@cyberhub/trust-faker 1.0.4 → 1.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -33
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -47,14 +47,11 @@ Community: █████████░░░░░░░░░░░
|
|
|
47
47
|
## 🛠️ What Should You Do?
|
|
48
48
|
|
|
49
49
|
**Immediate:**
|
|
50
|
-
-
|
|
51
|
-
-
|
|
52
|
-
-
|
|
50
|
+
- 📌 Pin to known-safe version: **Use @faker-js/faker instead (community fork)**
|
|
51
|
+
- 🔄 Or replace with [@faker-js/faker](https://nrupak.com/trust/%40faker-js%2Ffaker) — Community fork, actively maintained
|
|
52
|
+
- 📖 Review the security incident above
|
|
53
53
|
|
|
54
|
-
**Always:**
|
|
55
|
-
- Pin exact version: `"faker": "6.6.6"`
|
|
56
|
-
- Run `pkgtrust scan` in your CI pipeline
|
|
57
|
-
- Monitor: [nrupak.com/trust/faker](https://nrupak.com/trust/faker)
|
|
54
|
+
**Always:** Pin version, run `pkgtrust scan` in CI, monitor at [nrupak.com/trust/faker](https://nrupak.com/trust/faker)
|
|
58
55
|
|
|
59
56
|
## 🔄 Safer Alternatives
|
|
60
57
|
|
|
@@ -65,34 +62,11 @@ Community: █████████░░░░░░░░░░░
|
|
|
65
62
|
|
|
66
63
|
## Maintainers
|
|
67
64
|
|
|
68
|
-
- **marak**
|
|
65
|
+
- ⛔ **[marak](https://nrupak.com/trust/maintainer/marak)** — COMPROMISED: Deliberately sabotaged colors and faker (2022)
|
|
69
66
|
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
This score is computed from **18+ signals** across **4 categories**:
|
|
73
|
-
- **Maintainer Trust (35%)**: Account age, 2FA, publish cadence, maintainer changes, email domain
|
|
74
|
-
- **Package Health (25%)**: Install scripts, dependency count, license, provenance, size changes, code quality
|
|
75
|
-
- **Supply Chain (25%)**: Live CVEs from 8 databases, known breaches, typosquatting, transitive risk
|
|
76
|
-
- **Community (15%)**: GitHub stars, contributors, CI, OpenSSF Scorecard, npms.io quality
|
|
77
|
-
|
|
78
|
-
[Full scoring methodology →](https://nrupak.com/trust)
|
|
79
|
-
|
|
80
|
-
## Check Your Project
|
|
81
|
-
|
|
82
|
-
```bash
|
|
83
|
-
# Install pkgtrust
|
|
84
|
-
npm install -g @cyberhub/pkgtrust
|
|
85
|
-
|
|
86
|
-
# Scan a specific package
|
|
87
|
-
pkgtrust scan faker
|
|
88
|
-
|
|
89
|
-
# Scan all your dependencies
|
|
90
|
-
pkgtrust scan
|
|
91
|
-
|
|
92
|
-
# Compare alternatives
|
|
93
|
-
pkgtrust compare faker @faker-js/faker chance
|
|
94
|
-
```
|
|
67
|
+
**Methodology:** 18+ signals across 4 categories (Maintainer 35%, Package 25%, Supply Chain 25%, Community 15%). [Full scoring docs →](https://nrupak.com/trust)
|
|
95
68
|
|
|
69
|
+
**Check your project:** `npm i -g @cyberhub/pkgtrust && pkgtrust scan faker` — [CLI docs](https://npmjs.com/package/@cyberhub/pkgtrust)
|
|
96
70
|
**Data Sources:** GitHub Advisories · OSV.dev · npm audit · Snyk · Socket.dev · npms.io · Bundlephobia · deps.dev
|
|
97
71
|
|
|
98
72
|
---
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cyberhub/trust-faker",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.6",
|
|
4
4
|
"description": "Security Trust Report: faker@6.6.6 — 54/100 (C, standard). 1 vulnerability found. Maintainer risk, supply chain analysis from 8 security databases.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"faker",
|