Trust Signal Breakdown high 23 sub-signals across 6 dimensions
Vulnerability & Safety ×0.25 5.0 CVEs, dependency health, and supply chain integrity
3 of 3 sub-signals with data
Known CVEs 40% 5.0
No known CVEs
via OSV.dev
Dependency Health 30% 5.0
2 dependencies (minimal)
via npm / PyPI
Supply Chain 30% 4.9
3 transitive CVEs found (penalty: -0.09)
via npm provenance
Operational Reliability ×0.15 3.9 Uptime, latency, error rates, and incident history
4 of 4 sub-signals with data
Uptime 35% 5.0
100.00% over 1000 checks
via Health checks
Response Latency 25% 3.0
p99: 837ms, p50: 539ms
via Health checks
Error Rate 20% 5.0
0.00% error rate (0/1000)
via Health checks
Incident History 20% 2.0
5 incidents in last 90 days
via Incidents table
Maintenance Activity ×0.15 5.0 Commit recency, release cadence, issue response, CI/CD
4 of 4 sub-signals with data
Commit Recency 30% 5.0
via GitHub
Release Cadence 25% 5.0
via GitHub
Issue Response 20% 5.0
via GitHub
CI/CD Presence 25% 5.0
via GitHub Actions
Adoption ×0.15 3.3 Downloads, stars, dependents, and growth trajectory
3 of 4 sub-signals with data
Download Volume 43% 3.0
9,151 weekly downloads
via npm / PyPI
GitHub Stars 36% 5.0
21,179 stars
via GitHub
Dependent Packages no data —
Weight redistributed to sub-signals with data
Growth Trend 21% 1.0
-49.3% week-over-week
via npm
Transparency ×0.15 4.2 License, documentation, security policy, changelog
4 of 4 sub-signals with data
Open Source 30% 5.0
Public repo with OSI-approved license (mit)
via GitHub
Documentation 25% 4.0
Good README (>2000 bytes with examples)
via GitHub
Security Policy 20% 2.0
No SECURITY.md found
via GitHub
Changelog 25% 5.0
CHANGELOG.md present and releases exist
via GitHub
Publisher Trust ×0.15 4.5 Track record, org maturity, community standing
4 of 4 sub-signals with data
Track Record 30% 4.5
Internal: 4.0 (22 services), External: 4.5 (5445 followers, 66097 stars)
via Fabric index
Org Maturity 30% 5.0
User account, 13.3 years old
via GitHub
Community Standing 20% 5.0
165 public repositories
via GitHub
Cross-Platform 20% 3.0
Present on 2 platform(s): github, npm
via Registry scan
Scored across 23 sub-signals in 6 dimensions Scoring engine v1 (beta) — actively being expanded Phase 1: Core sub-signal architecture (live) Phase 2: Permission scope & expanded collection (in progress)
Trust Assessment AI Assessment
claude-flow is an MIT-licensed npm package by ruvnet that provides AI agent orchestration for Claude Code, featuring specialized agents with vector memory and MCP integration. The service shows solid operational reliability with zero vulnerabilities and minimal dependencies (only zod and semver), though adoption remains modest at 13.3K weekly downloads. Single-maintainer governance presents typical bus factor risk, but the clean dependency tree and strong uptime suggest low operational risk for teams already invested in Claude workflows.
Generated by Fabric AI · Mar 4, 2026 at 4:21 AM
Service Health (30d)
100.00%
p50: 539ms · p99: 837ms
Avg Latency
557ms
averaged across 30d health checks
Weekly Downloads
—
no package registry data
Incidents & Alerts last 90 days
Score History 90 snapshots
Feb 21 Mar 5
Supply Chain & Dependencies trust chain
Showing 2 of 2 dependencies
Data Sources 6 indexed
◎
OSV.dev CVE database · vulnerability scanning for npm & PyPI packages
◈
GitHub API Commits, issues, releases, repo metadata, transparency checks
⬡
npm Registry Package metadata, weekly downloads, maintainers, dependencies
⬡
PyPI Package metadata, weekly downloads, dependency tree
△
HTTP Health Checks 15-min pings · uptime, latency, status monitoring
◎
PyPI Stats Download statistics and trends
Version History score per release
VERSION RELEASED SCORE DELTA
Showing 6 of 10 releases Show more →
Are you the publisher? Claim this profile to unlock deeper evaluation, real-time monitoring,
Claim Provider Report Issue
Share this Trust Score Generate a scorecard image optimised for X, LinkedIn and other social platforms.
⬇ Download Score Card
