← Rankings

passport

npm · Rank #179 of 217

72 / 100 C
STALE — No release in 928 days. Stale packages accumulate unpatched vulnerabilities.
Find other stale packages in your tree →
1
npm publisher
Single point of failure
7M
downloads/week
Blast radius if compromised
14.7y
package age
Established package
928 days ago
last release
Possibly unmaintained

Risk analysis

passport is flagged HIGH risk due to rapid adoption with limited publisher depth. New packages with fast growth are higher-risk targets.

What the score measures

  • Publisher depth — How many people can push to npm? Single-publisher packages are the #1 structural risk.
  • Longevity — Older packages have track records. New packages with high adoption are higher risk.
  • Release consistency — Regular releases signal active oversight. Long gaps mean unpatched vulnerabilities.
  • Download trend — Growing packages attract more scrutiny (and more attacks).
  • OpenSSF Scorecard — Process security: branch protection, code review, CI/CD safety.

passport is one package. Score them all.

You came looking for passport. Your node_modules has hundreds more. Run one command to score every dependency you ship:

npx proof-of-commitment

Auto-detects your lockfile. Scores every dependency. Zero install.

Try online audit → Quickstart → Free API key →

Share this score

Add the badge to your README

Commit trust score for passport
![Commit Trust](https://getcommit.dev/badge/npm/passport)

Related packages

better-sqlite3
83
7M/wk · 1 pub
event-stream
64
6M/wk · 1 pub
bcryptjs
73
9M/wk · 1 pub
xlsx
71
9M/wk · 1 pub
mysql2
87
10M/wk · 1 pub
bunyan
66
3M/wk · 1 pub
View all 217 ranked packages →

npm registry → Live score card →