@cyberhub/trust-flatmap-stream 1.0.0 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +70 -21
  2. package/package.json +15 -4
package/README.md CHANGED
@@ -1,37 +1,86 @@
1
1
  # Security Trust Report: flatmap-stream
2
2
 
3
- **Score: 63/100 | Grade: C+ | Tier: STANDARD**
3
+ **flatmap-stream@0.0.1-security: 61/100 | Grade: C+ | Tier: STANDARD** (confidence: ±3)
4
4
 
5
- > This package has notable risk factors. Review flags below.
5
+ > Data verified on 2026-04-02 from 8 security databases.
6
+
7
+ ## TL;DR
8
+
9
+ - **2 vulnerabilities found** (0 critical, 0 high)
10
+ - Pin your version and monitor for changes
6
11
 
7
12
  ## Score Breakdown
8
13
 
9
- | Category | Score |
14
+ ```
15
+ Maintainer Trust: ███████████░░░░░░░░░ 55/100
16
+ Package Health: ████████████████░░░░ 80/100
17
+ Supply Chain: █████████████░░░░░░░ 64/100
18
+ Community: ████████░░░░░░░░░░░░ 40/100
19
+ ```
20
+
21
+ ### Why this score?
22
+
23
+ - Maintainer Trust is 55 because: single maintainer (bus factor risk)
24
+ - Community is 40 because: no GitHub repo found
25
+
26
+ ## Vulnerabilities (2 vulnerabilities)
27
+
28
+ | Severity | Count |
10
29
  |----------|-------|
11
- | Maintainer Trust | 55/100 |
12
- | Package Health | 88/100 |
13
- | Supply Chain | 64/100 |
14
- | Community | 40/100 |
30
+ | Low | 2 |
31
+
32
+ - [GHSA-mh6f-8j2x-4483](https://github.com/advisories/GHSA-mh6f-8j2x-4483)
33
+ - MAL-2025-20690
34
+
35
+ ## Key Risk Flags
15
36
 
16
- ## Vulnerabilities
37
+ - 🔴 **CRITICAL**: HISTORICAL BREACH: Cryptocurrency stealing payload (2018)
38
+ - 🟠 **HIGH**: Primary maintainer account is less than 6 months old (0 days)
39
+ - 🟠 **HIGH**: No license declared
17
40
 
18
- **2 vulnerabilities** (Critical: 0, High: 0)
41
+ ## 🛠️ What Should You Do?
19
42
 
20
- ## Flags
43
+ **Immediate:**
44
+ - Upgrade to the latest version (`npm update flatmap-stream`)
21
45
 
22
- - **CRITICAL**: HISTORICAL BREACH: Cryptocurrency stealing payload (2018)
23
- - **HIGH**: Primary maintainer account is less than 6 months old (0 days)
24
- - **HIGH**: No license declared
25
- - **MEDIUM**: Maintainer has only published 0 version(s)
26
- - **MEDIUM**: Single maintainer — bus factor risk
27
- - **MEDIUM**: Package dormant — last published 2680 days ago
28
- - **MEDIUM**: No GitHub repo found — community signals unavailable
29
- - **INFO**: Published with 2FA enabled (signed)
30
- - **INFO**: Package has provenance signatures
46
+ **Always:**
47
+ - Pin exact version: `"flatmap-stream": "0.0.1-security"`
48
+ - Run `pkgtrust scan` in your CI pipeline
49
+ - Monitor: [nrupak.com/trust/flatmap-stream](https://nrupak.com/trust/flatmap-stream)
31
50
 
32
51
  ## Maintainers
33
52
 
34
- - npm (2FA)
53
+ - **npm** ✅ 2FA enabled (org email)
54
+
55
+ ## Methodology
56
+
57
+ This score is computed from **18+ signals** across **4 categories**:
58
+ - **Maintainer Trust (35%)**: Account age, 2FA, publish cadence, maintainer changes, email domain
59
+ - **Package Health (25%)**: Install scripts, dependency count, license, provenance, size changes, code quality
60
+ - **Supply Chain (25%)**: Live CVEs from 8 databases, known breaches, typosquatting, transitive risk
61
+ - **Community (15%)**: GitHub stars, contributors, CI, OpenSSF Scorecard, npms.io quality
62
+
63
+ [Full scoring methodology →](https://nrupak.com/trust)
64
+
65
+ ## Check Your Project
66
+
67
+ ```bash
68
+ # Install pkgtrust
69
+ npm install -g @cyberhub/pkgtrust
70
+
71
+ # Scan a specific package
72
+ pkgtrust scan flatmap-stream
73
+
74
+ # Scan all your dependencies
75
+ pkgtrust scan
76
+
77
+ # Compare alternatives
78
+ ```
79
+
80
+ **Data Sources:** GitHub Advisories · OSV.dev · npm audit · Snyk · Socket.dev · npms.io · Bundlephobia · deps.dev
35
81
 
36
82
  ---
37
- *[pkgtrust](https://nrupak.com/trust/flatmap-stream) | [Dashboard](https://nrupak.com/trust) | Updated 2026-04-02*
83
+
84
+ *Report by [pkgtrust](https://nrupak.com/trust/flatmap-stream) · [Dashboard](https://nrupak.com/trust) · [Compare](https://nrupak.com/trust/compare) · [CLI](https://npmjs.com/package/@cyberhub/pkgtrust)*
85
+
86
+ *This is an automated security report. Not affiliated with the flatmap-stream team. Updated 2026-04-02.*
package/package.json CHANGED
@@ -1,17 +1,28 @@
1
1
  {
2
2
  "name": "@cyberhub/trust-flatmap-stream",
3
- "version": "1.0.0",
4
- "description": "Security Trust Report for flatmap-stream — 63/100 (C+, standard). Maintainer risk and vulnerability analysis from 8 security databases.",
3
+ "version": "1.0.2",
4
+ "description": "Security Trust Report: flatmap-stream@0.0.1-security61/100 (C+, standard). 2 vulnerabilities found. Maintainer risk, supply chain analysis from 8 security databases.",
5
5
  "keywords": [
6
+ "flatmap-stream",
6
7
  "flatmap-stream",
7
8
  "security",
9
+ "security-report",
8
10
  "trust-score",
9
11
  "vulnerability",
12
+ "npm-audit",
13
+ "npm-security",
14
+ "supply-chain",
10
15
  "pkgtrust",
11
- "CVE"
16
+ "audit",
17
+ "scan",
18
+ "risk",
19
+ "risk-assessment",
20
+ "GHSA-mh6f-8j2x-4483",
21
+ "MAL-2025-20690",
22
+ "standard"
12
23
  ],
13
24
  "license": "MIT",
14
- "author": "Nrupak Shah",
25
+ "author": "Nrupak Shah <nrupaks@gmail.com>",
15
26
  "repository": {
16
27
  "type": "git",
17
28
  "url": "https://github.com/nrupaks/pkgtrust"