Legal

Acceptable Use Policy

Last updated: April 19, 2026 · Effective immediately

1. Purpose

This AUP supplements our Terms of Service and describes conduct that is prohibited when using the Service. It exists to protect the reliability of DepScope for all users and to ensure compliance with law.

2. What is allowed

  • Querying the public API for package health, vulnerabilities, versions, and related metadata.
  • Integrating DepScope into your AI agent, IDE, CI/CD pipeline, MCP client, or developer workflow.
  • Building a product on top of the Service, provided you comply with the rate limits, attribution, and data-use rules below.
  • Caching individual query results on your side for up to the cache TTL we indicate in the response headers.

3. What is prohibited

  • Bulk mirroring / redistributionof DepScope's datasets (health scores, derived rankings, curated alternatives) beyond temporary cache of queries your users made.
  • Scraping the site, dashboard, or any endpoint outside the documented public API.
  • Reverse engineering, decompiling, or attempting to extract the source of the Service or the health-score algorithm.
  • Rate-limit circumvention: rotating IP addresses, distributing a single use case across many accounts, generating keys to split a workload designed to stay under a quota.
  • Reselling the free tier, or bundling the Service into a paid offering without a commercial agreement with us.
  • Competitor benchmarking published without our prior written consent.
  • Submitting queries designed to exploit, probe, or attack the Service or any related system; submitting malware, phishing, or illegal content; unauthorized access attempts.
  • Submitting personal data, credentials, PHI, payment card data, or any regulated data as package names or query parameters.
  • Using the Service to violate the intellectual-property rights of a third party.
  • Using the Service from countries or on behalf of individuals/ entities subject to EU, UN, US OFAC, or UK HMT sanctions.

4. Fair use on the free tier

  • 200 requests per minute per IP (burst: 50).
  • Hard ceiling of 5,000,000 requests per month per identifier.
  • Excessive load, abusive patterns, or costs disproportionate to our infrastructure may trigger throttling or suspension regardless of the numerical limits above.

5. Enforcement

We may, at our sole discretion and without prior notice, throttle, suspend, or terminate accounts, keys, or IP ranges that violate this AUP. Serious violations may be reported to competent authorities.

6. Reporting abuse

To report abuse of the Service or of another user, email [email protected] with evidence (logs, timestamps, endpoints). For security vulnerabilities see /security/disclosure.

← Back to Legal hub