Blog /

Why Real-Time Package Data Matters for AI Agents

ai packages launch

Every AI coding agent has the same blind spot: package versions.

Ask an LLM to scaffold a new project and it'll confidently pin dependencies to versions that were current during its training window — months or years ago. The code looks right. The package.json looks right. But npm install fails because that version doesn't exist anymore, or worse, it installs a version with known vulnerabilities.

This isn't a hallucination in the traditional sense. The model isn't making things up — it's repeating facts that used to be true. But in software, stale facts are broken facts.

The scale of the problem

We track over 900 packages across npm and PyPI. In just the last 30 days, hundreds of version changes have rolled through. React, Express, Flask, Django — the ecosystem moves fast. An AI agent trained six months ago is working with a snapshot that's already deeply outdated.

The problem compounds with transitive dependencies. Even if an agent gets the top-level version right, it can't know whether that version's dependency tree still resolves cleanly today.

Why search isn't the answer

You might think: just have the agent search the web for the latest version. But web search is slow (1-3 seconds per query), unreliable (scraping npm pages is fragile), and expensive at scale. An agent setting up a project with 20 dependencies would need 20 separate searches — that's a minute of latency just for version numbers.

More importantly, search results don't come with cryptographic verification. How does the agent know the version string it scraped is actually correct?

How Grounded solves this

Grounded is a purpose-built API that gives AI agents (and developers) real-time access to package metadata:

  • Latest version — polled directly from npm and PyPI registries
  • License — SPDX-normalized license strings
  • Weekly downloads — popularity signals for dependency selection
  • Deprecation status — avoid abandoned packages
  • Dependency count — complexity signals
  • Service status — know if GitHub, npm, or PyPI are having issues

Every response includes a SHA-256 hash and source URL, so agents can verify and attribute their data. Responses come back in under 50ms — orders of magnitude faster than a web search.

Built for agents, useful for everyone

Grounded ships as a CLI tool (grounded-cli on npm), an MCP server for Claude and other AI assistants, and a REST API that any tool can query:

$ grounded react
react@19.2.4 (npm)
  updated 2m ago · https://registry.npmjs.org/react

The data is the same whether you're an AI agent making programmatic calls or a developer checking a version from the terminal. One source of truth, always current.

What's next

We're tracking over 1,000 packages and services today, with more added regularly based on what the ecosystem needs. Coming soon: update alerts (know the moment a package you depend on releases), dependency mapping, and predictive signals for identifying packages at risk of abandonment.

If you're building AI-powered developer tools, or you're tired of stale version data breaking your workflows, give Grounded a try. The API is free, the CLI is open source, and the data is always fresh.

← All posts