The Component API requires three parameters: language, name and version. You will also need an authorization token, obtained with a subscription to Meterian, that will provide the final authorization to the cloud servers.
Language
The language parameter specifies the language of the component you are looking for.
It must be one of the following: java, nodejs, python, dotnet, ruby, php, swift, golang, rust, erlang, perl, cpp, r
Name
The name parameter specifies the name of the component you are looking for. In a given name all ‘/’ characters should be replaced with ‘|’ characters.
e.g If you want search for a component with the name @types/json5 you need to set the name parameter to @types|json5 .
Version
The version parameter can be used to ensure the component sheet which is returned contains information on the corresponding version of a component. You may use it to specify a particular version, or set it to either 0 or undefined to get information on all the available versions of said component.
Token
You will need to specify an additional “Authorization” header that will provide the final authorization to the cloud servers, using the token provided to you by Meterian. The header will be in the form:
"Authorization: token 0000ffff-ffff-0000-ffff-0000ffffffff"
Here follows an example call of the components API done through CURL and an example response
$ curl --request GET \
--url https://meterian.p.rapidapi.com/components/nodejs/shelljs/0.6.0 \
--header 'X-RapidAPI-Host: meterian.p.rapidapi.com' \
--header 'X-RapidAPI-Key: your_api_key'
--header "Authorization: token your_meterian_authorization_token"
{
"library": {
"language": "nodejs",
"name": "shelljs",
"rootLanguage": "nodejs"
},
"version": "0.6.0",
"latestVersion": "0.8.5",
"registryUrl": "https://registry.npmjs.org/shelljs/0.6.0",
"registryWebUrl": "https://www.npmjs.com/package/shelljs/v/0.6.0",
"scmUrl": "https://github.com/shelljs/shelljs",
"licenses": [
{
"id": "BSD-3-Clause",
"name": "BSD 3-Clause \"New\" or \"Revised\" License",
"wildcard": false,
"uri": "https://spdx.org/licenses/BSD-3-Clause.html",
"proprietary": false,
"valid": true
}
],
"registryName": "NPM",
"stability": {
"latestPatch": "0.6.1",
"latestMinor": "0.8.5",
"latestMajor": null
},
"safeVersions": {
"latestPatch": null,
"latestMinor": "0.8.5",
"latestMajor": null
},
"copyright": {
"source": "https://raw.githubusercontent.com/apache/logging-log4net/master/NOTICE",
"text": "Copyright 2004-2022 The Apache Software Foundation"
},
"vulnerabilities": [
{
"id": "860453d2-cb75-3360-b40d-6ed158503fc6",
"library": {
"language": "nodejs",
"name": "shelljs",
"rootLanguage": "nodejs"
},
"versionRange": "[,0.8.5)",
"description": "shelljs is vulnerable to Improper Privilege Management",
"severity": "HIGH",
"links": [
{
"type": "CVE",
"url": "CVE-2022-0144",
"cve": "CVE-2022-0144"
},
{
"type": "NVD",
"url": "CVE-2022-0144",
"cve": "CVE-2022-0144"
},
{
"type": "ANNOUNCE",
"url": "https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c",
"cve": null
},
{
"type": "FIX",
"url": "https://github.com/shelljs/shelljs/commit/d919d22dd6de385edaa9d90313075a77f74b338c",
"cve": null
}
],
"source": "NVD",
"type": "SECURITY",
"cwe": "CWE-269",
"cvss": 7.1,
"active": true,
"cve": "CVE-2022-0144",
"epss": 0.25954,
"fixedInVersions": [
"0.8.5"
]
}
],
"versions": [
"0.0.1",
"0.0.2",
"0.0.3",
"0.0.4",
....
"0.8.1",
"0.8.2",
"0.8.3",
"0.8.4",
"0.8.5"
]
}
The API supports a numerous range of languages, should you wish to quickly try them out you can refer to the table below with example values to substitute in the CURL call above
Language | Package Name | Version |
---|---|---|
java | org.springframework:spring-beans | 5.3.13 |
nodejs | shelljs | 0.6.0 |
python | pillow | 9.1.0 |
dotnet | log4net | 2.0.3 |
ruby | rest-client | 1.6.7 |
php | twig/twig (please use twig|twig) | 2.5.0 |
swift | nanopb | 0.3.8 |
golang | gopkg.in/yaml.v2 (please use gopkg.in|yaml.v2) | v2.2.7 |
rust | hyper | 0.10.16 |
erlang | ecto | 2.1.3 |
perl | Mojolicious | 4.87 |
cpp | zlib | 1.2.11 |
r | commonmark | 1.7 |
Overall schema
Field Name | Description |
---|---|
library | the library requested |
version | the version requested |
latestVersion | the latest version available on the registry |
registryName | the formal name of the registry |
registryUrl | the url of the registry containing the definition |
registryWebUrl | the human readable web url of the entry in the registry |
scmUrl | the source code management url |
licenses | licenses detected |
copyright | copyright text and source |
stability | the next avaiable version in semver |
safeVersions | the next avaiable and safe version in semver (not vulnerable) |
vulnerabilities | a list of the vulnerabilities affecting this version of the library |
versions | a list of all versions available on the registry |
Vulnerability schema
Field Name | Description |
---|---|
id | Mterian id of the vulnerabilty |
library | the library affected |
versionRange | the range of versions affected |
description | a short description of the vulnerability |
severity | the severity of the vulnerability (NONE,SUGGEST,LOW,MEDIUM,HIGH,CRITICAL |
links | a list of links describing the vulnerability |
cwe | the main CWE associated to this vulnerability |
cvss | the CVSS score associated to this vulnerability (3.x) |
epss | the EPSS probability associate to this vulnerability |
fixedInVersions | an array of safe versions from this specific vulnerability |