npm package trust score

@anthropic-ai/sdk

npm · 18M/week · 3.3 years old

86/ 100

SAFE

npm publishers14

Weekly downloads18M

Package age3.3 years

Last published2d ago

GitHub contributors35

ProvenanceNo

OpenSSF Scorecard—

GradeA

Score breakdown

Five behavioral dimensions. Each measured from public registry data, not self-reported.

Longevity

14/25

Download momentum

25/25

Release consistency

20/20

Publisher depth

15/15

GitHub backing

12/15

What this score measures

The Commit trust score measures behavioral commitment — signals that are hard to fake. Unlike stars, READMEs, or download counts, these signals capture how a package is actually maintained.

Longevity — how long the package has been published and actively maintained
Publisher depth — number of people with npm publish access (distinct from GitHub contributors)
Release consistency — regular releases signal active oversight
Download trend — growing, stable, or declining adoption
GitHub backing — contributor depth and OpenSSF Scorecard process security

Use this data

Audit your full dependency tree Add to your CI pipeline

CLI

npx proof-of-commitment @anthropic-ai/sdk

MCP (Claude, Cursor, Windsurf)

{ "mcpServers": { "commit": { "type": "streamable-http", "url": "https://poc-backend.amdal-dev.workers.dev/mcp" } } }

README badge

![Commit Trust](https://poc-backend.amdal-dev.workers.dev/badge/npm/%40anthropic-ai%2Fsdk)

REST API

curl -X POST https://poc-backend.amdal-dev.workers.dev/api/audit -H "Content-Type: application/json" -d '{"packages":["@anthropic-ai/sdk"]}'