@cyberhub/trust-axios 1.0.3 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +15 -16
  2. package/package.json +2 -2
package/README.md CHANGED
@@ -1,8 +1,8 @@
1
1
  # Security Trust Report: axios
2
2
 
3
- **axios@1.14.0: 62/100 | Grade: C+ | Tier: STANDARD** (confidence: ±3)
3
+ **[axios@1.14.0](https://www.npmjs.com/package/axios): 64/100 | Grade: C+ | Tier: STANDARD** (confidence: ±3)
4
4
 
5
- > Data verified on 2026-04-02 from 8 security databases.
5
+ > Scanned on 2026-04-03 from 8 security databases. [View package on npm →](https://www.npmjs.com/package/axios)
6
6
 
7
7
  ## TL;DR
8
8
 
@@ -19,14 +19,14 @@ CVE-2023-45857: CSRF token theft via cookie exposure. CVE-2024-28849: SSRF vulne
19
19
  ```
20
20
  Maintainer Trust: ████████████████░░░░ 80/100
21
21
  Package Health: ██████████████████░░ 89/100
22
- Supply Chain: ████░░░░░░░░░░░░░░░░ 19/100
22
+ Supply Chain: █████░░░░░░░░░░░░░░░ 26/100
23
23
  Community: ██████████░░░░░░░░░░ 48/100
24
24
  ```
25
25
 
26
26
  ### Why this score?
27
27
 
28
- - Supply Chain is 19 because: 1 known CVEs, in breach database, risky dependencies
29
- - Community is 48 because: no GitHub repo found
28
+ - Supply Chain is 26 because: 1 known CVEs, in breach database, risky dependencies
29
+ - Community is 48 because: no public GitHub repo linked (may be private or on another platform)
30
30
 
31
31
  ## Vulnerabilities (1 vulnerability)
32
32
 
@@ -39,10 +39,9 @@ Community: ██████████░░░░░░░░░░
39
39
 
40
40
  ## Key Risk Flags
41
41
 
42
- - 🔴 **CRITICAL**: RECENT-ISH BREACH: CSRF token theft CVE-2023-45857, SSRF via follow-redirects dependency CVE-2024-28849 (2023-2024)
43
- - 🔴 **CRITICAL**: 1 CRITICAL vulnerability(ies) from live CVE databases
42
+ - 🔴 **CRITICAL**: RECENT-ISH BREACH: CSRF token theft CVE-2023-45857, SSRF via follow-redirects dependency CVE-2024-28849 (2023-2024) ([evidence](https://nvd.nist.gov/vuln/detail/CVE-2023-45857))
43
+ - 🔴 **CRITICAL**: 1 CRITICAL vulnerability from live CVE databases
44
44
  - 🟠 **HIGH**: 1 direct dependencies have known security issues
45
- - 🟠 **HIGH**: Depends on "follow-redirects" which has SSRF CVE-2024-28849
46
45
 
47
46
  ## 🛠️ What Should You Do?
48
47
 
@@ -54,15 +53,15 @@ Community: ██████████░░░░░░░░░░
54
53
 
55
54
  ## 🔄 Safer Alternatives
56
55
 
57
- | Package | Why | Trust Report |
58
- |---------|-----|-------------|
59
- | **got** | No known breaches, better error handling | [View score](https://nrupak.com/trust/got) |
60
- | **node-fetch** | Lightweight, fewer dependencies | [View score](https://nrupak.com/trust/node-fetch) |
61
- | **undici** | Node.js built-in HTTP client (Node 18+) | [View score](https://nrupak.com/trust/undici) |
56
+ | Package | Why | npm | Trust Score |
57
+ |---------|-----|-----|-------------|
58
+ | **got** | No known breaches, better error handling | [npm](https://www.npmjs.com/package/got) | [View score](https://nrupak.com/trust/got) |
59
+ | **node-fetch** | Lightweight, fewer dependencies | [npm](https://www.npmjs.com/package/node-fetch) | [View score](https://nrupak.com/trust/node-fetch) |
60
+ | **undici** | Node.js built-in HTTP client (Node 18+) | [npm](https://www.npmjs.com/package/undici) | [View score](https://nrupak.com/trust/undici) |
62
61
 
63
- ## Maintainers
62
+ ## Maintainers (1)
64
63
 
65
- - [jasonsaayman](https://nrupak.com/trust/maintainer/jasonsaayman) ✅ 2FA (org)
64
+ - [jasonsaayman](https://www.npmjs.com/~jasonsaayman) ✅ 2FA (org email) — [Trust profile](https://nrupak.com/trust/maintainer/jasonsaayman)
66
65
 
67
66
  **Methodology:** 18+ signals across 4 categories (Maintainer 35%, Package 25%, Supply Chain 25%, Community 15%). [Full scoring docs →](https://nrupak.com/trust)
68
67
 
@@ -73,4 +72,4 @@ Community: ██████████░░░░░░░░░░
73
72
 
74
73
  *Report by [pkgtrust](https://nrupak.com/trust/axios) · [Dashboard](https://nrupak.com/trust) · [Compare](https://nrupak.com/trust/compare) · [CLI](https://npmjs.com/package/@cyberhub/pkgtrust)*
75
74
 
76
- *This is an automated security report. Not affiliated with the axios team. Updated 2026-04-02.*
75
+ *This is an automated security report. Not affiliated with the axios team. Updated 2026-04-03.*
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@cyberhub/trust-axios",
3
- "version": "1.0.3",
4
- "description": "Security Trust Report: axios@1.14.0 — 62/100 (C+, standard). 1 vulnerability found. Maintainer risk, supply chain analysis from 8 security databases.",
3
+ "version": "1.0.4",
4
+ "description": "Security Trust Report: axios@1.14.0 — 64/100 (C+, standard). 1 vulnerability found. Maintainer risk, supply chain analysis from 8 security databases.",
5
5
  "keywords": [
6
6
  "axios",
7
7
  "axios",