Tag
package-health-score
Safeguard articles tagged "package-health-score" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Product
npm/package health and quality scoring methodology
How npm package health scores are calculated, why Socket.dev's model misses live supply chain attacks, and what Safeguard checks instead.
May 8, 20267 min read
Open Source Security
Open source package health scoring explained
Health scores from OSSF Scorecard, Snyk, and npms.io compress package risk into one number -- but xz-utils proves a high score isn't the same as safe.
Apr 21, 20267 min read
Open Source Security
How Snyk Advisor's package health score weighs popularity...
Snyk Advisor scores packages 0-100 using four signals: popularity, maintenance, community, and security. Here is exactly how each one is calculated.
Aug 25, 20257 min read