API documentation
- Listing package names
- Searching for packages
- Getting package data
- Get statistics
- List security advisories
- Create a package
Listing package names
All packages
GET https://packagist.org/packages/list.json
{
"packageNames": [
"[vendor]/[package]",
...
]
}
Working example: https://packagist.org/packages/list.json
List packages by organization
GET https://packagist.org/packages/list.json?vendor=[vendor]
{
"packageNames": [
"[vendor]/[package]",
...
]
}
Working example: https://packagist.org/packages/list.json?vendor=composer
List packages by type
GET https://packagist.org/packages/list.json?type=[type]
{
"packageNames": [
"[vendor]/[package]",
...
]
}
Working example: https://packagist.org/packages/list.json?type=composer-plugin
Searching for packages
Search results are paginated and you can change the pagination step by using the per_page parameter. For example https://packagist.org/search.json?q=[query]&per_page=5
Search packages by name
GET https://packagist.org/search.json?q=[query]
{
"results" : [
{
"name": "[vendor]/[package]",
"description": "[description]",
"url": "https://packagist.org/packages/[vendor]/[package]",
"repository": [repository url],
"downloads": [number of downloads],
"favers": [number of favers]
},
...
],
"total": [number of results],
"next": "https://packagist.org/search.json?q=[query]&page=[next page number]"
}
Working example: https://packagist.org/search.json?q=monolog
Search packages by tag
GET https://packagist.org/search.json?tags=[tag]
{
"results": [
{
"name": "[vendor]/[package]",
"description": "[description]",
"url": "https://packagist.org/packages/[vendor]/[package]",
"repository": "[repository url]",
"downloads": [number of downloads],
"favers": [number of favers]
}
...
],
"total": [numbers of results]
}
Working example: https://packagist.org/search.json?q=monolog&tags=psr-3
Search packages by type
GET https://packagist.org/search.json?q=[query]&type=symfony-bundle
{
"results" : [
{
"name": "[vendor]/[package]",
"description": "[description]",
"url": "https://packagist.org/packages/[vendor]/[package]",
"repository": [repository url],
"downloads": [number of downloads],
"favers": [number of favers]
},
...
],
"total": [number of results],
"next": "https://packagist.org/search.json?q=[query]&page=[next page number]"
}
Working example: https://packagist.org/search.json?q=monolog&type=symfony-bundle
Getting package data
Using the Composer v1 metadata
This is the preferred way to access the data as it is always up to date, and dumped to static files so it is very efficient on our end.
You can also send If-Modified-Since headers to limit your bandwidth usage and cache the files on your end with the proper filemtime set according to our Last-Modified header.
There are a few gotchas though with using this method:
- It only provides you with the package metadata but not information about the maintainers, download stats or github info.
- It contains providers information which must be ignored but can appear confusing at first. This will disappear in the future though.
GET https://repo.packagist.org/p/[vendor]/[package].json
{
"packages": {
"[vendor]/[package]": {
"[version1]": {
"name": "[vendor]/[package],
"description": [description],
// ...
},
"[version2]": {
// ...
}
// ...
}
}
}
Working example: https://repo.packagist.org/p/monolog/monolog.json
Using the API
The JSON API for packages gives you all the infos we have including downloads, dependents count, github info, etc. However it is generated dynamically so for performance reason we cache the responses for twelve hours. As such if the static file endpoint described above is enough please use it instead.
GET https://packagist.org/packages/[vendor]/[package].json
{
"package": {
"name": "[vendor]/[package],
"description": [description],
"time": [packagist package creation datetime],
"maintainers": [list of maintainers],
"versions": [list of versions and their dependencies, the same data of composer.json]
"type": [package type],
"repository": [repository url],
"downloads": {
"total": [numbers of download],
"monthly": [numbers of download per month],
"daily": [numbers of download per day]
},
"favers": [number of favers]
}
}
Working example: https://packagist.org/packages/monolog/monolog.json
Get statistics
Get statistics
This endpoint provides basic some statistics.
GET https://packagist.org/statistics.json
{
"totals": {
"downloads": [numbers of download]
}
}
Working example: https://packagist.org/statistics.json
List security advisories
List security advisories
This endpoint provides a list of security advisories. Either a list of packages as query or request parameter or a timestamp as updatedSince query parameter need to be passed.
GET https://packagist.org/api/security-advisories/?updatedSince=[timestamp]&packages[]=[vendor/package]
{
"advisories": {
"[vendor]/[package]": [
{
"packageName": "[vendor]/[package]",
"remoteId": "[unique id per source]",
"title": "[title]",
"link": "[url to issue disclosure]",
"cve": "[cve if available]",
"affectedVersions": [affected version in form of a composer constraint]",
"source": "[source where the issue was found]",
"reportedAt": "[date the issue was reported]",
"composerRepository": "[composer repository the package can be found in]"
}
]
}
}
Working example: https://packagist.org/api/security-advisories/?packages[]=monolog/monolog
Create a package
Create a package
This endpoint creates a package for a specific repo. Parameters username and apiToken are required. Only POST method is allowed.
POST https://packagist.org/api/create-package?username=[username]&apiToken=[apiToken] -d '{"repository":{"url":"[url]"}}'
{
"status": "success"
}
Working example: curl -X POST 'https://packagist.org/api/create-package?username=zqfan&apiToken=********' -d '{"repository":{"url":"https://github.com/monolog/monolog"}}'