I audited 25 top npm packages with a zero-install CLI. Here's who passes.
npx proof-of-commitment react zod chalk lodash axios typescript
That's it. No install, no API key, no account. Run it against any package — or drop your package.json at getcommit.dev/audit.
I ran it against 25 of the most downloaded npm packages. Here's what the data shows.
The scoring model
Five behavioral dimensions, all from public registry data:
| Dimension | Max | What it measures |
|---|---|---|
| Longevity | 25 | Package age — time in production is signal |
| Download Momentum | 25 | Weekly downloads + trend direction |
| Release Consistency | 20 | Cadence, recency, gaps |
| Maintainer Depth | 15 | Number of active maintainers |
| GitHub Backing | 15 | Star traction, repo activity |
CRITICAL = 1 maintainer + >10M weekly downloads. Same profile as the LiteLLM attack (March 2026) and the axios compromise (April 1st, 2026).
The data: 25 packages scored
| Package | Score | Risk | Maintainers | Downloads/wk |
|---|---|---|---|---|
| webpack | 100 | ✅ SAFE | 8 | 44M |
| prettier | 100 | ✅ SAFE | 11 | 86M |
| typescript | 98 | ✅ SAFE | 6 | 176M |
| express | 97 | ✅ SAFE | 5 | 92M |
| jest | 95 | ✅ SAFE | 5 | 44M |
| tailwindcss | 95 | ✅ SAFE | 3 | 86M |
| react | 91 | ✅ SAFE | 2 | 121M |
| eslint | 91 | ✅ SAFE | 2 | 124M |
| vite | 91 | ✅ SAFE | 4 | 102M |
| next | 91 | ✅ SAFE | 2 | 36M |
| prisma | 91 | ✅ SAFE | 2 | 9M |
| uuid | 82 | ⚠️ WARN | 2 | 240M |
| drizzle-orm | 87 | ✅ SAFE | 4 | 7M |
| rollup | 74 | ✅ SAFE | 5 | 34M |
| fastify | 74 | ✅ SAFE | 5 | 1M |
| dotenv | 68 | ⚠️ WARN | 3 | —* |
| esbuild | 63 | ⚠️ WARN | 1 | 9M |
| nodemon | 61 | ⚠️ WARN | 1 | 6M |
| ts-node | 59 | ⚠️ WARN | 2 | — |
| sharp | 59 | ⚠️ WARN | 1 | — |
| hono | 57 | ⚠️ WARN | 1 | — |
| axios | 89 | 🔴 CRITICAL | 1 | 102M |
| zod | 83 | 🔴 CRITICAL | 1 | 157M |
| lodash | 87 | 🔴 CRITICAL | 1 | 144M |
| chalk | 75 | 🔴 CRITICAL | 1 | 414M |
*Downloads not available at scoring time.
What stands out
The "safe" packages are safe for clear reasons. webpack (score=100) has 8 maintainers, 44M weekly downloads, and 15 years of shipping. prettier has 11 maintainers. typescript is Microsoft-backed with 6 active maintainers. These packages would survive a maintainer leaving.
CRITICAL doesn't mean broken. chalk (score=75) is 12.7 years old, has 414M downloads/week, and consistently ships. It's an excellent package maintained by one person. The risk isn't quality — it's concentration. One person, high-value target, single point of failure.
The axios attack on April 1st proved this. A compromised npm token published a malicious version of axios in minutes. npm audit showed zero issues beforehand. The behavioral score had flagged it CRITICAL for months (1 maintainer, 100M downloads/week = prime target).
esbuild surprises. Solo maintainer (Evan Wallace), ~9M downloads/week. High quality, consistently shipping, but structurally exposed. Not CRITICAL by threshold, but worth watching.
uuid has 240M downloads/week. That's more than TypeScript. Two maintainers. Gets a WARN rather than CRITICAL because of the 2-maintainer threshold — but the sheer download volume makes it notable.
Why this matters now
Three patterns converged in early 2026:
AI-assisted supply chain attacks are getting faster. Identifying a high-value target (1 maintainer + massive downloads), generating a plausible malicious payload, and timing the publish to a token compromise — all of this can be automated.
npm audit waits for CVEs. The database catches known vulnerabilities. It has nothing to say about structural risk. Both tools answer different questions. You need both.
Transitive dependencies hide the risk. I audited
@anthropic-ai/sdk— score=86, 14 maintainers, looks solid. But two levels deep:json-schema-to-ts(CRITICAL, sole maintainer, 12M downloads/week). You'd never find that in a direct audit.
How to use it
Zero install (try it now):
npx proof-of-commitment axios zod chalk
# Against your own project:
npx proof-of-commitment --file package.json
# PyPI too:
npx proof-of-commitment --pypi litellm langchain requests
GitHub Action (posts table directly on your PR):
- uses: piiiico/proof-of-commitment@main
with:
fail-on-critical: false
comment-on-pr: true
MCP server (zero install, works with Claude Desktop/Cursor/Windsurf):
{
"mcpServers": {
"proof-of-commitment": {
"type": "streamable-http",
"url": "https://poc-backend.amdal-dev.workers.dev/mcp"
}
}
}
Then: "Audit the dependencies in vercel/ai" — it fetches the package.json, scores everything, returns a risk table.
Web demo: getcommit.dev/audit — paste packages or drop your package.json.
What packages are you most surprised about? And what signals matter most to you — maintainer count, release recency, something else?
Top comments (0)