@cyberhub/trust-colors 1.0.62 → 1.0.64

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +22 -16
  2. package/package.json +6 -4
package/README.md CHANGED
@@ -1,12 +1,12 @@
1
1
  # Security Trust Report: colors
2
2
 
3
- **colors@1.4.0: 47/100 | Grade: C | Tier: CAUTION** (confidence: ±3)
3
+ **[colors@1.4.0](https://www.npmjs.com/package/colors): 46/100 | Grade: C | Tier: CAUTION** (confidence: ±3)
4
4
 
5
- > Data verified on 2026-04-02 from 8 security databases.
5
+ > Scanned on 2026-04-03 from 8 security databases. [View package on npm →](https://www.npmjs.com/package/colors)
6
6
 
7
7
  ## TL;DR
8
8
 
9
- - **Security incident detected** compromised via account takeover/sabotage
9
+ - **2 vulnerabilities found** (0 critical, 2 high)
10
10
  - Consider switching to **chalk** (Most popular terminal color library)
11
11
  - **Action required:** Review flags below and upgrade or replace this package
12
12
 
@@ -19,26 +19,32 @@ In January 2022, maintainer marak deliberately sabotaged the package by adding a
19
19
  ```
20
20
  Maintainer Trust: █████████░░░░░░░░░░░ 44/100
21
21
  Package Health: ██████████████████░░ 88/100
22
- Supply Chain: ██░░░░░░░░░░░░░░░░░░ 10/100
22
+ Supply Chain: █░░░░░░░░░░░░░░░░░░░ 5/100
23
23
  Community: █████████░░░░░░░░░░░ 47/100
24
24
  ```
25
25
 
26
26
  ### Why this score?
27
27
 
28
28
  - Maintainer Trust is 44 because: single maintainer (bus factor risk)
29
- - Supply Chain is 10 because: 1 security incident(s) in breach database, in breach database
29
+ - Supply Chain is 5 because: 2 known CVEs, in breach database
30
30
  - Community is 47 because: no public GitHub repo linked (may be private or on another platform)
31
31
 
32
- ## ⚠️ Security Incident
32
+ ## Vulnerabilities (2 vulnerabilities)
33
33
 
34
- This package was compromised via account takeover/sabotage (no CVE assigned). See Security Incident Background above for details.
34
+ | Severity | Count |
35
+ |----------|-------|
36
+ | 🟠 High | 2 |
37
+
38
+ - [CVE-2021-23567](https://nvd.nist.gov/vuln/detail/CVE-2021-23567)
39
+ - [GHSA-gh88-3pxp-6fm8](https://github.com/advisories/GHSA-gh88-3pxp-6fm8)
40
+ - [GHSA-5rqg-jm4f-cqx7](https://github.com/advisories/GHSA-5rqg-jm4f-cqx7)
35
41
 
36
42
  ## Key Risk Flags
37
43
 
38
44
  - 🔴 **CRITICAL**: Package name "colors" is 2 edit(s) from popular "cors"
39
45
  - 🔴 **CRITICAL**: HISTORICAL BREACH: Maintainer sabotaged with infinite loop (2022)
40
- - 🔴 **CRITICAL**: 1 CRITICAL security incident from breach database (no CVE assigned)
41
46
  - 🔴 **CRITICAL**: Maintainer "marak" has history of package sabotage
47
+ - 🟠 **HIGH**: 2 HIGH vulnerabilities detected
42
48
 
43
49
  ## 🛠️ What Should You Do?
44
50
 
@@ -51,15 +57,15 @@ This package was compromised via account takeover/sabotage (no CVE assigned). Se
51
57
 
52
58
  ## 🔄 Safer Alternatives
53
59
 
54
- | Package | Why | Trust Report |
55
- |---------|-----|-------------|
56
- | **chalk** | Most popular terminal color library | [View score](https://nrupak.com/trust/chalk) |
57
- | **picocolors** | Tiny, fast, zero dependencies | [View score](https://nrupak.com/trust/picocolors) |
58
- | **kleur** | Lightweight alternative | [View score](https://nrupak.com/trust/kleur) |
60
+ | Package | Why | npm | Trust Score |
61
+ |---------|-----|-----|-------------|
62
+ | **chalk** | Most popular terminal color library | [npm](https://www.npmjs.com/package/chalk) | [View score](https://nrupak.com/trust/chalk) |
63
+ | **picocolors** | Tiny, fast, zero dependencies | [npm](https://www.npmjs.com/package/picocolors) | [View score](https://nrupak.com/trust/picocolors) |
64
+ | **kleur** | Lightweight alternative | [npm](https://www.npmjs.com/package/kleur) | [View score](https://nrupak.com/trust/kleur) |
59
65
 
60
- ## Maintainers
66
+ ## Maintainers (1)
61
67
 
62
- - ⛔ **[marak](https://nrupak.com/trust/maintainer/marak)** — COMPROMISED: Deliberately sabotaged colors and faker (2022)
68
+ - ⛔ **[marak](https://www.npmjs.com/~marak)** — COMPROMISED: Deliberately sabotaged colors and faker (2022) ([Trust profile](https://nrupak.com/trust/maintainer/marak))
63
69
 
64
70
  **Methodology:** 18+ signals across 4 categories (Maintainer 35%, Package 25%, Supply Chain 25%, Community 15%). [Full scoring docs →](https://nrupak.com/trust)
65
71
 
@@ -70,4 +76,4 @@ This package was compromised via account takeover/sabotage (no CVE assigned). Se
70
76
 
71
77
  *Report by [pkgtrust](https://nrupak.com/trust/colors) · [Dashboard](https://nrupak.com/trust) · [Compare](https://nrupak.com/trust/compare) · [CLI](https://npmjs.com/package/@cyberhub/pkgtrust)*
72
78
 
73
- *This is an automated security report. Not affiliated with the colors team. Updated 2026-04-02.*
79
+ *This is an automated security report. Not affiliated with the colors team. Updated 2026-04-03.*
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@cyberhub/trust-colors",
3
- "version": "1.0.62",
4
- "description": "Security Trust Report: colors@1.4.0 — 47/100 (C, caution). Security incident detected. Maintainer risk, supply chain analysis from 8 security databases.",
3
+ "version": "1.0.64",
4
+ "description": "Security Trust Report: colors@1.4.0 — 46/100 (C, caution). 2 vulnerabilities found. Maintainer risk, supply chain analysis from 8 security databases.",
5
5
  "keywords": [
6
6
  "colors",
7
7
  "colors",
@@ -17,10 +17,12 @@
17
17
  "scan",
18
18
  "risk",
19
19
  "risk-assessment",
20
+ "CVE-2021-23567",
21
+ "GHSA-gh88-3pxp-6fm8",
22
+ "GHSA-5rqg-jm4f-cqx7",
20
23
  "chalk",
21
24
  "picocolors",
22
- "kleur",
23
- "caution"
25
+ "kleur"
24
26
  ],
25
27
  "license": "MIT",
26
28
  "author": "Nrupak Shah <nrupaks@gmail.com>",