@cyberhub/trust-flatmap-stream 1.0.2 → 1.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -29
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -43,40 +43,15 @@ Community: ████████░░░░░░░░░░░░
|
|
|
43
43
|
**Immediate:**
|
|
44
44
|
- Upgrade to the latest version (`npm update flatmap-stream`)
|
|
45
45
|
|
|
46
|
-
**Always:**
|
|
47
|
-
- Pin exact version: `"flatmap-stream": "0.0.1-security"`
|
|
48
|
-
- Run `pkgtrust scan` in your CI pipeline
|
|
49
|
-
- Monitor: [nrupak.com/trust/flatmap-stream](https://nrupak.com/trust/flatmap-stream)
|
|
46
|
+
**Always:** Pin version, run `pkgtrust scan` in CI, monitor at [nrupak.com/trust/flatmap-stream](https://nrupak.com/trust/flatmap-stream)
|
|
50
47
|
|
|
51
48
|
## Maintainers
|
|
52
49
|
|
|
53
|
-
-
|
|
50
|
+
- [npm](https://nrupak.com/trust/maintainer/npm) ✅ 2FA (org)
|
|
54
51
|
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
This score is computed from **18+ signals** across **4 categories**:
|
|
58
|
-
- **Maintainer Trust (35%)**: Account age, 2FA, publish cadence, maintainer changes, email domain
|
|
59
|
-
- **Package Health (25%)**: Install scripts, dependency count, license, provenance, size changes, code quality
|
|
60
|
-
- **Supply Chain (25%)**: Live CVEs from 8 databases, known breaches, typosquatting, transitive risk
|
|
61
|
-
- **Community (15%)**: GitHub stars, contributors, CI, OpenSSF Scorecard, npms.io quality
|
|
62
|
-
|
|
63
|
-
[Full scoring methodology →](https://nrupak.com/trust)
|
|
64
|
-
|
|
65
|
-
## Check Your Project
|
|
66
|
-
|
|
67
|
-
```bash
|
|
68
|
-
# Install pkgtrust
|
|
69
|
-
npm install -g @cyberhub/pkgtrust
|
|
70
|
-
|
|
71
|
-
# Scan a specific package
|
|
72
|
-
pkgtrust scan flatmap-stream
|
|
73
|
-
|
|
74
|
-
# Scan all your dependencies
|
|
75
|
-
pkgtrust scan
|
|
76
|
-
|
|
77
|
-
# Compare alternatives
|
|
78
|
-
```
|
|
52
|
+
**Methodology:** 18+ signals across 4 categories (Maintainer 35%, Package 25%, Supply Chain 25%, Community 15%). [Full scoring docs →](https://nrupak.com/trust)
|
|
79
53
|
|
|
54
|
+
**Check your project:** `npm i -g @cyberhub/pkgtrust && pkgtrust scan flatmap-stream` — [CLI docs](https://npmjs.com/package/@cyberhub/pkgtrust)
|
|
80
55
|
**Data Sources:** GitHub Advisories · OSV.dev · npm audit · Snyk · Socket.dev · npms.io · Bundlephobia · deps.dev
|
|
81
56
|
|
|
82
57
|
---
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cyberhub/trust-flatmap-stream",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.4",
|
|
4
4
|
"description": "Security Trust Report: flatmap-stream@0.0.1-security — 61/100 (C+, standard). 2 vulnerabilities found. Maintainer risk, supply chain analysis from 8 security databases.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"flatmap-stream",
|