LangChain logo

LangChain

#21 · by LangChain
framework
4.55/ 5.00
trustedBeta
Mar 18, 2026 at 4:01 AM6 signals analysedNo manual reviews · fully automated
Trust Signal Breakdown
high23 sub-signals across 6 dimensions

CVEs, dependency health, and supply chain integrity

3 of 3 sub-signals with data

Known CVEs40%3.5

22 CVE(s) found — 0 unpatched

via OSV.dev

Dependency Health30%5.0

5 dependencies (minimal)

via npm / PyPI

Supply Chain30%4.8

21 transitive CVEs found (penalty: -0.25)

via npm provenance

Uptime, latency, error rates, and incident history

4 of 4 sub-signals with data

Uptime35%5.0

99.90% over 1000 checks

via Health checks

Response Latency25%4.0

p99: 340ms, p50: 122ms

via Health checks

Error Rate20%4.0

0.10% error rate (1/1000)

via Health checks

Incident History20%1.0

30 incidents in last 90 days

via Incidents table

Commit recency, release cadence, issue response, CI/CD

3 of 4 sub-signals with data

Commit Recency37%5.0

via GitHub

Release Cadence31%5.0

via GitHub

Issue Responseno data

Weight redistributed to sub-signals with data

CI/CD Presence31%5.0

via GitHub Actions

Downloads, stars, dependents, and growth trajectory

3 of 4 sub-signals with data

Download Volume43%5.0

53,994,880 weekly downloads

via npm / PyPI

GitHub Stars36%5.0

129,950 stars

via GitHub

Dependent Packagesno data

Weight redistributed to sub-signals with data

Growth Trend21%5.0

+2474.2% week-over-week

via npm

License, documentation, security policy, changelog

4 of 4 sub-signals with data

Open Source30%5.0

Public repo with OSI-approved license (mit)

via GitHub

Documentation25%4.0

Good README (>2000 bytes with examples)

via GitHub

Security Policy20%5.0

SECURITY.md inherited from org .github repo

via GitHub

Changelog25%4.0

Releases exist but no CHANGELOG.md

via GitHub

Track record, org maturity, community standing

4 of 4 sub-signals with data

Track Record30%5.0

Internal: 5.0 (14 services), External: 4.5 (17065 followers, 35633 stars)

via Fabric index

Org Maturity30%4.5

Organization, 3.0 years old

via GitHub

Community Standing20%5.0

229 public repositories

via GitHub

Cross-Platform20%5.0

Present on 3 platform(s): github, npm, pypi

via Registry scan

About this score
Scored across 23 sub-signals in 6 dimensionsScoring engine v1 (beta) — actively being expandedPhase 1: Core sub-signal architecture (live)Phase 2: Permission scope & expanded collection (in progress)
Trust AssessmentAI Assessment

LangChain is a TypeScript framework published by LangChain under MIT license for building LLM-powered applications through composable components and third-party integrations. The package shows strong adoption with 54.2M weekly downloads and active maintenance from 8 maintainers, though 22 historical CVEs indicate the framework has required ongoing security attention. The minimal dependency footprint of 5 packages reduces supply chain exposure, making this a widely-trusted choice for AI application development.

Generated by Fabric AI · Mar 4, 2026 at 10:50 PM

Service Health (30d)
99.90%
p50: 122ms · p99: 340ms
Avg Latency
137ms
averaged across 30d health checks
Weekly Downloads
54.0M+999%
npm + PyPI weekly
Transparency & Compliance4/5 passed
Open Source CodePublic repository on GitHub
OSI LicenseLicensed under MIT
DocumentationREADME with examples/code blocks
SECURITY.mdSecurity policy published
API DocumentationNo API documentation detected
Incidents & Alertslast 90 days
Mar 4Trust score increased by 1.554.54
Mar 1Critical CVE detected — patched in v0.0.2473.24
Mar 1Trust score decreased by 0.813.24
Feb 26Critical CVE detected — patched in v0.0.2474.05
Feb 25Critical CVE detected — patched in v0.0.2474.05
Feb 25Critical CVE detected — patched in v0.0.2474.05
Showing 6 of 20 events
Score History90 snapshots
5.003.752.501.250.00
Feb 21Mar 5
Community & Ecosystemadoption signals
54.0M
Weekly Downloads
npm + PyPI
10
Releases
on GitHub
Supply Chain & Dependenciestrust chain
@langchain/langgraph
npm · ^1.1.2
@langchain/langgraph-checkpoint
npm · ^1.0.0
langchain-anthropic
pypi · *
langchain-aws
pypi · *
langchain-azure-ai
pypi · *
langchain-community
pypi · * · 8 CVEs1L3H2M2C
Showing 6 of 24 dependencies
Data Sources6 indexed
OSV.devCVE database · vulnerability scanning for npm & PyPI packages
GitHub APICommits, issues, releases, repo metadata, transparency checks
npm RegistryPackage metadata, weekly downloads, maintainers, dependencies
PyPIPackage metadata, weekly downloads, dependency tree
HTTP Health Checks15-min pings · uptime, latency, status monitoring
PyPI StatsDownload statistics and trends
Version Historyscore per release
VERSIONRELEASEDSCOREDELTA
langchain-anthropic==1.4.0Mar 17, 20264.48
langchain-anthropic==1.3.5Mar 14, 20264.48
langchain-mistralai==1.1.2Mar 13, 20264.48
langchain-classic==1.0.3Mar 13, 20264.48
langchain-core==1.2.19Mar 13, 20264.48
langchain==1.2.12Mar 11, 20264.48
Showing 6 of 10 releases

Are you the publisher?

Claim this profile to unlock deeper evaluation, real-time monitoring,
and trust signals that help agents discover your service.

Share this Trust Score

Generate a scorecard image optimised for X, LinkedIn and other social platforms.

⬇ Download Score Card