@cyberhub/trust-flatmap-stream 1.0.58 → 1.0.59

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +9 -5
  2. package/package.json +3 -2
package/README.md CHANGED
@@ -1,12 +1,12 @@
1
1
  # Security Trust Report: flatmap-stream
2
2
 
3
- **flatmap-stream@0.0.1-security: 61/100 | Grade: C+ | Tier: STANDARD** (confidence: ±3)
3
+ **flatmap-stream@0.0.1-security: 50/100 | Grade: C | Tier: STANDARD** (confidence: ±3)
4
4
 
5
5
  > Data verified on 2026-04-02 from 8 security databases.
6
6
 
7
7
  ## TL;DR
8
8
 
9
- - **2 vulnerabilities found** (0 critical, 0 high)
9
+ - **2 vulnerabilities found** (2 critical, 0 high)
10
10
  - Pin your version and monitor for changes
11
11
 
12
12
  ## Score Breakdown
@@ -14,27 +14,31 @@
14
14
  ```
15
15
  Maintainer Trust: ███████████░░░░░░░░░ 55/100
16
16
  Package Health: ████████████████░░░░ 80/100
17
- Supply Chain: █████████████░░░░░░░ 64/100
18
- Community: ████████░░░░░░░░░░░░ 40/100
17
+ Supply Chain: ███░░░░░░░░░░░░░░░░░ 14/100
18
+ Community: █████████░░░░░░░░░░░ 47/100
19
19
  ```
20
20
 
21
21
  ### Why this score?
22
22
 
23
23
  - Maintainer Trust is 55 because: single maintainer (bus factor risk)
24
- - Community is 40 because: no public GitHub repo linked (may be private or on another platform)
24
+ - Supply Chain is 14 because: 2 known CVEs, in breach database
25
+ - Community is 47 because: GitHub repo inactive
25
26
 
26
27
  ## Vulnerabilities (2 vulnerabilities)
27
28
 
28
29
  | Severity | Count |
29
30
  |----------|-------|
31
+ | 🔴 Critical | 2 |
30
32
  | ⚪ Low | 2 |
31
33
 
34
+ - [GHSA-9x64-5r7x-2q53](https://github.com/advisories/GHSA-9x64-5r7x-2q53)
32
35
  - [GHSA-mh6f-8j2x-4483](https://github.com/advisories/GHSA-mh6f-8j2x-4483)
33
36
  - MAL-2025-20690
34
37
 
35
38
  ## Key Risk Flags
36
39
 
37
40
  - 🔴 **CRITICAL**: HISTORICAL BREACH: Cryptocurrency stealing payload (2018)
41
+ - 🔴 **CRITICAL**: 2 CRITICAL vulnerabilities from live CVE databases
38
42
  - 🟠 **HIGH**: Primary maintainer account is less than 6 months old (0 days)
39
43
  - 🟠 **HIGH**: No license declared
40
44
 
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@cyberhub/trust-flatmap-stream",
3
- "version": "1.0.58",
4
- "description": "Security Trust Report: flatmap-stream@0.0.1-security — 61/100 (C+, standard). 2 vulnerabilities found. Maintainer risk, supply chain analysis from 8 security databases.",
3
+ "version": "1.0.59",
4
+ "description": "Security Trust Report: flatmap-stream@0.0.1-security — 50/100 (C, standard). 2 vulnerabilities found. Maintainer risk, supply chain analysis from 8 security databases.",
5
5
  "keywords": [
6
6
  "flatmap-stream",
7
7
  "flatmap-stream",
@@ -17,6 +17,7 @@
17
17
  "scan",
18
18
  "risk",
19
19
  "risk-assessment",
20
+ "GHSA-9x64-5r7x-2q53",
20
21
  "GHSA-mh6f-8j2x-4483",
21
22
  "MAL-2025-20690",
22
23
  "standard"