@cyberhub/trust-flatmap-stream 1.0.60 → 1.0.61

package/README.md

@@ -1,12 +1,12 @@
 # Security Trust Report: flatmap-stream
 
-**flatmap-stream@0.0.1-security: 61/100 | Grade: C+ | Tier: STANDARD** (confidence: ±3)
+**[flatmap-stream@0.0.1-security](https://www.npmjs.com/package/flatmap-stream): 50/100 | Grade: C | Tier: STANDARD** (confidence: ±3)
 
-> Data verified on 2026-04-02 from 8 security databases.
+> Scanned on 2026-04-03 from 8 security databases. [View package on npm →](https://www.npmjs.com/package/flatmap-stream)
 
 ## TL;DR
 
-- **2 vulnerabilities found** (0 critical, 0 high)
+- **2 vulnerabilities found** (2 critical, 0 high)
 - Pin your version and monitor for changes
 
 ## Score Breakdown
@@ -14,27 +14,31 @@
 ```
 Maintainer Trust:  ███████████░░░░░░░░░ 55/100
 Package Health:    ████████████████░░░░ 80/100
-Supply Chain:      █████████████░░░░░░░ 64/100
-Community:         ████████░░░░░░░░░░░░ 40/100
+Supply Chain:      ███░░░░░░░░░░░░░░░░░ 14/100
+Community:         █████████░░░░░░░░░░░ 47/100
 ```
 
 ### Why this score?
 
 - Maintainer Trust is 55 because: single maintainer (bus factor risk)
-- Community is 40 because: no public GitHub repo linked (may be private or on another platform)
+- Supply Chain is 14 because: 2 known CVEs, in breach database
+- Community is 47 because: GitHub repo inactive
 
 ## Vulnerabilities (2 vulnerabilities)
 
 | Severity | Count |
 |----------|-------|
+| 🔴 Critical | 2 |
 | ⚪ Low | 2 |
 
+- [GHSA-9x64-5r7x-2q53](https://github.com/advisories/GHSA-9x64-5r7x-2q53)
 - [GHSA-mh6f-8j2x-4483](https://github.com/advisories/GHSA-mh6f-8j2x-4483)
 - MAL-2025-20690
 
 ## Key Risk Flags
 
 - 🔴 **CRITICAL**: HISTORICAL BREACH: Cryptocurrency stealing payload (2018)
+- 🔴 **CRITICAL**: 2 CRITICAL vulnerabilities from live CVE databases
 - 🟠 **HIGH**: Primary maintainer account is less than 6 months old (0 days)
 - 🟠 **HIGH**: No license declared
 
@@ -45,9 +49,9 @@ Community:         ████████░░░░░░░░░░░░
 
 **Always:** Pin version, run `pkgtrust scan` in CI, monitor at [nrupak.com/trust/flatmap-stream](https://nrupak.com/trust/flatmap-stream)
 
-## Maintainers
+## Maintainers (1)
 
-- [npm](https://nrupak.com/trust/maintainer/npm) ✅ 2FA (org)
+- [npm](https://www.npmjs.com/~npm) ✅ 2FA (org email) — [Trust profile](https://nrupak.com/trust/maintainer/npm)
 
 **Methodology:** 18+ signals across 4 categories (Maintainer 35%, Package 25%, Supply Chain 25%, Community 15%). [Full scoring docs →](https://nrupak.com/trust)
 
@@ -58,4 +62,4 @@ Community:         ████████░░░░░░░░░░░░
 
 *Report by [pkgtrust](https://nrupak.com/trust/flatmap-stream) · [Dashboard](https://nrupak.com/trust) · [Compare](https://nrupak.com/trust/compare) · [CLI](https://npmjs.com/package/@cyberhub/pkgtrust)*
 
-*This is an automated security report. Not affiliated with the flatmap-stream team. Updated 2026-04-02.*
+*This is an automated security report. Not affiliated with the flatmap-stream team. Updated 2026-04-03.*

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@cyberhub/trust-flatmap-stream",
-  "version": "1.0.60",
-  "description": "Security Trust Report: flatmap-stream@0.0.1-security — 61/100 (C+, standard). 2 vulnerabilities found. Maintainer risk, supply chain analysis from 8 security databases.",
+  "version": "1.0.61",
+  "description": "Security Trust Report: flatmap-stream@0.0.1-security — 50/100 (C, standard). 2 vulnerabilities found. Maintainer risk, supply chain analysis from 8 security databases.",
   "keywords": [
     "flatmap-stream",
     "flatmap-stream",
@@ -17,6 +17,7 @@
     "scan",
     "risk",
     "risk-assessment",
+    "GHSA-9x64-5r7x-2q53",
     "GHSA-mh6f-8j2x-4483",
     "MAL-2025-20690",
     "standard"