> Probably nowadays this gets done in Node, parsing the package search websites. Preferably, this would be done via an API though.

Repology provides an API but it's unstable: https://repology.org/api/v1

Yes, agree. The idea and concept is cool! Imo worth it to keep an eye on it and play with it.

First thought, which came to my mind, was a security use case to get it to a point for sbom handling and tracking. In particular, respective to all the recent package vulnerabilities.