Free · Open · No Auth Required

The Prechained Public API

Programmatic access to the world's pre-compromise software archive. Check fingerprints, look up receipts, investigate actors, compare versions — all free, no API key required.

https://prechained.com/.netlify/functions/api
fingerprint receipt package actor diff health Source Code ↗ Archive ↗

No authentication required. All endpoints are free and open. Rate limiting is applied per IP. For high-volume use, contact ngr.admin@proton.me for an enterprise arrangement.

Fingerprint Lookup
Check if a package version has a pre-compromise fingerprint in the Prechained archive. Returns the SHA-384 fingerprint, Bitcoin anchor block, and manifest URL.
GET ?action=fingerprint
Look up the cryptographic fingerprint for a specific package version. If no version is specified, returns the 10 most recently captured versions.
ParameterRequiredDescription
packagerequiredPackage name (e.g. express, laravel-lang/lang)
versionoptionalSpecific version to look up. Omit to get latest 10 captures.
ecosystemoptionalnpm, pypi, cargo, rubygems, packagist, nuget, maven, github
Example Request
GET https://prechained.com/.netlify/functions/api
  ?action=fingerprint
  &package=express
  &version=4.18.2
  &ecosystem=npm
Example Response
{
  "found": true,
  "package": "express",
  "version": "4.18.2",
  "ecosystem": "npm",
  "sha384": "4d3e15a8b85090c8c1d4cefa91f90ed6a25c8d91b3b80ec493cb3208788c6b194...",
  "receipt_id": "NGR-PC-MPHQEG6PZ9GYW2",
  "btc_anchored": true,
  "btc_block": 950603,
  "captured_at": "2026-05-22T19:12:00.000Z",
  "manifest_url": "https://raw.githubusercontent.com/ngr-dev1/prechained-archive/main/npm/express/4.18.2/manifest.json",
  "archive_url": "https://github.com/ngr-dev1/prechained-archive/blob/main/npm/express/4.18.2/manifest.json",
  "verify_url": "https://prechained.com/verify.html?receipt=NGR-PC-MPHQEG6PZ9GYW2"
}
Receipt Lookup
Retrieve a cryptographic receipt by its NGR-PC receipt ID. Each receipt is a permanent, immutable proof of capture.
GET ?action=receipt
Look up any Prechained receipt by its ID. Useful for verifying receipts programmatically in CI/CD pipelines, audit tools, or compliance systems.
ParameterRequiredDescription
idrequiredReceipt ID in format NGR-PC-XXXXXXXXXXXXXXXX
Example Request
GET https://prechained.com/.netlify/functions/api
  ?action=receipt
  &id=NGR-PC-MPHQEG6PZ9GYW2
Example Response
{
  "found": true,
  "receipt_id": "NGR-PC-MPHQEG6PZ9GYW2",
  "package": "chart.js",
  "version": "v3.0.0-beta.14",
  "ecosystem": "npm",
  "sha384": "4d3e15a8b85090c8...",
  "btc_anchored": true,
  "btc_block": 950603,
  "captured_at": "2026-05-22T19:12:00.000Z",
  "issued_by": "Prechained · NextGenRails™ · prechained.com",
  "note": "Trust is not declared. It is computed."
}
Package Version History
Get the full captured version history for any package — every version fingerprinted, every Bitcoin block recorded.
GET ?action=package
Returns all captured versions of a package with SHA-384 fingerprints and Bitcoin anchors. Useful for diffing what changed between releases.
ParameterRequiredDescription
namerequiredPackage name
ecosystemoptionalEcosystem filter
Example Request
GET https://prechained.com/.netlify/functions/api
  ?action=package
  &name=requests
  &ecosystem=pypi
Actor Intelligence
Check if a maintainer email, username, or package name appears in the Prechained threat actor index. Cross-package attribution across all 8 ecosystems.
GET ?action=actor
Query the actor index by email, username, or package name. Returns threat status, all connected packages, and investigation URL. Useful for pre-install checks and CI gates.
ParameterRequiredDescription
emailoptional*Maintainer email address
usernameoptional*Registry username (npm, GitHub, etc.)
packageoptional*Package name to check for associated actors

* At least one parameter required.

Example Request
GET https://prechained.com/.netlify/functions/api
  ?action=actor
  &package=codexui-android
Example Response — Threat Detected
{
  "found": true,
  "flagged_count": 1,
  "total_seen": 1,
  "threat_detected": true,
  "actors": [{
    "email": "dorumonstr@gmail.com",
    "username": "friuns",
    "package": "codexui-android",
    "ecosystem": "npm",
    "flagged": true,
    "first_seen_at": "2026-05-27T07:29:00.000Z",
    "investigate_url": "https://prechained.com/threat?email=dorumonstr%40gmail.com"
  }]
}
Version Diff
Compare two versions of the same package. If the SHA-384 fingerprints differ, the content changed — even if the version number didn't.
GET ?action=diff
Returns the fingerprints and Bitcoin anchors for both versions and tells you if they match. Fingerprint mismatch = content changed between captures.
ParameterRequiredDescription
packagerequiredPackage name
ecosystemrequiredEcosystem
v1requiredFirst version
v2requiredSecond version
Example Request
GET https://prechained.com/.netlify/functions/api
  ?action=diff
  &package=lodash
  &ecosystem=npm
  &v1=4.17.20
  &v2=4.17.21
Example Response
{
  "package": "lodash",
  "ecosystem": "npm",
  "v1": {
    "version": "4.17.20",
    "sha384": "a1b2c3...",
    "btc_block": 950583
  },
  "v2": {
    "version": "4.17.21",
    "sha384": "d4e5f6...",
    "btc_block": 950603
  },
  "fingerprints_match": false,
  "note": "Fingerprints differ — these versions have different content."
}
Health Check
Verify the API is live and get current archive stats.
GET ?action=health
Example Request
GET https://prechained.com/.netlify/functions/api?action=health
Built for security tools
The API is designed to be embedded in the tools investigators and developers already use.

CI/CD Pipeline Check
Before deploying, verify your dependencies against Prechained. If a fingerprint doesn't match, fail the build.

Incident Response
When an attack is disclosed, query Prechained for the pre-compromise fingerprint to know exactly what changed.

Actor Investigation
Check any maintainer email or username across all 8 ecosystems simultaneously. One query, cross-ecosystem attribution.

SBOM Enrichment
Add Bitcoin-anchored pre-compromise fingerprints to your SBOM. Every component, verified before it was needed.

Quick Start — Node.js
// Check if a package version is in the pre-compromise archive
const res = await fetch(
  'https://prechained.com/.netlify/functions/api' +
  '?action=fingerprint&package=express&version=4.18.2&ecosystem=npm'
);
const data = await res.json();

if (data.found) {
  console.log('SHA-384:', data.sha384);
  console.log('Bitcoin Block:', data.btc_block);
  console.log('Captured:', data.captured_at);
  console.log('Manifest:', data.manifest_url);
} else {
  console.log('Not in archive — capture at:', data.capture_url);
}
Quick Start — Python
import requests

r = requests.get('https://prechained.com/.netlify/functions/api', params={
    'action': 'fingerprint',
    'package': 'requests',
    'version': '2.31.0',
    'ecosystem': 'pypi'
})
data = r.json()
print(f"Found: {data['found']}")
if data['found']:
    print(f"SHA-384: {data['sha384']}")
    print(f"BTC Block: {data['btc_block']}")
Quick Start — curl
curl "https://prechained.com/.netlify/functions/api\
  ?action=fingerprint\
  &package=laravel-lang/lang\
  &ecosystem=packagist"