JSPM

@cyberhub/trust-minimatch

1.0.4
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 14
  • Score
    100M100P100Q54066F
  • License MIT

Security Trust Report: minimatch@10.2.5 — 62/100 (C+, standard). 5 vulnerabilities found. Maintainer risk, supply chain analysis from 8 security databases.

Package Exports

    This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@cyberhub/trust-minimatch) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

    Readme

    Security Trust Report: minimatch

    minimatch@10.2.5: 62/100 | Grade: C+ | Tier: STANDARD (confidence: ±3)

    Scanned on 2026-04-03 from 8 security databases. View package on npm →

    TL;DR

    • 5 vulnerabilities found (0 critical, 5 high)
    • Consider switching to picomatch (Faster, no ReDoS vulnerability)
    • Pin your version and monitor for changes

    Score Breakdown

    Maintainer Trust:  ███████████████░░░░░ 74/100
Package Health:    ██████████████████░░ 91/100
Supply Chain:      ░░░░░░░░░░░░░░░░░░░░ 0/100
Community:         █████████████████░░░ 86/100

    Why this score?

    • Supply Chain is 0 because: 5 known CVEs, in breach database

    Vulnerabilities (5 vulnerabilities)

    Severity Count
    🟠 High 5

    Key Risk Flags

    • 🔴 CRITICAL: HISTORICAL BREACH: ReDoS vulnerability CVE-2022-3517 (2022) (evidence)
    • 🟠 HIGH: Maintainer(s) removed in v9.0.5: isaacs (evidence)
    • 🟠 HIGH: Burst publishing detected — 5+ versions in a single day
    • 🟠 HIGH: 5 HIGH vulnerabilities detected

    🛠️ What Should You Do?

    Immediate:

    • Upgrade to the latest version (npm update minimatch)
    • Or replace with picomatch

    Always: Pin version, run pkgtrust scan in CI, monitor at nrupak.com/trust/minimatch

    🔄 Safer Alternatives

    Package Why npm Trust Score
    picomatch Faster, no ReDoS vulnerability npm View score
    micromatch Feature-rich glob matching npm View score

    Maintainers (1)

    Methodology: 18+ signals across 4 categories (Maintainer 35%, Package 25%, Supply Chain 25%, Community 15%). Full scoring docs →

    Check your project: npm i -g @cyberhub/pkgtrust && pkgtrust scan minimatchCLI docs Data Sources: GitHub Advisories · OSV.dev · npm audit · Snyk · Socket.dev · npms.io · Bundlephobia · deps.dev

    Report by pkgtrust · Dashboard · Compare · CLI

    This is an automated security report. Not affiliated with the minimatch team. Updated 2026-04-03.