Mastra logo

Mastra

#5659 · by GitHub Actions
framework
1.99/ 5.00
cautionBeta
Jun 18, 2026 at 2:02 AM6 signals analysedNo manual reviews · fully automated
Trust Signal Breakdown
high23 sub-signals across 6 dimensions

CVEs, dependency health, and supply chain integrity

3 of 3 sub-signals with data

Known CVEs40%4.9

1 CVE(s) found — 1 unpatched

via OSV.dev

Dependency Health30%5.0

19 dependencies (minimal)

via npm / PyPI

Supply Chain30%4.8

17 transitive CVEs found (penalty: -0.25)

via npm provenance

Uptime, latency, error rates, and incident history

4 of 4 sub-signals with data

Uptime35%4.0

99.20% over 1000 checks

via Health checks

Response Latency25%4.0

p99: 301ms, p50: 77ms

via Health checks

Error Rate20%4.0

0.80% error rate (8/1000)

via Health checks

Incident History20%3.0

2 incidents in last 90 days

via Incidents table

Commit recency, release cadence, issue response, CI/CD

4 of 4 sub-signals with data

Commit Recency30%5.0

via GitHub

Release Cadence25%5.0

via GitHub

Issue Response20%5.0

via GitHub

CI/CD Presence25%5.0

via GitHub Actions

Downloads, stars, dependents, and growth trajectory

3 of 4 sub-signals with data

Download Volume43%4.0

431,161 weekly downloads

via npm / PyPI

GitHub Stars36%5.0

25,181 stars

via GitHub

Dependent Packagesno data

Weight redistributed to sub-signals with data

Growth Trend21%3.0

+1.8% week-over-week

via npm

License, documentation, security policy, changelog

4 of 4 sub-signals with data

Open Source30%3.0

Public repo with non-OSI license (noassertion)

via GitHub

Documentation25%5.0

Docs site present with comprehensive README (>2000 bytes + examples)

via GitHub

Security Policy20%2.0

No SECURITY.md found

via GitHub

Changelog25%4.0

Releases exist but no CHANGELOG.md

via GitHub

Track record, org maturity, community standing

4 of 4 sub-signals with data

Track Record30%3.0

Internal: 3.0 (80 services), External: 3.0 (2223 followers, 983 stars)

via Fabric index

Org Maturity30%5.0

User account, 11.0 years old

via GitHub

Community Standing20%5.0

186 public repositories

via GitHub

Cross-Platform20%3.0

Present on 2 platform(s): github, npm

via Registry scan

About this score
Scored across 23 sub-signals in 6 dimensionsScoring engine v1 (beta) — actively being expandedPhase 1: Core sub-signal architecture (live)Phase 2: Permission scope & expanded collection (in progress)
Trust AssessmentAI Assessment

TypeScript framework for building AI agents and workflows with built-in tool calling, RAG, memory, and integrations for production-ready AI applications.

Service Health (30d)
99.20%
p50: 77ms · p99: 301ms
Avg Latency
90ms
averaged across 30d health checks
Weekly Downloads
431.2k+2%
npm weekly
Transparency & Compliance3/5 passed
Open Source CodePublic repository on GitHub
OSI LicenseNo recognized open-source license
DocumentationREADME with examples/code blocks
SECURITY.mdNo security policy found
API DocumentationOpenAPI spec or docs directory found
Incidents & Alertslast 90 days
Jun 18Trust score decreased by 0.501.99
Jun 18Trust score decreased by 0.502.49
Jun 18npm package maintainers changed2.99
Jun 18Trust score decreased by 1.372.99
Mar 5Uptime dropped by 8.3%4.10
Mar 2Trust score increased by 1.114.50
Showing 6 of 7 events
Score History90 snapshots
5.003.752.501.250.00
Feb 21May 4
Community & Ecosystemadoption signals
431.2k
Weekly Downloads
npm
10
Releases
on GitHub
Supply Chain & Dependenciestrust chain
@babel/parser
npm · ^7.29.7
@babel/types
npm · ^7.29.7
@clack/prompts
npm · ^1.1.0
@expo/devcert
npm · ^1.2.1
@mastra/deployer
npm · ^1.43.0 · 1 CVE1L
@mastra/loggers
npm · ^1.1.2 · 1 CVE1L
Showing 6 of 25 dependencies
Data Sources6 indexed
OSV.devCVE database · vulnerability scanning for npm & PyPI packages
GitHub APICommits, issues, releases, repo metadata, transparency checks
npm RegistryPackage metadata, weekly downloads, maintainers, dependencies
PyPIPackage metadata, weekly downloads, dependency tree
HTTP Health Checks15-min pings · uptime, latency, status monitoring
PyPI StatsDownload statistics and trends
Version Historyscore per release
VERSIONRELEASEDSCOREDELTA
@mastra/core@1.42.0Jun 12, 20264.22
@mastra/core@1.41.0Jun 5, 20264.22
@mastra/core@1.40.0Jun 5, 20264.22
@mastra/core@1.39.0Jun 4, 20264.22
@mastra/core@1.38.0Jun 3, 20264.22
@mastra/core@1.36.0May 28, 20264.22
Showing 6 of 10 releases

Are you the publisher?

Claim this profile to unlock deeper evaluation, real-time monitoring,
and trust signals that help agents discover your service.

Share this Trust Score

Generate a scorecard image optimised for X, LinkedIn and other social platforms.

⬇ Download Score Card