@cyberhub/trust-axios 1.0.2 → 1.0.4

package/README.md

@@ -1,8 +1,8 @@
 # Security Trust Report: axios
 
-**axios@1.14.0: 62/100 | Grade: C+ | Tier: STANDARD** (confidence: ±3)
+**[axios@1.14.0](https://www.npmjs.com/package/axios): 64/100 | Grade: C+ | Tier: STANDARD** (confidence: ±3)
 
-> Data verified on 2026-04-02 from 8 security databases.
+> Scanned on 2026-04-03 from 8 security databases. [View package on npm →](https://www.npmjs.com/package/axios)
 
 ## TL;DR
 
@@ -19,14 +19,14 @@ CVE-2023-45857: CSRF token theft via cookie exposure. CVE-2024-28849: SSRF vulne
 ```
 Maintainer Trust:  ████████████████░░░░ 80/100
 Package Health:    ██████████████████░░ 89/100
-Supply Chain:      ████░░░░░░░░░░░░░░░░ 19/100
+Supply Chain:      █████░░░░░░░░░░░░░░░ 26/100
 Community:         ██████████░░░░░░░░░░ 48/100
 ```
 
 ### Why this score?
 
-- Supply Chain is 19 because: 1 known CVEs, in breach database, risky dependencies
-- Community is 48 because: no GitHub repo found
+- Supply Chain is 26 because: 1 known CVEs, in breach database, risky dependencies
+- Community is 48 because: no public GitHub repo linked (may be private or on another platform)
 
 ## Vulnerabilities (1 vulnerability)
 
@@ -39,65 +39,37 @@ Community:         ██████████░░░░░░░░░░
 
 ## Key Risk Flags
 
-- 🔴 **CRITICAL**: RECENT-ISH BREACH: CSRF token theft CVE-2023-45857, SSRF via follow-redirects dependency CVE-2024-28849 (2023-2024)
-- 🔴 **CRITICAL**: 1 CRITICAL vulnerability(ies) from live CVE databases
+- 🔴 **CRITICAL**: RECENT-ISH BREACH: CSRF token theft CVE-2023-45857, SSRF via follow-redirects dependency CVE-2024-28849 (2023-2024) ([evidence](https://nvd.nist.gov/vuln/detail/CVE-2023-45857))
+- 🔴 **CRITICAL**: 1 CRITICAL vulnerability from live CVE databases
 - 🟠 **HIGH**: 1 direct dependencies have known security issues
-- 🟠 **HIGH**: Depends on "follow-redirects" which has SSRF CVE-2024-28849
 
 ## 🛠️ What Should You Do?
 
 **Immediate:**
 - Upgrade to the latest version (`npm update axios`)
-- Review the security incident details above
-- Consider replacing with [got](https://nrupak.com/trust/got)
+- Or replace with [got](https://nrupak.com/trust/got)
 
-**Always:**
-- Pin exact version: `"axios": "1.14.0"`
-- Run `pkgtrust scan` in your CI pipeline
-- Monitor: [nrupak.com/trust/axios](https://nrupak.com/trust/axios)
+**Always:** Pin version, run `pkgtrust scan` in CI, monitor at [nrupak.com/trust/axios](https://nrupak.com/trust/axios)
 
 ## 🔄 Safer Alternatives
 
-| Package | Why | Trust Report |
-|---------|-----|-------------|
-| **got** | No known breaches, better error handling | [View score](https://nrupak.com/trust/got) |
-| **node-fetch** | Lightweight, fewer dependencies | [View score](https://nrupak.com/trust/node-fetch) |
-| **undici** | Node.js built-in HTTP client (Node 18+) | [View score](https://nrupak.com/trust/undici) |
+| Package | Why | npm | Trust Score |
+|---------|-----|-----|-------------|
+| **got** | No known breaches, better error handling | [npm](https://www.npmjs.com/package/got) | [View score](https://nrupak.com/trust/got) |
+| **node-fetch** | Lightweight, fewer dependencies | [npm](https://www.npmjs.com/package/node-fetch) | [View score](https://nrupak.com/trust/node-fetch) |
+| **undici** | Node.js built-in HTTP client (Node 18+) | [npm](https://www.npmjs.com/package/undici) | [View score](https://nrupak.com/trust/undici) |
 
-## Maintainers
+## Maintainers (1)
 
-- **jasonsaayman** ✅ 2FA enabled (org email)
+- [jasonsaayman](https://www.npmjs.com/~jasonsaayman) ✅ 2FA (org email) — [Trust profile](https://nrupak.com/trust/maintainer/jasonsaayman)
 
-## Methodology
-
-This score is computed from **18+ signals** across **4 categories**:
-- **Maintainer Trust (35%)**: Account age, 2FA, publish cadence, maintainer changes, email domain
-- **Package Health (25%)**: Install scripts, dependency count, license, provenance, size changes, code quality
-- **Supply Chain (25%)**: Live CVEs from 8 databases, known breaches, typosquatting, transitive risk
-- **Community (15%)**: GitHub stars, contributors, CI, OpenSSF Scorecard, npms.io quality
-
-[Full scoring methodology →](https://nrupak.com/trust)
-
-## Check Your Project
-
-```bash
-# Install pkgtrust
-npm install -g @cyberhub/pkgtrust
-
-# Scan a specific package
-pkgtrust scan axios
-
-# Scan all your dependencies
-pkgtrust scan
-
-# Compare alternatives
-pkgtrust compare axios got node-fetch
-```
+**Methodology:** 18+ signals across 4 categories (Maintainer 35%, Package 25%, Supply Chain 25%, Community 15%). [Full scoring docs →](https://nrupak.com/trust)
 
+**Check your project:** `npm i -g @cyberhub/pkgtrust && pkgtrust scan axios` — [CLI docs](https://npmjs.com/package/@cyberhub/pkgtrust)
 **Data Sources:** GitHub Advisories · OSV.dev · npm audit · Snyk · Socket.dev · npms.io · Bundlephobia · deps.dev
 
 ---
 
 *Report by [pkgtrust](https://nrupak.com/trust/axios) · [Dashboard](https://nrupak.com/trust) · [Compare](https://nrupak.com/trust/compare) · [CLI](https://npmjs.com/package/@cyberhub/pkgtrust)*
 
-*This is an automated security report. Not affiliated with the axios team. Updated 2026-04-02.*
+*This is an automated security report. Not affiliated with the axios team. Updated 2026-04-03.*

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@cyberhub/trust-axios",
-  "version": "1.0.2",
-  "description": "Security Trust Report: axios@1.14.0 — 62/100 (C+, standard). 1 vulnerability found. Maintainer risk, supply chain analysis from 8 security databases.",
+  "version": "1.0.4",
+  "description": "Security Trust Report: axios@1.14.0 — 64/100 (C+, standard). 1 vulnerability found. Maintainer risk, supply chain analysis from 8 security databases.",
   "keywords": [
     "axios",
     "axios",