PyPI JSON API metadata, verified wheel/sdist download, OSV vulnerabilities, and static pattern checks. Optional pip-audit, Bandit, and deps.dev are controlled via server env (see api/config.py). Open the full report for sections and raw JSON.