Packagist

API documentation

Listing package names
Searching for packages
- By tag
- By name
- By type
Getting package data
Get statistics
List security advisories

Listing package names

All packages

GET https://packagist.org/packages/list.json

{
  "packageNames": [
    "[vendor]/[package]",
    ...
  ]
}

Working example: https://packagist.org/packages/list.json

List packages by organization

GET https://packagist.org/packages/list.json?vendor=[vendor]

{
  "packageNames": [
    "[vendor]/[package]",
    ...
  ]
}

Working example: https://packagist.org/packages/list.json?vendor=composer

List packages by type

GET https://packagist.org/packages/list.json?type=[type]

{
  "packageNames": [
    "[vendor]/[package]",
    ...
  ]
}

Working example: https://packagist.org/packages/list.json?type=composer-plugin

Searching for packages

Search results are paginated and you can change the pagination step by using the per_page parameter. For example https://packagist.org/search.json?q=[query]&per_page=5

Search packages by name

GET https://packagist.org/search.json?q=[query]

{
  "results" : [
    {
      "name": "[vendor]/[package]",
      "description": "[description]",
      "url": "https://packagist.org/packages/[vendor]/[package]",
      "repository": [repository url],
      "downloads": [number of downloads],
      "favers": [number of favers]
    },
    ...
  ],
  "total": [number of results],
  "next": "https://packagist.org/search.json?q=[query]&page=[next page number]"
}

Working example: https://packagist.org/search.json?q=monolog

Search packages by tag

GET https://packagist.org/search.json?tags=[tag]

{
  "results": [
    {
      "name": "[vendor]/[package]",
      "description": "[description]",
      "url": "https://packagist.org/packages/[vendor]/[package]",
      "repository": "[repository url]",
      "downloads": [number of downloads],
      "favers": [number of favers]
    }
    ...
  ],
  "total": [numbers of results]
}

Working example: https://packagist.org/search.json?q=monolog&tags=psr-3

Search packages by type

GET https://packagist.org/search.json?q=[query]&type=symfony-bundle

{
  "results" : [
    {
      "name": "[vendor]/[package]",
      "description": "[description]",
      "url": "https://packagist.org/packages/[vendor]/[package]",
      "repository": [repository url],
      "downloads": [number of downloads],
      "favers": [number of favers]
    },
    ...
  ],
  "total": [number of results],
  "next": "https://packagist.org/search.json?q=[query]&page=[next page number]"
}

Working example: https://packagist.org/search.json?q=monolog&type=symfony-bundle

Getting package data

Using the Composer metadata

This is the preferred way to access the data as it is always up to date, and dumped to static files so it is very efficient on our end.

You can also send If-Modified-Since headers to limit your bandwidth usage and cache the files on your end with the proper filemtime set according to our Last-Modified header.

There are a few gotchas though with using this method:

It only provides you with the package metadata but not information about the maintainers, download stats or github info.
It contains providers information which must be ignored but can appear confusing at first. This will disappear in the future though.

GET https://repo.packagist.org/p/[vendor]/[package].json

{
  "packages": {
    "[vendor]/[package]": {
      "[version1]": {
        "name": "[vendor]/[package],
        "description": [description],
        // ...
      },
      "[version2]": {
        // ...
      }
      // ...
    }
  }
}

Working example: https://repo.packagist.org/p/monolog/monolog.json

Using the API

The JSON API for packages gives you all the infos we have including downloads, dependents count, github info, etc. However it is generated dynamically so for performance reason we cache the responses for twelve hours. As such if the static file endpoint described above is enough please use it instead.

GET https://packagist.org/packages/[vendor]/[package].json

{
  "package": {
    "name": "[vendor]/[package],
    "description": [description],
    "time": [packagist package creation datetime],
    "maintainers": [list of maintainers],
    "versions": [list of versions and their dependencies, the same data of composer.json]
    "type": [package type],
    "repository": [repository url],
    "downloads": {
      "total": [numbers of download],
      "monthly": [numbers of download per month],
      "daily": [numbers of download per day]
    },
    "favers": [number of favers]
  }
}

Working example: https://packagist.org/packages/monolog/monolog.json

Get statistics

This endpoint provides basic some statistics.

GET https://packagist.org/statistics.json

{
  "totals": {
    "downloads": [numbers of download]
  }
}

Working example: https://packagist.org/statistics.json

List security advisories

This endpoint provides a list of security advisories. Either a list of packages as query or request parameter or a timestamp as updatedSince query parameter need to be passed.

GET https://packagist.org/api/security-advisories/?updatedSince=[timestamp]&packages[]=[vendor/package]

{
  "advisories": {
    "[vendor]/[package]": [
      {
        "packageName": "[vendor]/[package]",
        "remoteId": "[unique id per source]",
        "title": "[title]",
        "link": "[url to issue disclosure]",
        "cve": "[cve if available]",
        "affectedVersions": [affected version in form of a composer constraint]",
        "source": "[source where the issue was found]",
        "reportedAt": "[date the issue was reported]",
        "composerRepository": "[composer repository the package can be found in]"
      }
    ]
  }
}

Working example: https://packagist.org/api/security-advisories/?packages[]=monolog/monolog