@cyberhub/trust-colors 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +31 -7
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -1,26 +1,29 @@
|
|
|
1
1
|
# Security Trust Report: colors
|
|
2
2
|
|
|
3
|
-
**Score:
|
|
3
|
+
**Score: 47/100 | Grade: C | Tier: CAUTION** (confidence: ±3)
|
|
4
4
|
|
|
5
|
-
>
|
|
5
|
+
> ⚠️ Notable risk factors. Review flags and actions below.
|
|
6
6
|
|
|
7
7
|
## Score Breakdown
|
|
8
8
|
|
|
9
9
|
| Category | Score |
|
|
10
10
|
|----------|-------|
|
|
11
11
|
| Maintainer Trust | 44/100 |
|
|
12
|
-
| Package Health |
|
|
13
|
-
| Supply Chain |
|
|
12
|
+
| Package Health | 88/100 |
|
|
13
|
+
| Supply Chain | 10/100 |
|
|
14
14
|
| Community | 47/100 |
|
|
15
15
|
|
|
16
16
|
## Vulnerabilities
|
|
17
17
|
|
|
18
|
-
|
|
18
|
+
**1 vulnerabilities** (Critical: 1, High: 0, Medium: 0)
|
|
19
|
+
|
|
20
|
+
|
|
19
21
|
|
|
20
22
|
## Flags
|
|
21
23
|
|
|
22
24
|
- **CRITICAL**: Package name "colors" is 2 edit(s) from popular "cors"
|
|
23
25
|
- **CRITICAL**: HISTORICAL BREACH: Maintainer sabotaged with infinite loop (2022)
|
|
26
|
+
- **CRITICAL**: 1 CRITICAL vulnerability(ies) from live CVE databases
|
|
24
27
|
- **CRITICAL**: Maintainer "marak" has history of package sabotage
|
|
25
28
|
- **MEDIUM**: New maintainer(s) added in v0.5.1: marak
|
|
26
29
|
- **MEDIUM**: New maintainer(s) added in v1.2.0-rc0: dabh
|
|
@@ -28,11 +31,32 @@ No known vulnerabilities.
|
|
|
28
31
|
- **MEDIUM**: Package dormant — last published 2383 days ago
|
|
29
32
|
- **MEDIUM**: No GitHub repo found — community signals unavailable
|
|
30
33
|
- **LOW**: Single maintainer using free email service
|
|
34
|
+
- **LOW**: High-download package with no detected test framework
|
|
31
35
|
- **INFO**: Published with 2FA enabled (signed)
|
|
32
36
|
|
|
37
|
+
## 🛠️ What Should You Do?
|
|
38
|
+
|
|
39
|
+
**Immediate actions:**
|
|
40
|
+
- ⛔ Package name "colors" is 2 edit(s) from popular "cors"
|
|
41
|
+
- ⛔ HISTORICAL BREACH: Maintainer sabotaged with infinite loop (2022)
|
|
42
|
+
- ⛔ 1 CRITICAL vulnerability(ies) from live CVE databases
|
|
43
|
+
|
|
44
|
+
|
|
45
|
+
**Replace this package** with a safer alternative (see below).
|
|
46
|
+
|
|
47
|
+
## 🔄 Alternatives
|
|
48
|
+
|
|
49
|
+
| Package | Why |
|
|
50
|
+
|---------|-----|
|
|
51
|
+
| [chalk](https://nrupak.com/trust/chalk) | Most popular terminal color library |
|
|
52
|
+
| [picocolors](https://nrupak.com/trust/picocolors) | Tiny, fast, zero dependencies |
|
|
53
|
+
| [kleur](https://nrupak.com/trust/kleur) | Lightweight alternative |
|
|
54
|
+
|
|
33
55
|
## Maintainers
|
|
34
56
|
|
|
35
|
-
- marak
|
|
57
|
+
- marak ✅ 2FA
|
|
58
|
+
|
|
59
|
+
**Sources:** GitHub Advisories · OSV.dev · npm audit · Snyk · Socket.dev · npms.io · Bundlephobia · deps.dev
|
|
36
60
|
|
|
37
61
|
---
|
|
38
|
-
*[pkgtrust](https://nrupak.com/trust/colors) | [
|
|
62
|
+
*[pkgtrust](https://nrupak.com/trust/colors) | [Compare](https://nrupak.com/trust/compare) | [CLI](https://npmjs.com/package/@cyberhub/pkgtrust) | Updated 2026-04-02*
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cyberhub/trust-colors",
|
|
3
|
-
"version": "1.0.
|
|
4
|
-
"description": "Security Trust Report for colors —
|
|
3
|
+
"version": "1.0.1",
|
|
4
|
+
"description": "Security Trust Report for colors — 47/100 (C, caution). 8 security databases.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"colors",
|
|
7
7
|
"security",
|