{"id":48910589,"url":"https://github.com/piiiico/proof-of-commitment","last_synced_at":"2026-06-13T05:00:40.153Z","repository":{"id":346169094,"uuid":"1188768697","full_name":"piiiico/proof-of-commitment","owner":"piiiico","description":"Supply chain risk scorer for npm and PyPI — single-maintainer CRITICAL flags before attacks happen","archived":false,"fork":false,"pushed_at":"2026-06-12T22:57:45.000Z","size":8169,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-13T00:24:06.529Z","etag":null,"topics":["audit","cargo","cli","dependencies","github-action","go","golang","mcp","mcp-server","npm","openssf","pypi","rust","scorecard","security","software-supply-chain","supply-chain","supply-chain-security"],"latest_commit_sha":null,"homepage":"https://getcommit.dev","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/piiiico.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":"audit-2026-05-03-pre-showhn.md","citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-22T15:03:07.000Z","updated_at":"2026-06-12T22:57:49.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/piiiico/proof-of-commitment","commit_stats":null,"previous_names":["piiiico/proof-of-commitment"],"tags_count":29,"template":false,"template_full_name":null,"purl":"pkg:github/piiiico/proof-of-commitment","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/piiiico%2Fproof-of-commitment","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/piiiico%2Fproof-of-commitment/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/piiiico%2Fproof-of-commitment/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/piiiico%2Fproof-of-commitment/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/piiiico","download_url":"https://codeload.github.com/piiiico/proof-of-commitment/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/piiiico%2Fproof-of-commitment/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34272603,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-13T02:00:06.617Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit","cargo","cli","dependencies","github-action","go","golang","mcp","mcp-server","npm","openssf","pypi","rust","scorecard","security","software-supply-chain","supply-chain","supply-chain-security"],"created_at":"2026-04-16T23:06:57.332Z","updated_at":"2026-06-13T05:00:40.147Z","avatar_url":"https://github.com/piiiico.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Proof of Commitment\n\n[![Commitment Score](https://poc-backend.amdal-dev.workers.dev/badge/npm/proof-of-commitment)](https://getcommit.dev/audit?packages=proof-of-commitment)\n[![npm downloads](https://img.shields.io/npm/dw/proof-of-commitment)](https://www.npmjs.com/package/proof-of-commitment)\n[![Mentioned in Awesome MCP Servers](https://awesome.re/mentioned-badge.svg)](https://github.com/punkpeye/awesome-mcp-servers)\n\n\u003e **Stars lie. Behavioral signals don't.**\n\nAn MCP server and web tool that scores npm packages, PyPI packages, Rust crates, Go modules, and GitHub repos on **behavioral commitment** — signals that are harder to fake than stars, READMEs, or download counts.\n\n```text\n$ npx proof-of-commitment axios zod chalk lodash minimatch\nScoring 5 npm packages... done in 3.0s\n\nPackage      Risk          Score   Publishers   Downloads      Age    Provenance\nchalk        🔴 CRITICAL   72      1            432.9M/wk      14.6y  —\nminimatch    🔴 CRITICAL   78      1            634.1M/wk      14.9y  —\nlodash       🔴 CRITICAL   80      1            158.9M/wk      14.1y  —\nzod          🔴 CRITICAL   83      1            161.2M/wk      6.3y   🔐 verified\naxios        🔴 CRITICAL   88      1            115.7M/wk      11.8y  🔐 verified\n                ⚠ COMPROMISED — axios token theft (2026-03-30)\n\n⚠  5 CRITICAL packages found.\n   CRITICAL = sole npm publisher + \u003e10M weekly downloads (publish-access concentration risk)\n```\n\n`npm audit` flags none of these. They're not vulnerabilities — they're attack-surface concentration. One stolen npm token, one phished maintainer, and a single push reaches the whole ecosystem (axios, March 30 2026 — happened).\n\n## The supply chain problem\n\n26 of the 91 npm packages with \u003e10M weekly downloads have a **single npm publisher**. Together they account for over 3 billion downloads per week. `npm audit` doesn't surface this. Stars don't either.\n\nFour packages in a typical Node.js project are CRITICAL right now:\n- **chalk** — 432M downloads/week, **1 npm publisher**\n- **zod** — 185M downloads/week, **1 npm publisher** (30+ GitHub contributors)\n- **lodash** — 156M downloads/week, **1 npm publisher**\n- **axios** — 113M downloads/week, **1 npm publisher** (attacked March 30, 2026)\n\nThey won't appear in your `package.json` either — but these are in almost every project:\n- **minimatch** — 625M downloads/week, **1 npm publisher**\n- **glob** — 366M downloads/week, **1 npm publisher**\n- **cross-spawn** — 215M downloads/week, **1 npm publisher**\n\nBehavioral signals surface this. Stars and READMEs don't.\n\n## Quick install (MCP)\n\nNo login required. Add to any MCP-compatible AI tool and start querying supply chain risk.\n\n**Claude Desktop**\n\nOpen `~/Library/Application Support/Claude/claude_desktop_config.json` on macOS ([config file reference](https://modelcontextprotocol.io/quickstart/user)) or `%APPDATA%\\Claude\\claude_desktop_config.json` on Windows, then add:\n\n```json\n{\n  \"mcpServers\": {\n    \"commit\": {\n      \"type\": \"streamable-http\",\n      \"url\": \"https://poc-backend.amdal-dev.workers.dev/mcp\"\n    }\n  }\n}\n```\n\nRestart Claude Desktop. A tool icon appears in the chat input — ask it to audit your `package.json`.\n\n**Cursor**\n\nOpen `~/.cursor/mcp.json` ([Cursor MCP docs](https://cursor.com/docs/mcp)) and add:\n\n```json\n{\n  \"mcpServers\": {\n    \"commit\": {\n      \"type\": \"streamable-http\",\n      \"url\": \"https://poc-backend.amdal-dev.workers.dev/mcp\"\n    }\n  }\n}\n```\n\n**Smithery** (once indexed)\n\n```bash\nnpx -y @smithery/cli install proof-of-commitment --client claude\n```\n\n---\n\n## Try it now\n\n**Terminal (zero install):**\n```bash\n# New in v1.8.0: zero-arg auto-detect — cd into any project, run once:\nnpx proof-of-commitment\n# Picks the highest-coverage manifest in cwd (package-lock.json \u003e yarn.lock \u003e\n# pnpm-lock.yaml \u003e pnpm-workspace.yaml \u003e package.json; requirements.txt;\n# Cargo.toml; go.sum \u003e go.mod). When multiple ecosystems are present, the\n# file with the most recent mtime wins.\n\n# Explicit package list still works:\nnpx proof-of-commitment axios zod chalk\n\n# Or point at a specific file:\nnpx proof-of-commitment --file package.json\nnpx proof-of-commitment --file package-lock.json   # npm (transitive)\nnpx proof-of-commitment --file yarn.lock           # yarn\nnpx proof-of-commitment --file pnpm-lock.yaml      # pnpm\nnpx proof-of-commitment --file pnpm-workspace.yaml # pnpm monorepo\nnpx proof-of-commitment --pypi litellm langchain requests\nnpx proof-of-commitment --cargo serde tokio reqwest\nnpx proof-of-commitment --golang github.com/gin-gonic/gin golang.org/x/net\nnpx proof-of-commitment --file go.mod\nnpx proof-of-commitment --file go.sum              # full transitive Go set\n\n# JSON output for downstream tools:\nnpx proof-of-commitment --file package-lock.json --json | jq '.criticalCount'\n```\n\n### CI integration (v1.8.0+)\n\n`--fail-on=\u003clevel\u003e` turns the CLI into a one-line CI gate. No GitHub Action required.\n\n```yaml\n# .github/workflows/supply-chain.yml\nname: Supply Chain\non: [pull_request]\njobs:\n  audit:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - uses: actions/setup-node@v4\n        with: { node-version: '20' }\n      - run: npx -y proof-of-commitment --fail-on=critical\n```\n\nLevels:\n\n| `--fail-on` | Exit 1 when… |\n|---|---|\n| `critical` | any package is flagged CRITICAL (publish-access concentration) |\n| `risky` | any package is CRITICAL **or** HIGH (score \u003c 40) |\n| `none` | never — report only |\n\nDefaults: `critical` in CI (when `CI=true` is set, which every major CI runner does) and for `--json` output. Interactive (TTY, non-CI) keeps the v1.7 default of **exit 0** — running locally won't break your shell habits.\n\nThe dedicated [`piiiico/commit-action@v1`](https://github.com/piiiico/commit-action) is still the right choice when you want PR comments and step summaries; `--fail-on` is for minimal pipelines that just need a yes/no answer.\n\n### SARIF output for GitHub Code Scanning (v1.26.0+)\n\n`--sarif` outputs [SARIF 2.1.0](https://sarifweb.azurewebsites.net/) — the standard format for static analysis results. Upload it to GitHub Code Scanning and Commit findings appear in the Security tab alongside CodeQL and Snyk.\n\n```yaml\n# .github/workflows/supply-chain.yml\nname: Supply Chain\non: [pull_request]\njobs:\n  audit:\n    runs-on: ubuntu-latest\n    permissions:\n      security-events: write\n    steps:\n      - uses: actions/checkout@v4\n      - uses: actions/setup-node@v4\n        with: { node-version: '20' }\n      - run: npx -y proof-of-commitment --file package-lock.json --sarif --fail-on=none \u003e results.sarif\n      - uses: github/codeql-action/upload-sarif@v3\n        if: always()\n        with:\n          sarif_file: results.sarif\n          category: commit-supply-chain\n```\n\nCRITICAL and HIGH packages show as alerts in the repo's Security tab. Compromised packages (in the Commit incident registry) get a separate alert. `--fail-on` still controls the exit code independently — use `--fail-on=critical` to also block the PR.\n\n**Web demo (no install):** [getcommit.dev/audit](https://getcommit.dev/audit) — paste your packages, see risk scores in seconds.\n\n## IDE Hooks (Cursor + Claude Code + Windsurf)\n\n`poc hook` installs a supply chain gate for **Cursor** ([`beforeShellExecution`](https://docs.cursor.com/context/hooks)), **Claude Code** ([`PreToolUse`](https://code.claude.com/docs/en/hooks)), and **Windsurf** ([`pre_run_command`](https://docs.windsurf.com/windsurf/cascade/hooks)) in one command. The same hook script intercepts package installs from any agent, auto-detects which client called it, and blocks CRITICAL packages before they run.\n\n```bash\n# Install for the current project (writes .cursor/hooks.json + .claude/settings.json + .windsurf/hooks.json):\npoc hook\n\n# Or protect every project for your user:\npoc hook --global\n\n# Narrow to one client:\npoc hook --cursor          # only .cursor/hooks.json\npoc hook --claude-code     # only .claude/settings.json\npoc hook --windsurf        # only .windsurf/hooks.json\n\n# Remove (cleans all three):\npoc hook --uninstall\n```\n\nThe hook writes `.cursor/hooks.json`, `.claude/settings.json`, and `.windsurf/hooks.json` (project) or the equivalents under `~/` (with `--global`). When Cursor, Claude Code, or Windsurf runs `npm install axios`, `pip install litellm`, `cargo add serde`, or `go get github.com/gin-gonic/gin`, the hook calls the Commit API and either blocks, warns, or allows — in under 500ms.\n\n**What gets intercepted:**\n\n| Package manager | Example command |\n|---|---|\n| npm / npx | `npm install \u003cpkg\u003e`, `npm add \u003cpkg\u003e` |\n| pnpm | `pnpm add \u003cpkg\u003e` |\n| yarn | `yarn add \u003cpkg\u003e` |\n| pip / pip3 / uv | `pip install \u003cpkg\u003e` |\n| cargo | `cargo add \u003cpkg\u003e`, `cargo install \u003cpkg\u003e` |\n| go | `go get \u003cmodule\u003e`, `go install \u003cmodule\u003e` |\n\n**Why this matters:** Supply chain attacks now happen in minutes. The Shai-Hulud worm (May 2026) compromised 637 packages in 39 minutes and specifically targeted AI coding assistants — planting persistence hooks in `.claude/settings.json` and `.vscode/tasks.json`. When your AI assistant installs a dependency, it bypasses the human review that used to be the last line of defense. `poc hook` puts a gate back in — same gate, whether Cursor, Claude Code, or Windsurf is driving.\n\n**Default behavior:** CRITICAL packages (sole npm publisher + \u003e10M downloads/week — the exact LiteLLM/axios attack profile) are blocked. HIGH packages trigger an \"ask user\" prompt (Cursor/Claude Code) or are blocked with a message (Windsurf). Set `COMMIT_HOOK_SEVERITY_BLOCK=HIGH` to block both.\n\n**With an API key:** `poc login sk_commit_…` before running `poc hook` — the key is embedded in the hook config and lifts the rate limit.\n\n---\n\n## Get notified before the next attack\n\nThe CLI tells you what's risky today. A free API key unlocks **monitoring** — score recomputation across the packages you depend on, with alerts when one degrades (publisher drops, release stalls, score falls ≥10 points).\n\n- **Open (free):** Watch 3 packages · weekly digest every Monday\n- **Developer ($15/mo):** Watch 15 packages · daily scans · instant email alerts\n\n[**Get a free API key →**](https://getcommit.dev/get-started?ref=readme-monitoring) (no card, 30 seconds · 200 audits/day included)\n\n```bash\nnpm install -g proof-of-commitment   # then:\npoc watch axios --email you@company.com  # free key + monitoring in one step\npoc watch chalk                          # add more packages (3 free)\npoc init                                 # add CI gate to this repo\n```\n\n## GitHub Action\n\nAdd supply chain auditing to any CI pipeline in 30 seconds — auto-detects packages from `package.json` or `requirements.txt`, **posts results as a PR comment**, writes to GitHub Step Summary, and optionally fails on CRITICAL packages.\n\nUse the dedicated action at [piiiico/commit-action](https://github.com/piiiico/commit-action):\n\n```yaml\n# .github/workflows/supply-chain.yml\nname: Supply Chain Audit\non:\n  pull_request:\n    paths: ['package.json', 'package-lock.json', 'bun.lock']\n\njobs:\n  audit:\n    runs-on: ubuntu-latest\n    permissions:\n      pull-requests: write\n    steps:\n      - uses: actions/checkout@v4\n      - uses: piiiico/commit-action@v1\n        with:\n          fail-on-critical: true   # blocks merges on CRITICAL packages\n          comment-on-pr: true      # posts results as a PR comment\n```\n\nWhen `comment-on-pr: true` (default), the action automatically posts the audit table as a comment on the pull request — and **updates the same comment** on re-run, so you don't get comment spam. Reviewers see the risk table without leaving the PR.\n\n**Inputs:**\n\n| Input | Default | Description |\n|-------|---------|-------------|\n| `packages` | _(auto)_ | Comma-separated package names (auto-detected from `package.json`/`requirements.txt` if not set) |\n| `packages-file` | _(auto)_ | Path to `package.json` or `requirements.txt` (default: auto-detect in workspace root) |\n| `fail-on-critical` | `true` | Fail the workflow if CRITICAL packages are found |\n| `max-packages` | `20` | Max packages to audit when auto-detecting |\n| `include-dev-dependencies` | `false` | Include `devDependencies` from `package.json` |\n| `comment-on-pr` | `true` | Post audit results as a PR comment (requires `pull-requests: write` permission) |\n| `api-key` | _(none)_ | [Commit Pro](https://getcommit.dev/pricing) API key — enables batch requests and 10K requests/month |\n| `api-url` | _(prod)_ | Override API endpoint (useful for self-hosting) |\n\n**Outputs:** `has-critical`, `critical-count`, `audit-summary` (markdown table, also written to Step Summary).\n\n**Free vs Pro:** Without an API key, packages are audited one at a time (with delays to respect rate limits). With a Pro API key, all packages are audited in a single batch request — faster and with higher monthly limits.\n\nExample PR comment / Step Summary output:\n\n```\n| Package | Risk        | Score | Publishers | Downloads/wk | Age   |\n|---------|-------------|-------|------------|--------------|-------|\n| chalk   | 🔴 CRITICAL | 75    | 1          | 380M         | 12.7y |\n| zod     | 🔴 CRITICAL | 83    | 1          | 133M         | 6.1y  |\n| axios   | 🔴 CRITICAL | 89    | 1          | 93M          | 11.6y |\n```\n\n## README Badges\n\nAdd a Commit Trust badge to any npm package you maintain or depend on:\n\n```markdown\n![Commit Trust](https://poc-backend.amdal-dev.workers.dev/badge/YOUR-PACKAGE)\n```\n\nExamples:\n\n| Package | Badge URL |\n|---------|-----------|\n| chalk | `![Commit Trust](https://poc-backend.amdal-dev.workers.dev/badge/chalk)` |\n| react | `![Commit Trust](https://poc-backend.amdal-dev.workers.dev/badge/react)` |\n| express | `![Commit Trust](https://poc-backend.amdal-dev.workers.dev/badge/express)` |\n| @babel/core | `![Commit Trust](https://poc-backend.amdal-dev.workers.dev/badge/@babel/core)` |\n\nGrades: 🟢 OK (75+) · 🟠 WARNING (40–74) · 🔴 CRITICAL (\u003c40 or sole npm publisher with 10M+ weekly downloads)\n\nBadges are cached 1 hour. No API key needed.\n\nAlso supports PyPI, Cargo, Go modules, and the full ecosystem-specific format:\n\n```markdown\n![commit score](https://poc-backend.amdal-dev.workers.dev/api/badge/npm/YOUR-PACKAGE)\n![commit score](https://poc-backend.amdal-dev.workers.dev/api/badge/pypi/YOUR-PACKAGE)\n![commit score](https://poc-backend.amdal-dev.workers.dev/api/badge/cargo/YOUR-CRATE)\n![commit score](https://poc-backend.amdal-dev.workers.dev/api/badge/golang/github.com/owner/repo)\n```\n\n## REST API\n\nNo API key. No install.\n\n```bash\ncurl https://poc-backend.amdal-dev.workers.dev/api/audit \\\n  -X POST \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"packages\": [\"axios\", \"zod\", \"chalk\", \"lodash\", \"express\"]}'\n```\n\n```json\n{\n  \"count\": 5,\n  \"results\": [\n    {\n      \"name\": \"chalk\",\n      \"ecosystem\": \"npm\",\n      \"score\": 75,\n      \"maintainers\": 1,\n      \"weeklyDownloads\": 398397580,\n      \"ageYears\": 12.7,\n      \"trend\": \"stable\",\n      \"riskFlags\": [\"CRITICAL\"],\n      \"scorecardScore\": 3.6,        // null if no GitHub repo\n      \"hasDangerousWorkflow\": false  // null if no Scorecard data\n    },\n    ...\n  ]\n}\n```\n\n## 11 MCP tools\n\n| Tool | Description |\n|------|-------------|\n| `audit_dependencies` | Batch risk audit for up to 20 npm/PyPI/Cargo/Go packages |\n| `audit_github_repo` | Fetch a repo's package.json/requirements.txt and audit every dep |\n| `audit_dependency_tree` | Map an npm package's full dependency tree (incl. transitive CRITICAL deps) |\n| `lookup_npm_package` | Single npm package behavioral profile |\n| `lookup_pypi_package` | Single PyPI package behavioral profile |\n| `lookup_cargo_crate` | Single Rust crate behavioral profile (crates.io) |\n| `lookup_go_module` | Single Go module behavioral profile (proxy.golang.org + GitHub) |\n| `lookup_github_repo` | GitHub repo commitment score (longevity, commit frequency, contributor depth) |\n| `lookup_business` | Norwegian business register — operating years, employees, financials |\n| `lookup_business_by_org` | Same, by org number |\n| `query_commitment` | Browser extension behavioral data (unique verified visitors, repeat rate) |\n\nAnonymous: 15 requests/IP/UTC day across both `/mcp` and `/api/audit`. Free key (no card, 30s signup at https://getcommit.dev/get-started): 200/day. Higher tiers at https://getcommit.dev/pricing.\n\n## What the score measures\n\nEach package is scored 0–100 across:\n\n- **Longevity** — How long has the package existed? Abandoned packages get reactivated for attacks.\n- **Publisher depth** — Single npm publisher + millions of weekly downloads = the attack surface LiteLLM exploited. (Publisher = person with npm publish access, distinct from GitHub contributors.)\n- **Release consistency** — Regular releases signal active oversight. Long gaps = vulnerability accumulation.\n- **Download trend** — Growing packages attract more scrutiny (and attacks). Stable = lower profile.\n- **OpenSSF Scorecard** — Process security (code review enforcement, branch protection, CI/CD safety). Separate from behavioral signals. High Scorecard ≠ safe from credential theft attacks.\n\n\u003e Both axios (8.1/10 Scorecard) and chalk (3.6/10 Scorecard) score CRITICAL on behavioral signals. They measure different attack surfaces — Scorecard catches process gaps, behavioral signals catch publisher concentration.\n\n**Risk flags:**\n- `CRITICAL` — single npm publisher + \u003e10M weekly downloads (exact LiteLLM/axios attack profile)\n- `HIGH` — package \u003c1yr old + rapid adoption\n- `WARN` — no release in 12+ months\n\n## Real data points\n\n```\n# packages you know about:\nchalk       — score 75, 1 publisher, 432M/week  ⚑ CRITICAL\nzod         — score 83, 1 publisher, 185M/week  ⚑ CRITICAL  (30+ GitHub contributors)\nlodash      — score 81, 1 publisher, 156M/week  ⚑ CRITICAL\naxios       — score 88, 1 publisher, 113M/week  ⚑ CRITICAL  (attacked Mar 30 2026)\nexpress     — score 90, 5 publishers, 95M/week\n\n# packages probably not in your package.json, definitely in your lock file:\nminimatch   — score 78, 1 publisher, 625M/week  ⚑ CRITICAL\nglob        — score 80, 1 publisher, 366M/week  ⚑ CRITICAL\ncross-spawn — score 72, 1 publisher, 215M/week  ⚑ CRITICAL\n\n# post-attack:\nlitellm     — score 74, 1 publisher            ⚑ CRITICAL  (supply chain attack Mar 2026)\n\n# Rust crates (new in v1.3.0):\nserde       — score 78, 1 owner,  13M/week  ⚑ CRITICAL  (dtolnay sole owner)\ntokio       — score 89, 2 owners, 10M/week\nreqwest     — score 85, 1 owner,   8M/week  ⚑ HIGH\n```\n\n## Why behavioral signals\n\nThe LiteLLM attack (March 2026) and axios attack (March 30, 2026) followed the same pattern: stolen credentials → malicious package pushed → 97M+ machines exposed. Both packages scored CRITICAL by these metrics *before* the attacks.\n\nDeclarative signals (stars, README quality, CI badges) don't capture this risk. Behavioral commitment does.\n\n## Stack\n\n| Layer | Technology |\n|-------|-----------|\n| Backend | Cloudflare Workers + D1 |\n| MCP | Model Context Protocol SDK |\n| Data | npm registry, PyPI, crates.io, proxy.golang.org, deps.dev, GitHub API, Brønnøysund (NO) |\n| Landing | Astro + Cloudflare Pages |\n\n## Roadmap\n\nPlanned, not promised. The project is early-stage — contributions welcome on any of these.\n\n| Feature | Status | Notes |\n|---------|--------|-------|\n| **Cargo (Rust) registry support** | ✅ Live | MCP tool, REST API, badge endpoint — `ecosystem: \"cargo\"` |\n| **Go modules support** | ✅ Live | proxy.golang.org + deps.dev + GitHub-primary scoring — `ecosystem: \"golang\"` |\n| **Score breakdown visualization** | Planned | Chart component for the 5 dimensions on getcommit.dev/audit |\n| **`--json` flag for CLI** | ✅ Live | `npx proof-of-commitment --file package-lock.json --json \\| jq '.criticalCount'` |\n| **pnpm workspace monorepo support** | ✅ Live | `--file pnpm-workspace.yaml` or auto-detected from `pnpm-lock.yaml` |\n| **Historical score tracking** | Planned | Trend charts — was this package getting riskier over time? |\n| **Org-level dashboards** | Planned | Aggregate risk view across all repos in a GitHub org |\n\nSee [open issues](https://github.com/piiiico/proof-of-commitment/issues) for things you can help with today.\n\n## The broader vision\n\nSupply chain auditing is the first tool. The underlying primitive is a **commitment graph** — behavioral signals that replace content-based trust across any domain.\n\nWhen content is free to fake (reviews, stars, READMEs), commitment becomes the signal. A publisher who has shipped 847 releases over 12 years is a different kind of commitment than one who published once in 2023.\n\nThe same logic applies to websites, businesses, and AI agents. Two card networks have independently named this gap: Mastercard Verifiable Intent §9.2 explicitly lists behavioral trust as \"not covered.\" Visa TAP identifies agents without answering whether to trust them.\n\nProof of Commitment is the trust layer they're pointing at.\n\n→ [getcommit.dev](https://getcommit.dev)\n\n## Run locally\n\n```bash\nbun install\nbun run dev:backend     # local server with SQLite\nbun run test:e2e        # E2E test with mock World ID\n```\n\nDeploy:\n```bash\nbun run deploy          # deploys to Cloudflare Workers\n```\n\n## Releasing\n\nPublish is triggered automatically when a tag `v*` is pushed, or manually via GitHub Actions `workflow_dispatch`.\n\n### Funnel smoke gate\n\nBefore `npm publish` runs, the CI workflow executes `scripts/funnel-smoke.sh` — a local-mock pre-publish check that exercises four key funnel paths:\n\n| Path | What it tests | Bug class caught |\n|------|--------------|-----------------|\n| A | CLI audit with `COMMIT_API_KEY` set → 200 + results | v1.20.0: missing `Authorization` header → 0 paid conversions |\n| B | CLI audit anonymous, 429 → message + `instant_key_url` | 429 handling / CTA surfacing |\n| C | cursor-hook (Cursor stdin) 429 → `permission: ask` + signup URL | v1.21.0: silent `allow` on 429 → security gap + 0 conversions |\n| D | cursor-hook (Claude Code `PreToolUse` stdin) 429 → `hookSpecificOutput.permissionDecision: ask` + `claude-code-hook-429` attribution | v1.22.0: wrong-shape reply when Claude Code drives → silent allow / mis-attributed conversion |\n\nAny path failure blocks the release. The gate runs a local Python mock server so it's deterministic in CI and doesn't depend on production rate-limit state.\n\n**Optional CI secret:** Set `COMMIT_TEST_API_KEY` in GitHub repo secrets to use a real API key for Path A. Falls back to a mock key that the local server accepts unconditionally.\n\n**Run locally:**\n```bash\nbash scripts/funnel-smoke.sh\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpiiiico%2Fproof-of-commitment","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpiiiico%2Fproof-of-commitment","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpiiiico%2Fproof-of-commitment/lists"}