sfdx-hardis logo

sfdx-hardis

#160 · by GitHub Actions
infraserverlessGPU
3.95/ 5.00
trustedBeta
Mar 5, 2026 at 12:51 AM6 signals analysedNo manual reviews · fully automated
Trust Signal Breakdown
high23 sub-signals across 6 dimensions

CVEs, dependency health, and supply chain integrity

3 of 3 sub-signals with data

Known CVEs40%5.0

No known CVEs

via OSV.dev

Dependency Health30%3.0

68 dependencies (moderate)

via npm / PyPI

Supply Chain30%4.8

74 transitive CVEs found (penalty: -0.25)

via npm provenance

Uptime, latency, error rates, and incident history

4 of 4 sub-signals with data

Uptime35%5.0

100.00% over 6 checks

via Health checks

Response Latency25%2.0

p99: 1714ms, p50: 1559ms

via Health checks

Error Rate20%5.0

0.00% error rate (0/6)

via Health checks

Incident History20%2.0

4 incidents in last 90 days

via Incidents table

Commit recency, release cadence, issue response, CI/CD

4 of 4 sub-signals with data

Commit Recency30%5.0

via GitHub

Release Cadence25%5.0

via GitHub

Issue Response20%1.0

via GitHub

CI/CD Presence25%5.0

via GitHub Actions

Downloads, stars, dependents, and growth trajectory

3 of 4 sub-signals with data

Download Volume43%3.0

8,365 weekly downloads

via npm / PyPI

GitHub Stars36%2.0

329 stars

via GitHub

Dependent Packagesno data

Weight redistributed to sub-signals with data

Growth Trend21%2.0

-6.1% week-over-week

via npm

License, documentation, security policy, changelog

4 of 4 sub-signals with data

Open Source30%4.0

Public repo with copyleft license (agpl-3.0)

via GitHub

Documentation25%5.0

Docs site present with comprehensive README (>2000 bytes + examples)

via GitHub

Security Policy20%5.0

SECURITY.md present

via GitHub

Changelog25%5.0

CHANGELOG.md present and releases exist

via GitHub

Track record, org maturity, community standing

4 of 4 sub-signals with data

Track Record30%3.5

Internal: 3.0 (82 services), External: 3.5 (2184 followers, 7594 stars)

via Fabric index

Org Maturity30%5.0

User account, 10.7 years old

via GitHub

Community Standing20%5.0

161 public repositories

via GitHub

Cross-Platform20%3.0

Present on 2 platform(s): github, npm

via Registry scan

About this score
Scored across 23 sub-signals in 6 dimensionsScoring engine v1 (beta) — actively being expandedPhase 1: Core sub-signal architecture (live)Phase 2: Permission scope & expanded collection (in progress)
Trust AssessmentAI Assessment

sfdx-hardis is a Salesforce CI/CD orchestration toolkit published on npm under AGPL-3.0 license, available as a GitHub Action. The package shows strong maintenance practices with zero known vulnerabilities and consistent uptime, though it relies on 68 dependencies including several large packages like langchain and exceljs. With only one maintainer and moderate weekly downloads (7.8K), organizations should consider internal review before adopting this tool for production Salesforce pipelines.

Generated by Fabric AI · Mar 4, 2026 at 4:18 AM

Package Availability (30d)
100.00%
p50: 1559ms · p99: 1714ms
Avg Latency
1.5s
averaged across 30d health checks
Weekly Downloads
8.4k-6%
npm weekly
Transparency & Compliance5/5 passed
Open Source CodePublic repository on GitHub
OSI LicenseLicensed under AGPL-3.0
DocumentationREADME with examples/code blocks
SECURITY.mdSecurity policy published
API DocumentationOpenAPI spec or docs directory found
Incidents & Alertslast 90 days
Mar 1Trust score decreased by 1.113.24
Feb 26Trust score increased by 1.264.29
Feb 22New version v6.26.2 released3.03
Feb 21sfdx-hardis added to Trust Index2.19
Showing 4 of 4 events
Score History67 snapshots
5.003.752.501.250.00
Feb 21Mar 5
Community & Ecosystemadoption signals
8.4k
Weekly Downloads
npm
10
Releases
on GitHub
Supply Chain & Dependenciestrust chain
@actions/github
npm · 7.0.0
@cparra/apexdocs
npm · 3.20.0
@gitbeaker/rest
npm · ^43.8.0
@langchain/anthropic
npm · 1.3.18
@langchain/community
npm · 1.1.18 · 3 CVEs1L2M
@langchain/core
npm · 1.1.26 · 1 CVE1H
Showing 6 of 69 dependencies
Data Sources6 indexed
OSV.devCVE database · vulnerability scanning for npm & PyPI packages
GitHub APICommits, issues, releases, repo metadata, transparency checks
npm RegistryPackage metadata, weekly downloads, maintainers, dependencies
PyPIPackage metadata, weekly downloads, dependency tree
HTTP Health Checks15-min pings · uptime, latency, status monitoring
PyPI StatsDownload statistics and trends
Version Historyscore per release
VERSIONRELEASEDSCOREDELTA
v6.27.0Feb 27, 20264.35+1.87
v6.26.3Feb 24, 20262.48-1.27
v6.26.2Feb 22, 20263.75
v6.26.1Feb 18, 2026
v6.26.0Feb 17, 2026
v6.25.1Feb 10, 2026
Showing 6 of 10 releases

Are you the publisher?

Claim this profile to unlock deeper evaluation, real-time monitoring,
and trust signals that help agents discover your service.

Share this Trust Score

Generate a scorecard image optimised for X, LinkedIn and other social platforms.

⬇ Download Score Card