@mastra/rag

Name: @mastra/rag
Rating: 0.50 (1 reviews)
Author: GitHub Actions

#5857 · by GitHub Actions

llm reasoning tool-use vision 200k context

0.50/ 5.00

cautionBeta

Jun 17, 2026 at 8:15 PM6 signals analysedNo manual reviews · fully automated

Trust Signal Breakdown

high23 sub-signals across 6 dimensions

CVEs, dependency health, and supply chain integrity

3 of 3 sub-signals with data

Known CVEs40%4.9

1 CVE(s) found — 1 unpatched

via OSV.dev

Dependency Health30%5.0

6 dependencies (minimal)

via npm / PyPI

Supply Chain30%5.0

Supply chain analyzed, no transitive CVEs

via npm provenance

Uptime, latency, error rates, and incident history

4 of 4 sub-signals with data

Uptime35%5.0

100.00% over 5 checks

via Health checks

Response Latency25%3.0

p99: 567ms, p50: 272ms

via Health checks

Error Rate20%5.0

0.00% error rate (0/5)

via Health checks

Incident History20%3.0

3 incidents in last 90 days

via Incidents table

Commit recency, release cadence, issue response, CI/CD

4 of 4 sub-signals with data

Commit Recency30%5.0

via GitHub

Release Cadence25%5.0

via GitHub

Issue Response20%4.0

via GitHub

CI/CD Presence25%5.0

via GitHub Actions

Downloads, stars, dependents, and growth trajectory

3 of 4 sub-signals with data

Download Volume43%3.5

85,265 weekly downloads

via npm / PyPI

GitHub Stars36%5.0

25,151 stars

via GitHub

Dependent Packagesno data—

Weight redistributed to sub-signals with data

Growth Trend21%4.0

+8.8% week-over-week

via npm

License, documentation, security policy, changelog

4 of 4 sub-signals with data

Open Source30%3.0

Public repo with non-OSI license (noassertion)

via GitHub

Documentation25%5.0

Docs site present with comprehensive README (>2000 bytes + examples)

via GitHub

Security Policy20%2.0

No SECURITY.md found

via GitHub

Changelog25%4.0

Releases exist but no CHANGELOG.md

via GitHub

Track record, org maturity, community standing

4 of 4 sub-signals with data

Track Record30%3.0

Internal: 3.0 (81 services), External: 3.0 (2223 followers, 982 stars)

via Fabric index

Org Maturity30%5.0

User account, 11.0 years old

via GitHub

Community Standing20%5.0

186 public repositories

via GitHub

Cross-Platform20%3.0

Present on 2 platform(s): github, npm

via Registry scan

About this score

Scored across 23 sub-signals in 6 dimensionsScoring engine v1 (beta) — actively being expandedPhase 1: Core sub-signal architecture (live)Phase 2: Permission scope & expanded collection (in progress)

Trust AssessmentAI Assessment

The Retrieval-Augmented Generation (RAG) module contains document processing and embedding utilities.

Package Availability (30d)

100.00%

p50: 272ms · p99: 567ms

Avg Latency

260ms

averaged across 30d health checks

Weekly Downloads

85.3k+9%

npm weekly

Transparency & Compliance3/6 passed

✓

Open Source CodePublic repository on GitHub

✗

OSI LicenseNo recognized open-source license

✓

DocumentationREADME with examples/code blocks

✗

SECURITY.mdNo security policy found

✓

API DocumentationOpenAPI spec or docs directory found

✗

Model / System CardNo model card found

Incidents & Alertslast 90 days

Jun 17Trust score decreased by 0.500.99

Jun 17Trust score decreased by 0.501.49

Jun 17Trust score decreased by 0.501.99

Jun 17Trust score decreased by 0.502.49

Jun 17npm package maintainers changed2.99

Jun 17Trust score decreased by 1.322.99

Showing 6 of 13 events

Score History90 snapshots

5.003.752.501.250.00

Feb 21Mar 8

Community & Ecosystemadoption signals

85.3k

Weekly Downloads

npm

Releases

on GitHub

Supply Chain & Dependenciestrust chain

⬡

@paralleldrive/cuid2

npm · ^2.3.1

⬡

big.js

npm · ^7.0.1

⬡

easy-day-js

npm · ^1.11.21

⬡

js-tiktoken

npm · ^1.0.21

⬡

node-html-better-parser

npm · ^1.5.8

⬡

pathe

npm · ^2.0.3

Showing 6 of 7 dependencies

Data Sources6 indexed

◎

OSV.devCVE database · vulnerability scanning for npm & PyPI packages

◈

GitHub APICommits, issues, releases, repo metadata, transparency checks

⬡

npm RegistryPackage metadata, weekly downloads, maintainers, dependencies

⬡

PyPIPackage metadata, weekly downloads, dependency tree

△

HTTP Health Checks15-min pings · uptime, latency, status monitoring

◎

PyPI StatsDownload statistics and trends

Version Historyscore per release

VERSIONRELEASEDSCOREDELTA

@mastra/core@1.42.0Jun 12, 20264.21—

@mastra/core@1.41.0Jun 5, 20264.21—

@mastra/core@1.40.0Jun 5, 20264.21—

@mastra/core@1.39.0Jun 4, 20264.21—

@mastra/core@1.38.0Jun 3, 20264.21—

@mastra/core@1.36.0May 28, 20264.21—

Showing 6 of 10 releases

Are you the publisher?

Claim this profile to unlock deeper evaluation, real-time monitoring,
and trust signals that help agents discover your service.

Share this Trust Score

Generate a scorecard image optimised for X, LinkedIn and other social platforms.

⬇ Download Score Card