npm - @cyberhub/trust-lmnto-hms-shared - Versions diffs - 1.0.0 - Mend

@cyberhub/trust-lmnto-hms-shared 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +56 -0
package/package.json +29 -0

package/README.md ADDED Viewed

@@ -0,0 +1,56 @@
+# Security Trust Report: @lmnto/hms-shared
+**[@lmnto/hms-shared@1.0.0](https://www.npmjs.com/package/%40lmnto%2Fhms-shared): 61/100 | Grade: C+ | Tier: STANDARD** (confidence: ±3)
+> Scanned on 2026-04-09 from 8 security databases. [View package on npm →](https://www.npmjs.com/package/%40lmnto%2Fhms-shared)
+## TL;DR
+- No critical vulnerabilities from live scan
+- Pin your version and monitor for changes
+## Score Breakdown
+```
+Maintainer Trust:  ██████████████░░░░░░ 70/100
+Package Health:    ███████████████░░░░░ 74/100
+Supply Chain:      ██████████░░░░░░░░░░ 48/100
+Community:         ████████░░░░░░░░░░░░ 40/100
+```
+### Why this score?
+- Supply Chain is 48 because: risky dependencies
+- Community is 40 because: no public GitHub repo linked (may be private or on another platform)
+## Vulnerabilities
+✅ No known vulnerabilities detected across 8 security databases.
+## Key Risk Flags
+- 🟠 **HIGH**: Primary maintainer account is less than 6 months old (0 days)
+- 🟠 **HIGH**: No license declared
+- 🟠 **HIGH**: Depends on historically compromised package: axios
+- 🟠 **HIGH**: 1 direct dependencies have known security issues
+## 🛠️ What Should You Do?
+**Always:** Pin version, run `pkgtrust scan` in CI, monitor at [nrupak.com/trust/@lmnto/hms-shared](https://nrupak.com/trust/%40lmnto%2Fhms-shared)
+## Maintainers (3)
+- [ahass123](https://www.npmjs.com/~ahass123) ✅ 2FA (org email) — [Trust profile](https://nrupak.com/trust/maintainer/ahass123)
+- [it-dev-npm](https://www.npmjs.com/~it-dev-npm) ✅ 2FA (org email) — [Trust profile](https://nrupak.com/trust/maintainer/it-dev-npm)
+- [aneep-tandel](https://www.npmjs.com/~aneep-tandel) ✅ 2FA (org email) — [Trust profile](https://nrupak.com/trust/maintainer/aneep-tandel)
+**Methodology:** 18+ signals across 4 categories (Maintainer 35%, Package 25%, Supply Chain 25%, Community 15%). [Full scoring docs →](https://nrupak.com/trust)
+**Check your project:** `npm i -g @cyberhub/pkgtrust && pkgtrust scan @lmnto/hms-shared` — [CLI docs](https://npmjs.com/package/@cyberhub/pkgtrust)
+**Data Sources:** GitHub Advisories · OSV.dev · npm audit · Snyk · Socket.dev · npms.io · Bundlephobia · deps.dev · CISA KEV · Packagephobia · OpenSSF Scorecard · Ecosyste.ms · GitHub Enhanced · Keybase · npm Provenance
+---
+*Report by [pkgtrust](https://nrupak.com/trust/%40lmnto%2Fhms-shared) · [Dashboard](https://nrupak.com/trust) · [Compare](https://nrupak.com/trust/compare) · [CLI](https://npmjs.com/package/@cyberhub/pkgtrust)*
+*This is an automated security report. Not affiliated with the @lmnto/hms-shared team. Updated 2026-04-09.*

package/package.json ADDED Viewed

@@ -0,0 +1,29 @@
+{
+  "name": "@cyberhub/trust-lmnto-hms-shared",
+  "version": "1.0.0",
+  "description": "Security Trust Report: @lmnto/hms-shared@1.0.0 — 61/100 (C+, standard). Maintainer risk, supply chain analysis from 8 security databases.",
+  "keywords": [
+    "lmnto-hms-shared",
+    "lmnto-hms-shared",
+    "security",
+    "security-report",
+    "trust-score",
+    "vulnerability",
+    "npm-audit",
+    "npm-security",
+    "supply-chain",
+    "pkgtrust",
+    "audit",
+    "scan",
+    "risk",
+    "risk-assessment",
+    "standard"
+  ],
+  "license": "MIT",
+  "author": "Nrupak Shah <nrupaks@gmail.com>",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/nrupaks/pkgtrust"
+  },
+  "homepage": "https://nrupak.com/trust/%40lmnto%2Fhms-shared"
+}