@cyberhub/trust-zjsfe-core 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +58 -0
  2. package/package.json +29 -0
package/README.md ADDED
@@ -0,0 +1,58 @@
1
+ # Security Trust Report: @zjsfe/core
2
+
3
+ **[@zjsfe/core@1.0.33](https://www.npmjs.com/package/%40zjsfe%2Fcore): 52/100 | Grade: C | Tier: STANDARD** (confidence: ±3)
4
+
5
+ > Scanned on 2026-04-09 from 8 security databases. [View package on npm →](https://www.npmjs.com/package/%40zjsfe%2Fcore)
6
+
7
+ ## TL;DR
8
+
9
+ - **Package name "@zjsfe/core" is 1 edit(s) from popular "cors"**
10
+ - Pin your version and monitor for changes
11
+
12
+ ## Score Breakdown
13
+
14
+ ```
15
+ Maintainer Trust: ████████████░░░░░░░░ 59/100
16
+ Package Health: ███████████████░░░░░ 75/100
17
+ Supply Chain: ██████░░░░░░░░░░░░░░ 28/100
18
+ Community: ████████░░░░░░░░░░░░ 40/100
19
+ ```
20
+
21
+ ### Why this score?
22
+
23
+ - Maintainer Trust is 59 because: single maintainer (bus factor risk)
24
+ - Supply Chain is 28 because: risky dependencies
25
+ - Community is 40 because: no public GitHub repo linked (may be private or on another platform)
26
+
27
+ ## Vulnerabilities
28
+
29
+ ✅ No known vulnerabilities detected across 8 security databases.
30
+
31
+ ## Key Risk Flags
32
+
33
+ - 🔴 **CRITICAL**: Package name "@zjsfe/core" is 1 edit(s) from popular "cors"
34
+ - 🟠 **HIGH**: Primary maintainer account is less than 6 months old (0 days)
35
+ - 🟠 **HIGH**: 61 direct dependencies — large attack surface
36
+ - 🟠 **HIGH**: Depends on historically compromised package: semver
37
+ - 🟠 **HIGH**: 1 direct dependencies have known security issues
38
+
39
+ ## 🛠️ What Should You Do?
40
+
41
+ **Immediate:**
42
+
43
+ **Always:** Pin version, run `pkgtrust scan` in CI, monitor at [nrupak.com/trust/@zjsfe/core](https://nrupak.com/trust/%40zjsfe%2Fcore)
44
+
45
+ ## Maintainers (1)
46
+
47
+ - [skyrrrt](https://www.npmjs.com/~skyrrrt) ✅ 2FA (freemail) — [Trust profile](https://nrupak.com/trust/maintainer/skyrrrt)
48
+
49
+ **Methodology:** 18+ signals across 4 categories (Maintainer 35%, Package 25%, Supply Chain 25%, Community 15%). [Full scoring docs →](https://nrupak.com/trust)
50
+
51
+ **Check your project:** `npm i -g @cyberhub/pkgtrust && pkgtrust scan @zjsfe/core` — [CLI docs](https://npmjs.com/package/@cyberhub/pkgtrust)
52
+ **Data Sources:** GitHub Advisories · OSV.dev · npm audit · Snyk · Socket.dev · npms.io · Bundlephobia · deps.dev · CISA KEV · Packagephobia · OpenSSF Scorecard · Ecosyste.ms · GitHub Enhanced · Keybase · npm Provenance
53
+
54
+ ---
55
+
56
+ *Report by [pkgtrust](https://nrupak.com/trust/%40zjsfe%2Fcore) · [Dashboard](https://nrupak.com/trust) · [Compare](https://nrupak.com/trust/compare) · [CLI](https://npmjs.com/package/@cyberhub/pkgtrust)*
57
+
58
+ *This is an automated security report. Not affiliated with the @zjsfe/core team. Updated 2026-04-09.*
package/package.json ADDED
@@ -0,0 +1,29 @@
1
+ {
2
+ "name": "@cyberhub/trust-zjsfe-core",
3
+ "version": "1.0.0",
4
+ "description": "Security Trust Report: @zjsfe/core@1.0.33 — 52/100 (C, standard). Maintainer risk, supply chain analysis from 8 security databases.",
5
+ "keywords": [
6
+ "zjsfe-core",
7
+ "zjsfe-core",
8
+ "security",
9
+ "security-report",
10
+ "trust-score",
11
+ "vulnerability",
12
+ "npm-audit",
13
+ "npm-security",
14
+ "supply-chain",
15
+ "pkgtrust",
16
+ "audit",
17
+ "scan",
18
+ "risk",
19
+ "risk-assessment",
20
+ "standard"
21
+ ],
22
+ "license": "MIT",
23
+ "author": "Nrupak Shah <nrupaks@gmail.com>",
24
+ "repository": {
25
+ "type": "git",
26
+ "url": "https://github.com/nrupaks/pkgtrust"
27
+ },
28
+ "homepage": "https://nrupak.com/trust/%40zjsfe%2Fcore"
29
+ }