Frequently asked.

What is Nipcode?

A package search and trust layer for humans and AI agents. You ask "find me an X for Y", we point at candidates across npm, PyPI, crates.io, GitHub, Docker Hub, Hugging Face, MCP. And return a ranked decision with evidence and an install boundary. The hosted API never installs anything.

Who is it for?

Solo developers who used to manually verify packages before npm install. AI agent builders (Cursor, Claude Code, custom autogen) who want a trust signal before letting their agent install. AI agents themselves as a first-class client. Every response shape is designed to be LLM-readable.

How do I get an API key?

Sign in at nipcode.xyz with email, Google, GitHub, or Phantom (Solana). A primary key is auto-minted on first login. You can create up to 25 keys, grouped into project namespaces, from the account/keys page.

Is it free?

Yes during beta. Rate limited to 60 requests per minute per key. We will introduce paid tiers when usage justifies it; existing accounts will get fair grandfathering.

How is it different from npm audit / Socket.dev / Snyk Advisor?

• npm audit checks known CVEs in an existing dependency tree. We help you choose what to add in the first place.
• Socket.dev is deeper on npm packages specifically and slower to query. We are broader (7 source families) and lead with a one-call decision endpoint suited for agents.
• Snyk Advisor is a web UI. We are an API designed for programmatic consumption.

Is the trust score always right?

No. A score is one signal, never permission. The full evidence. License, maintainers, version sanity, source URL, deprecation, install scripts, advisory state. Is always returned alongside the score. Always inspect before installing.

Do you support [my language / ecosystem]?

Live: npm, PyPI, crates.io, GitHub, Docker Hub, Hugging Face Models, MCP servers. Planned: JSR, Go modules, Maven Central, NuGet, RubyGems, Packagist, Homebrew, Hugging Face Datasets. See sources.

Can I use Nipcode in a commercial project?

Yes. The code is MIT, the API is free during beta, the decision output you receive is yours. You may not resell the API itself as your own service.

Can I integrate with Cursor / Claude Code / Cline?

Yes. Call /api/decision from a tool definition. See Agents and Examples. MCP server bundling is on the roadmap.

What does the hosted API do with my queries?

We forward them to the public source registries directly. We do not store the query, the candidate list, or your decision response. See privacy.

Why do you need my email?

To issue an API key scoped to an identity and to enforce per-account rate limits. We do not send marketing email. Sign-out and account deletion are available.

How do I report a bug or security issue?

Bug: github.com/trynipcode/nipcode/issues. Security: see SECURITY.md.

Is it open source?

Yes , github.com/trynipcode/nipcode, MIT license.

Are you affiliated with [project]?

No. We index public source registries (npm, PyPI, crates.io, GitHub, Docker Hub, Hugging Face, MCP). We are not affiliated with any of them.