npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

proof-of-commitment

v1.36.0

Published

Supply chain security risk scorer for npm, PyPI, Cargo, and Go packages — behavioral signals that can't be faked

Readme

Proof of Commitment

Commitment Score

Stars lie. Behavioral signals don't.

An MCP server and web tool that scores npm packages, PyPI packages, Rust crates, Go modules, and GitHub repos on behavioral commitment — signals that are harder to fake than stars, READMEs, or download counts.

$ npx proof-of-commitment axios zod chalk lodash minimatch
Scoring 5 npm packages... done in 3.0s

Package      Risk          Score   Publishers   Downloads      Age    Provenance
chalk        🔴 CRITICAL   72      1            432.9M/wk      14.6y  —
minimatch    🔴 CRITICAL   78      1            634.1M/wk      14.9y  —
lodash       🔴 CRITICAL   80      1            158.9M/wk      14.1y  —
zod          🔴 CRITICAL   83      1            161.2M/wk      6.3y   🔐 verified
axios        🔴 CRITICAL   88      1            115.7M/wk      11.8y  🔐 verified
                ⚠ COMPROMISED — axios token theft (2026-03-30)

⚠  5 CRITICAL packages found.
   CRITICAL = sole npm publisher + >10M weekly downloads (publish-access concentration risk)

npm audit flags none of these. They're not vulnerabilities — they're attack-surface concentration. One stolen npm token, one phished maintainer, and a single push reaches the whole ecosystem (axios, March 30 2026 — happened).

The supply chain security problem

26 of the 91 npm packages with >10M weekly downloads have a single npm publisher. Together they account for over 3 billion downloads per week. npm audit doesn't surface this. Stars don't either.

Four packages in a typical Node.js project are CRITICAL right now:

  • chalk — 432M downloads/week, 1 npm publisher
  • zod — 185M downloads/week, 1 npm publisher (30+ GitHub contributors)
  • lodash — 156M downloads/week, 1 npm publisher
  • axios — 113M downloads/week, 1 npm publisher (attacked March 30, 2026)

They won't appear in your package.json either — but these are in almost every project:

  • minimatch — 625M downloads/week, 1 npm publisher
  • glob — 366M downloads/week, 1 npm publisher
  • cross-spawn — 215M downloads/week, 1 npm publisher

Behavioral signals surface this. Stars and READMEs don't.

Try it now

Terminal (zero install):

npx proof-of-commitment axios zod chalk
# scan your own project:
npx proof-of-commitment --file package.json
# scan ALL transitive dependencies via lock file (finds the hidden CRITICAL packages):
npx proof-of-commitment --file package-lock.json   # npm
npx proof-of-commitment --file yarn.lock           # yarn
npx proof-of-commitment --file pnpm-lock.yaml      # pnpm
# pnpm monorepo — scans all workspace packages, deduplicates:
npx proof-of-commitment --file pnpm-workspace.yaml  # pnpm workspaces
# JSON output for CI/CD pipelines (exits 1 if CRITICAL found):
npx proof-of-commitment --file package-lock.json --json | jq '.criticalCount'
# PyPI too:
npx proof-of-commitment --pypi litellm langchain requests
# Cargo (Rust) via CLI:
npx proof-of-commitment --cargo serde tokio reqwest
# Go modules via CLI (full module path required):
npx proof-of-commitment --golang github.com/gin-gonic/gin golang.org/x/net
# Or scan a go.mod / go.sum file directly:
npx proof-of-commitment --file go.mod
npx proof-of-commitment --file go.sum    # full transitive set

Web demo (no install): getcommit.dev/audit — paste your packages, see risk scores in seconds.

Get notified before the next attack

The CLI tells you what's risky today. A free API key unlocks monitoring — daily score recomputation across the packages you depend on, with alerts when one degrades (publisher drops, release stalls, score falls ≥10 points).

Get a free API key → — no card, 30 seconds · 200 audits/day free · Developer $15/mo unlocks alerts + watchlist.

# Install once, then use the `poc` alias:
npm install -g proof-of-commitment

# After getting your free key:
poc login sk_commit_your_key_here   # save and validate
poc status                          # check tier + usage
poc watch chalk                     # start monitoring (Developer $15/mo)
poc watch requests --ecosystem pypi
poc watchlist                       # view all watched packages
poc init                            # add CI gate to this project

Alerts fire on: score drop ≥10 points · package crosses CRITICAL threshold · recovery to HEALTHY.

MCP server (zero install):

{
  "mcpServers": {
    "proof-of-commitment": {
      "type": "streamable-http",
      "url": "https://poc-backend.amdal-dev.workers.dev/mcp"
    }
  }
}

Add to Claude Desktop, Cursor, Windsurf, or any MCP-compatible AI tool. Then ask:

"Audit my package.json for supply chain risk" "Score axios, zod, chalk, lodash — which is highest risk?" "Is vercel/ai actively maintained?"

GitHub Action

Add supply chain security auditing to any CI pipeline in 30 seconds — auto-detects packages from package.json or requirements.txt, posts results as a PR comment, writes to GitHub Step Summary, and optionally fails on CRITICAL packages.

Use the dedicated action at piiiico/commit-action:

# .github/workflows/supply-chain.yml
name: Supply Chain Audit
on:
  pull_request:
    paths: ['package.json', 'package-lock.json', 'bun.lock']

jobs:
  audit:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
    steps:
      - uses: actions/checkout@v4
      - uses: piiiico/commit-action@v1
        with:
          fail-on-critical: true   # blocks merges on CRITICAL packages
          comment-on-pr: true      # posts results as a PR comment

When comment-on-pr: true (default), the action automatically posts the audit table as a comment on the pull request — and updates the same comment on re-run, so you don't get comment spam. Reviewers see the risk table without leaving the PR.

Inputs:

| Input | Default | Description | |-------|---------|-------------| | packages | (auto) | Comma-separated package names (auto-detected from package.json/requirements.txt if not set) | | packages-file | (auto) | Path to package.json or requirements.txt (default: auto-detect in workspace root) | | fail-on-critical | true | Fail the workflow if CRITICAL packages are found | | max-packages | 20 | Max packages to audit when auto-detecting | | include-dev-dependencies | false | Include devDependencies from package.json | | comment-on-pr | true | Post audit results as a PR comment (requires pull-requests: write permission) | | api-key | (none) | Commit API key — enables batch requests; Developer ($15/mo) gets 10K requests/month | | api-url | (prod) | Override API endpoint (useful for self-hosting) |

Outputs: has-critical, critical-count, audit-summary (markdown table, also written to Step Summary).

Free vs paid: Without an API key, packages are audited one at a time (with delays to respect rate limits). With any API key (free or paid), all packages are audited in a single batch request — faster. Paid tiers (Developer $15/mo+) raise the monthly request limit and unlock daily monitoring.

Example PR comment / Step Summary output:

| Package | Risk        | Score | Publishers | Downloads/wk | Age   |
|---------|-------------|-------|------------|--------------|-------|
| chalk   | 🔴 CRITICAL | 75    | 1          | 380M         | 12.7y |
| zod     | 🔴 CRITICAL | 83    | 1          | 133M         | 6.1y  |
| axios   | 🔴 CRITICAL | 89    | 1          | 93M          | 11.6y |

README Badges

Add a Commit Trust badge to any npm package you maintain or depend on:

![Commit Trust](https://poc-backend.amdal-dev.workers.dev/badge/YOUR-PACKAGE)

Examples:

| Package | Badge URL | |---------|-----------| | chalk | ![Commit Trust](https://poc-backend.amdal-dev.workers.dev/badge/chalk) | | react | ![Commit Trust](https://poc-backend.amdal-dev.workers.dev/badge/react) | | express | ![Commit Trust](https://poc-backend.amdal-dev.workers.dev/badge/express) | | @babel/core | ![Commit Trust](https://poc-backend.amdal-dev.workers.dev/badge/@babel/core) |

Grades: 🟢 OK (75+) · 🟠 WARNING (40–74) · 🔴 CRITICAL (<40 or sole npm publisher with 10M+ weekly downloads)

Badges are cached 1 hour. No API key needed.

Also supports PyPI, Cargo, Go modules, and the full ecosystem-specific format:

![commit score](https://poc-backend.amdal-dev.workers.dev/api/badge/npm/YOUR-PACKAGE)
![commit score](https://poc-backend.amdal-dev.workers.dev/api/badge/pypi/YOUR-PACKAGE)
![commit score](https://poc-backend.amdal-dev.workers.dev/api/badge/cargo/YOUR-CRATE)
![commit score](https://poc-backend.amdal-dev.workers.dev/api/badge/golang/github.com/owner/repo)

REST API

No API key. No install.

curl https://poc-backend.amdal-dev.workers.dev/api/audit \
  -X POST \
  -H "Content-Type: application/json" \
  -d '{"packages": ["axios", "zod", "chalk", "lodash", "express"]}'
{
  "count": 5,
  "results": [
    {
      "name": "chalk",
      "ecosystem": "npm",
      "score": 75,
      "maintainers": 1,
      "weeklyDownloads": 398397580,
      "ageYears": 12.7,
      "trend": "stable",
      "riskFlags": ["CRITICAL"],
      "scorecardScore": 3.6,        // null if no GitHub repo
      "hasDangerousWorkflow": false  // null if no Scorecard data
    },
    ...
  ]
}

9 MCP tools

| Tool | Description | |------|-------------| | audit_dependencies | Batch risk audit for up to 20 npm/PyPI/Cargo/Go packages | | lookup_npm_package | Single npm package behavioral profile | | lookup_pypi_package | Single PyPI package behavioral profile | | lookup_cargo_crate | Single Rust crate behavioral profile (crates.io) | | lookup_go_module | Single Go module behavioral profile (proxy.golang.org + GitHub) | | lookup_github_repo | GitHub repo commitment score (longevity, commit frequency, contributor depth) | | lookup_business | Norwegian business register — operating years, employees, financials | | lookup_business_by_org | Same, by org number | | query_commitment | Browser extension behavioral data (unique verified visitors, repeat rate) |

What the score measures

Each package is scored 0–100 across:

  • Longevity — How long has the package existed? Abandoned packages get reactivated for attacks.
  • Publisher depth — Single npm publisher + millions of weekly downloads = the attack surface LiteLLM exploited. (Publisher = person with npm publish access, distinct from GitHub contributors.)
  • Release consistency — Regular releases signal active oversight. Long gaps = vulnerability accumulation.
  • Download trend — Growing packages attract more scrutiny (and attacks). Stable = lower profile.
  • OpenSSF Scorecard — Process security (code review enforcement, branch protection, CI/CD safety). Separate from behavioral signals. High Scorecard ≠ safe from credential theft attacks.

Both axios (8.1/10 Scorecard) and chalk (3.6/10 Scorecard) score CRITICAL on behavioral signals. They measure different attack surfaces — Scorecard catches process gaps, behavioral signals catch publisher concentration.

Risk flags:

  • CRITICAL — single npm publisher + >10M weekly downloads (exact LiteLLM/axios attack profile)
  • HIGH — package <1yr old + rapid adoption
  • WARN — no release in 12+ months

Real data points

# packages you know about:
chalk       — score 75, 1 publisher, 413M/week  ⚑ CRITICAL
zod         — score 86, 1 publisher, 163M/week  ⚑ CRITICAL  (30+ GitHub contributors)
lodash      — score 81, 1 publisher, 145M/week  ⚑ CRITICAL
axios       — score 86, 1 publisher,  99M/week  ⚑ CRITICAL  (attacked Mar 30 2026)
express     — score 90, 5 publishers, 95M/week

# packages probably not in your package.json, definitely in your lock file:
minimatch   — score 78, 1 publisher, 562M/week  ⚑ CRITICAL
glob        — score 80, 1 publisher, 333M/week  ⚑ CRITICAL
cross-spawn — score 72, 1 publisher, 190M/week  ⚑ CRITICAL

# post-attack:
litellm     — score 74, 1 publisher            ⚑ CRITICAL  (supply chain attack Mar 2026)

# Rust crates (new in v1.3.0):
serde       — score 78, 1 owner,  13M/week  ⚑ CRITICAL  (dtolnay sole owner)
tokio       — score 89, 2 owners, 10M/week
reqwest     — score 85, 1 owner,   8M/week  ⚑ HIGH

Why behavioral signals

The LiteLLM attack (March 2026) and axios attack (March 30, 2026) followed the same pattern: stolen credentials → malicious package pushed → 97M+ machines exposed. Both packages scored CRITICAL by these metrics before the attacks.

Declarative signals (stars, README quality, CI badges) don't capture this risk. Behavioral commitment does.

Stack

| Layer | Technology | |-------|-----------| | Backend | Cloudflare Workers + D1 | | MCP | Model Context Protocol SDK | | Data | npm registry, PyPI, crates.io, proxy.golang.org, deps.dev, GitHub API, Brønnøysund (NO) | | Landing | Astro + Cloudflare Pages |

Roadmap

Planned, not promised. The project is early-stage — contributions welcome on any of these.

| Feature | Status | Notes | |---------|--------|-------| | Cargo (Rust) registry support | ✅ Live | MCP tool, REST API, badge endpoint — ecosystem: "cargo" | | Go modules support | ✅ Live | proxy.golang.org + deps.dev + GitHub-primary scoring — ecosystem: "golang" | | Score breakdown visualization | Planned | Chart component for the 5 dimensions on getcommit.dev/audit | | --json flag for CLI | ✅ Live | npx proof-of-commitment --file package-lock.json --json \| jq '.criticalCount' | | pnpm workspace monorepo support | ✅ Live | --file pnpm-workspace.yaml or auto-detected from pnpm-lock.yaml | | Historical score tracking | Planned | Trend charts — was this package getting riskier over time? | | Org-level dashboards | Planned | Aggregate risk view across all repos in a GitHub org |

See open issues for things you can help with today.

The broader vision

Supply chain auditing is the first tool. The underlying primitive is a commitment graph — behavioral signals that replace content-based trust across any domain.

When content is free to fake (reviews, stars, READMEs), commitment becomes the signal. A publisher who has shipped 847 releases over 12 years is a different kind of commitment than one who published once in 2023.

The same logic applies to websites, businesses, and AI agents. Two card networks have independently named this gap: Mastercard Verifiable Intent §9.2 explicitly lists behavioral trust as "not covered." Visa TAP identifies agents without answering whether to trust them.

Proof of Commitment is the trust layer they're pointing at.

getcommit.dev

Run locally

bun install
bun run dev:backend     # local server with SQLite
bun run test:e2e        # E2E test with mock World ID

Deploy:

bun run deploy          # deploys to Cloudflare Workers