AUR Audit API

HTTP API for querying AUR package security-audit results

Base URL

https://aur-audit.wtako.net

All responses are JSON. No authentication required.

GET /packages

Paginated feed of audit results, newest first.

Query Parameters

Parameter	Type	Description
`filter`	string	scanned, red, yellow, or black
`before`	number	Cursor from previous response's nextCursor
`limit`	number	Page size (default: 100, max: 500)

Response

{
  "packages": [
    {
      "guid": "abc123...",
      "packageName": "example-package",
      "title": "Example Package 1.0.0",
      "link": "https://aur.archlinux.org/packages/example-package",
      "description": "An example package",
      "status": "scanned",
      "pubDate": "Thu, 01 Jan 2026 00:00:00 GMT",
      "pubDateTs": 1735689600000,
      "version": "1.0.0",
      "analysisOn": 1735689700000,
      "aurUrl": "https://aur.archlinux.org/packages/example-package",
      "blackFlags": [],
      "redFlags": ["Obfuscation detected in PKGBUILD"],
      "yellowFlags": ["Network download detected"]
    }
  ],
  "nextCursor": 12345
}

Examples

# Latest 100 results
curl 'https://aur-audit.wtako.net/packages'

# RED-flagged packages, 50 per page
curl 'https://aur-audit.wtako.net/packages?filter=red&limit=50'

# Next page
curl 'https://aur-audit.wtako.net/packages?before=12345'

GET /package-analysis

Fetch the latest analysis for specific packages by name.

Query Parameters

Parameter	Required	Description
`names`	Yes	Comma-separated package names (max 200)

Response

{
  "packages": {
    "codex-native-git": { /* PackageResult */ },
    "seanime": { /* PackageResult */ },
    "unknown-pkg": null
  }
}

Examples

# Single package
curl 'https://aur-audit.wtako.net/package-analysis?names=codex-native-git'

# Multiple packages
curl 'https://aur-audit.wtako.net/package-analysis?names=codex-native-git,seanime'

PackageResult Schema

Field	Type	Description
`guid`	string	Internal record ID
`packageName`	string \| null	AUR package base name
`status`	string	scanned, scanning, or error
`pubDateTs`	number	Unix timestamp (milliseconds)
`version`	string \| null	Analyzed package version
`aurUrl`	string	Canonical AUR page URL
`blackFlags`	string[]	Confirmed malicious findings
`redFlags`	string[]	High-risk findings
`yellowFlags`	string[]	Potential concerns

GET /health

Liveness probe.

{
  "status": "ok",
  "timestamp": 1718500000000
}