@cyberhub/trust-axios 1.0.2 → 1.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -32
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -48,13 +48,9 @@ Community: ██████████░░░░░░░░░░
|
|
|
48
48
|
|
|
49
49
|
**Immediate:**
|
|
50
50
|
- Upgrade to the latest version (`npm update axios`)
|
|
51
|
-
-
|
|
52
|
-
- Consider replacing with [got](https://nrupak.com/trust/got)
|
|
51
|
+
- Or replace with [got](https://nrupak.com/trust/got)
|
|
53
52
|
|
|
54
|
-
**Always:**
|
|
55
|
-
- Pin exact version: `"axios": "1.14.0"`
|
|
56
|
-
- Run `pkgtrust scan` in your CI pipeline
|
|
57
|
-
- Monitor: [nrupak.com/trust/axios](https://nrupak.com/trust/axios)
|
|
53
|
+
**Always:** Pin version, run `pkgtrust scan` in CI, monitor at [nrupak.com/trust/axios](https://nrupak.com/trust/axios)
|
|
58
54
|
|
|
59
55
|
## 🔄 Safer Alternatives
|
|
60
56
|
|
|
@@ -66,34 +62,11 @@ Community: ██████████░░░░░░░░░░
|
|
|
66
62
|
|
|
67
63
|
## Maintainers
|
|
68
64
|
|
|
69
|
-
-
|
|
65
|
+
- [jasonsaayman](https://nrupak.com/trust/maintainer/jasonsaayman) ✅ 2FA (org)
|
|
70
66
|
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
This score is computed from **18+ signals** across **4 categories**:
|
|
74
|
-
- **Maintainer Trust (35%)**: Account age, 2FA, publish cadence, maintainer changes, email domain
|
|
75
|
-
- **Package Health (25%)**: Install scripts, dependency count, license, provenance, size changes, code quality
|
|
76
|
-
- **Supply Chain (25%)**: Live CVEs from 8 databases, known breaches, typosquatting, transitive risk
|
|
77
|
-
- **Community (15%)**: GitHub stars, contributors, CI, OpenSSF Scorecard, npms.io quality
|
|
78
|
-
|
|
79
|
-
[Full scoring methodology →](https://nrupak.com/trust)
|
|
80
|
-
|
|
81
|
-
## Check Your Project
|
|
82
|
-
|
|
83
|
-
```bash
|
|
84
|
-
# Install pkgtrust
|
|
85
|
-
npm install -g @cyberhub/pkgtrust
|
|
86
|
-
|
|
87
|
-
# Scan a specific package
|
|
88
|
-
pkgtrust scan axios
|
|
89
|
-
|
|
90
|
-
# Scan all your dependencies
|
|
91
|
-
pkgtrust scan
|
|
92
|
-
|
|
93
|
-
# Compare alternatives
|
|
94
|
-
pkgtrust compare axios got node-fetch
|
|
95
|
-
```
|
|
67
|
+
**Methodology:** 18+ signals across 4 categories (Maintainer 35%, Package 25%, Supply Chain 25%, Community 15%). [Full scoring docs →](https://nrupak.com/trust)
|
|
96
68
|
|
|
69
|
+
**Check your project:** `npm i -g @cyberhub/pkgtrust && pkgtrust scan axios` — [CLI docs](https://npmjs.com/package/@cyberhub/pkgtrust)
|
|
97
70
|
**Data Sources:** GitHub Advisories · OSV.dev · npm audit · Snyk · Socket.dev · npms.io · Bundlephobia · deps.dev
|
|
98
71
|
|
|
99
72
|
---
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cyberhub/trust-axios",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.3",
|
|
4
4
|
"description": "Security Trust Report: axios@1.14.0 — 62/100 (C+, standard). 1 vulnerability found. Maintainer risk, supply chain analysis from 8 security databases.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"axios",
|