npm package trust score

sequelize

npm · 3M/week · 15.1 years old

80/ 100
WARNING
npm publishers9
Weekly downloads3M
Package age15.1 years
Last published102d ago
GitHub contributors35
SLSA provenanceNo
Trusted PublishingNo
OpenSSF Scorecard6.7/10
GradeA

Risk flags

WARN: 7 dormant publishers with current scope access — mickhansen (115mo inactive), felixfbecker (106mo inactive), janaameier (100mo inactive), eseliger (87mo inactive), sushantdhiman (69mo inactive), papb (52mo inactive), sdepold (15mo inactive)

Score breakdown

Five behavioral dimensions. Each measured from public registry data, not self-reported.

Longevity
25/25
Download momentum
18/25
Release consistency
16/20
Publisher depth
9/15
GitHub backing
12/15
Trusted Publishing
0/2

What this score measures

The Commit trust score measures behavioral commitment — signals that are hard to fake. Unlike stars, READMEs, or download counts, these signals capture how a package is actually maintained.

Related reading

Track this package

Monitor sequelize in CI. Catch risk changes before they reach production.

Track sequelize → Compare plans →

Free: 200 audits/day · Paid from Developer ($15/mo): monitoring, batch API, email alerts

Use this data

Audit your full dependency tree Add to your CI pipeline

CLI

npx proof-of-commitment sequelize

MCP (Claude, Cursor, Windsurf)

{ "mcpServers": { "commit": { "type": "streamable-http", "url": "https://poc-backend.amdal-dev.workers.dev/mcp" } } }

README badge

![Commit Trust](https://poc-backend.amdal-dev.workers.dev/badge/npm/sequelize)

sequelize commit trust badge

REST API

curl -X POST https://poc-backend.amdal-dev.workers.dev/api/audit -H "Content-Type: application/json" -d '{"packages":["sequelize"]}'