npm package trust score

@vitejs/plugin-vue

npm · 7M/week · 5.5 years old

76/ 100
HIGH
npm publishers3
Weekly downloads7M
Package age5.5 years
Last published44d ago
GitHub contributors35
SLSA provenanceYes
Trusted PublishingOIDC ✓
OpenSSF Scorecard
GradeB

Risk flags

HIGH: sole active npm publisher + >1M/wkWARN: 1 dormant publisher with current scope access — yyx990803 (32mo inactive)

Score breakdown

Five behavioral dimensions. Each measured from public registry data, not self-reported.

Longevity
20/25
Download momentum
22/25
Release consistency
18/20
Publisher depth
2/15
GitHub backing
12/15
Trusted Publishing
2/2

What this score measures

The Commit trust score measures behavioral commitment — signals that are hard to fake. Unlike stars, READMEs, or download counts, these signals capture how a package is actually maintained.

Related reading

Track this package

Monitor @vitejs/plugin-vue in CI. Catch risk changes before they reach production.

Track @vitejs/plugin-vue → Compare plans →

Free: 200 audits/day · Paid from Developer ($15/mo): monitoring, batch API, email alerts

Use this data

Audit your full dependency tree Add to your CI pipeline

CLI

npx proof-of-commitment @vitejs/plugin-vue

MCP (Claude, Cursor, Windsurf)

{ "mcpServers": { "commit": { "type": "streamable-http", "url": "https://poc-backend.amdal-dev.workers.dev/mcp" } } }

README badge

![Commit Trust](https://poc-backend.amdal-dev.workers.dev/badge/npm/%40vitejs%2Fplugin-vue)

@vitejs/plugin-vue commit trust badge

REST API

curl -X POST https://poc-backend.amdal-dev.workers.dev/api/audit -H "Content-Type: application/json" -d '{"packages":["@vitejs/plugin-vue"]}'