JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 12
  • Score
    100M100P100Q58262F
  • License MIT

Security Trust Report: commondir@1.0.1 — 65/100 (B, standard). Maintainer risk, supply chain analysis from 8 security databases.

Package Exports

    This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@cyberhub/trust-commondir) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

    Readme

    Security Trust Report: commondir

    commondir@1.0.1: 65/100 | Grade: B | Tier: STANDARD (confidence: ±3)

    Data verified on 2026-04-02 from 8 security databases.

    TL;DR

    • Package name "commondir" is 2 edit(s) from popular "commander"
    • Pin your version and monitor for changes

    Score Breakdown

    Maintainer Trust:  ██████████░░░░░░░░░░ 51/100
Package Health:    ██████████████████░░ 88/100
Supply Chain:      ██████████████░░░░░░ 71/100
Community:         ██████████░░░░░░░░░░ 48/100

    Why this score?

    • Maintainer Trust is 51 because: single maintainer (bus factor risk)
    • Community is 48 because: no GitHub repo found

    Vulnerabilities

    ✅ No known vulnerabilities detected across 8 security databases.

    Key Risk Flags

    • 🔴 CRITICAL: Package name "commondir" is 2 edit(s) from popular "commander"
    • 🟠 HIGH: Primary maintainer account is less than 6 months old (0 days)

    🛠️ What Should You Do?

    Immediate:

    Always:

    Maintainers

    • nopersonsmodules ✅ 2FA enabled (freemail)

    Methodology

    This score is computed from 18+ signals across 4 categories:

    • Maintainer Trust (35%): Account age, 2FA, publish cadence, maintainer changes, email domain
    • Package Health (25%): Install scripts, dependency count, license, provenance, size changes, code quality
    • Supply Chain (25%): Live CVEs from 8 databases, known breaches, typosquatting, transitive risk
    • Community (15%): GitHub stars, contributors, CI, OpenSSF Scorecard, npms.io quality

    Full scoring methodology →

    Check Your Project

    # Install pkgtrust
npm install -g @cyberhub/pkgtrust

# Scan a specific package
pkgtrust scan commondir

# Scan all your dependencies
pkgtrust scan

# Compare alternatives

    Data Sources: GitHub Advisories · OSV.dev · npm audit · Snyk · Socket.dev · npms.io · Bundlephobia · deps.dev

    Report by pkgtrust · Dashboard · Compare · CLI

    This is an automated security report. Not affiliated with the commondir team. Updated 2026-04-02.