← Rankings

pm2

npm · Rank #206 of 217

76 / 100 C
1
npm publisher
Single point of failure
3M
downloads/week
Blast radius if compromised
13.0y
package age
Established package
41 days ago
last release
Active maintenance

Risk analysis

pm2 is flagged HIGH risk due to rapid adoption with limited publisher depth. New packages with fast growth are higher-risk targets.

What the score measures

  • Publisher depth — How many people can push to npm? Single-publisher packages are the #1 structural risk.
  • Longevity — Older packages have track records. New packages with high adoption are higher risk.
  • Release consistency — Regular releases signal active oversight. Long gaps mean unpatched vulnerabilities.
  • Download trend — Growing packages attract more scrutiny (and more attacks).
  • OpenSSF Scorecard — Process security: branch protection, code review, CI/CD safety.

pm2 is one package. Score them all.

You came looking for pm2. Your node_modules has hundreds more. Run one command to score every dependency you ship:

npx proof-of-commitment

Auto-detects your lockfile. Scores every dependency. Zero install.

Try online audit → Quickstart → Free API key →

Share this score

Add the badge to your README

Commit trust score for pm2
![Commit Trust](https://getcommit.dev/badge/npm/pm2)

Related packages

solid-js
81
3M/wk · 1 pub
bunyan
66
3M/wk · 1 pub
event-stream
64
6M/wk · 1 pub
better-sqlite3
83
7M/wk · 1 pub
passport
72
7M/wk · 1 pub
bcryptjs
73
9M/wk · 1 pub
View all 217 ranked packages →

npm registry → Live score card →