/Scorecard'
vulnerabilities:
type: array
items:
$ref: '#/components/schemas/PackageVulnerability'