Trust Signal Breakdown medium 23 sub-signals across 6 dimensions
Vulnerability & Safety ×0.25 4.9 CVEs, dependency health, and supply chain integrity
3 of 3 sub-signals with data
Known CVEs 40% 5.0
No known CVEs
via OSV.dev
Dependency Health 30% 5.0
11 dependencies (minimal)
via npm / PyPI
Supply Chain 30% 4.8
9 transitive CVEs found (penalty: -0.25)
via npm provenance
Operational Reliability ×0.15 4.3 Uptime, latency, error rates, and incident history
4 of 4 sub-signals with data
Uptime 35% 5.0
100.00% over 7 checks
via Health checks
Response Latency 25% 3.0
p99: 657ms, p50: 417ms
via Health checks
Error Rate 20% 5.0
0.00% error rate (0/7)
via Health checks
Incident History 20% 4.0
1 incidents in last 90 days
via Incidents table
Maintenance Activity ×0.15 0.0 Commit recency, release cadence, issue response, CI/CD
0 of 4 sub-signals with data
Commit Recency no data —
Weight redistributed to sub-signals with data
Release Cadence no data —
Weight redistributed to sub-signals with data
Issue Response no data —
Weight redistributed to sub-signals with data
CI/CD Presence no data —
Weight redistributed to sub-signals with data
Adoption ×0.15 1.0 Downloads, stars, dependents, and growth trajectory
2 of 4 sub-signals with data
Download Volume 67% 1.0
78 weekly downloads
via npm / PyPI
GitHub Stars no data —
Weight redistributed to sub-signals with data
Dependent Packages no data —
Weight redistributed to sub-signals with data
Growth Trend 33% 1.0
-90.5% week-over-week
via npm
Transparency ×0.15 0.0 License, documentation, security policy, changelog
0 of 4 sub-signals with data
Open Source no data —
Weight redistributed to sub-signals with data
Documentation no data —
Weight redistributed to sub-signals with data
Security Policy no data —
Weight redistributed to sub-signals with data
Changelog no data —
Weight redistributed to sub-signals with data
Publisher Trust ×0.15 0.0 Track record, org maturity, community standing
4 of 4 sub-signals with data
Track Record 30% 0.0
via Fabric index
Org Maturity 30% 0.0
via GitHub
Community Standing 20% 0.0
via GitHub
Cross-Platform 20% 0.0
via Registry scan
Scored across 23 sub-signals in 6 dimensions Scoring engine v1 (beta) — actively being expanded Phase 1: Core sub-signal architecture (live) Phase 2: Permission scope & expanded collection (in progress)
Trust Assessment AI Assessment
@huyooo/ai-search is a local semantic document search engine published by grasilife under a custom license, supporting Word, PDF, Excel, TXT, and Markdown files with 11 dependencies including LanceDB and various document parsers. The package shows no security vulnerabilities and reliable uptime, but has critical trust gaps with zero maintenance score, zero transparency score, and minimal adoption at 361 weekly downloads. Not recommended for production use due to unverified publisher (grasilife vs. package scope @huyooo), complete absence of public repository or documentation, and no evidence of active maintenance despite recent publication.
Generated by Fabric AI · Mar 3, 2026 at 7:30 AM
Package Availability (30d)
100.00%
p50: 417ms · p99: 657ms
Avg Latency
408ms
averaged across 30d health checks
Weekly Downloads
78-91%
npm weekly
Incidents & Alerts last 90 days
Score History 14 snapshots
Feb 22 Mar 5
Community & Ecosystem adoption signals
Supply Chain & Dependencies trust chain
Showing 6 of 11 dependencies Show more →
Data Sources 6 indexed
◎
OSV.dev CVE database · vulnerability scanning for npm & PyPI packages
◈
GitHub API Commits, issues, releases, repo metadata, transparency checks
⬡
npm Registry Package metadata, weekly downloads, maintainers, dependencies
⬡
PyPI Package metadata, weekly downloads, dependency tree
△
HTTP Health Checks 15-min pings · uptime, latency, status monitoring
◎
PyPI Stats Download statistics and trends
Are you the publisher? Claim this profile to unlock deeper evaluation, real-time monitoring,
Claim Provider Report Issue
Share this Trust Score Generate a scorecard image optimised for X, LinkedIn and other social platforms.
⬇ Download Score Card