# CryptoServe Census Dataset

## Overview

This directory contains machine-readable data from the CryptoServe Cryptographic Census.
The census measures cryptographic library adoption across 11 package ecosystems,
classifying libraries into weak, modern, and post-quantum (PQC) tiers.

## Files

- `scan-summary-2026-03.json` -- March 2026 scan results including:
  - Per-ecosystem scan counts and download volumes
  - Tier classification breakdown (weak/modern/PQC)
  - Vulnerability data (CVEs and advisories)
  - Methodology and reproducibility information
  - Known limitations

## API Access

Live data is available via the census API:

```
GET https://census.cryptoserve.dev/api/census
```

The API returns CORS-enabled JSON with the full census dataset.

## Reproducibility

To verify our findings:

1. The `reproducibility` section in the JSON file lists every registry API endpoint used.
2. Query each ecosystem API for the listed packages.
3. Compare download counts against our reported values.
4. CVE data can be verified at https://services.nvd.nist.gov/rest/json/cves/2.0

## Data Confidence

Download count accuracy varies by ecosystem:

| Ecosystem | Confidence | Method |
|-----------|-----------|--------|
| npm | HIGH | Direct 30-day download counts |
| PyPI | HIGH | pypistats.org API |
| crates.io | HIGH | Direct recent-download counts |
| Maven | MODERATE | Version count x 50,000/month estimate |
| Go | MODERATE | GitHub stars x 1,000/month proxy |
| Packagist | MODERATE | Lifetime total / age estimate |
| NuGet | MODERATE | Lifetime total / age estimate |
| Hex | MODERATE | Recent-download counts |
| pub.dev | MODERATE | Popularity-score derived |
| RubyGems | LOW | Lifetime total to monthly estimate |
| CocoaPods | LOW | Lifetime total to monthly estimate |

## License

This dataset is released under CC-BY-4.0. Please cite as:

> CryptoServe Census, March 2026. https://census.cryptoserve.dev

## Contact

For questions or issues: https://github.com/ecolibria/crypto-serve/issues