piiiico/proof-of-commitment
by Various
Supply chain risk scorer for npm and PyPI — single-maintainer CRITICAL flags before attacks happen
MCP
piiiico/proof-of-commitment
Added 1 June 2026
Overview
Proof of Commitment is a supply chain risk scorer for npm and PyPI packages. It flags single-maintainer packages marked as CRITICAL before attacks occur, using TypeScript to analyze maintainer risk.
Best for
Best for
Developers and security teams vetting dependencies in npm or PyPI projects
Use cases
- Audit npm dependencies for single-maintainer critical packages
- Scan PyPI packages for supply chain risk before deployment
- Integrate risk scoring into CI/CD pipelines
How to use
Install
npx -y @smithery/cli install proof-of-commitment --client claude Tools exposed
packages-filefail-on-criticalmax-packagesinclude-dev-dependenciescomment-on-prapi-keyapi-urlaudit_dependenciesaudit_github_repoaudit_dependency_treelookup_npm_packagelookup_pypi_packagelookup_cargo_cratelookup_go_modulelookup_github_repolookup_businesslookup_business_by_orgquery_commitmentget_api_key
Tested with
Claude Desktop, Claude Code, Cursor, Windsurf, VS Code
Notes
Proof of Commitment is a supply chain risk scorer for npm and PyPI packages. It flags single-maintainer packages marked as CRITICAL before attacks occur, using TypeScript to analyze maintainer risk.
5 stars on GitHub. Last updated 2026-05-29. Licensed MIT.
Use cases
- Audit npm dependencies for single-maintainer critical packages
- Scan PyPI packages for supply chain risk before deployment
- Integrate risk scoring into CI/CD pipelines
Pros
- Proactive risk detection for single-maintainer critical packages
- Supports both npm and PyPI ecosystems
- Lightweight TypeScript implementation
Cons
- Limited to single-maintainer risk, not broader supply chain threats
- Only 5 GitHub stars, indicating early-stage adoption
- No clear update frequency or maintenance guarantees
Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.
Pros
- Proactive risk detection for single-maintainer critical packages
- Supports both npm and PyPI ecosystems
- Lightweight TypeScript implementation
Cons
- Limited to single-maintainer risk, not broader supply chain threats
- Only 5 GitHub stars, indicating early-stage adoption
- No clear update frequency or maintenance guarantees
Pairs with
Other entries in the index that connect to this one. Click through to see the chain.
Cline
Cline
Open-source autonomous coding agent that lives inside VS Code. BYO model key, watch it work.
Claude Code
Anthropic
Anthropic's terminal-native coding agent. Reads your repo, edits files, runs tests, ships PRs.
Continue
Continue.dev
Open-source AI code assistant for VS Code and JetBrains. Customisable, BYO model, built for enterprise.
Aider
Paul Gauthier
Terminal-first AI pair programmer. Edits files in your repo, commits with sensible messages, runs your tests.
Get the free Developer’s Field Guide
A 27-page field guide to the AI coding workflow with Claude. Claude Code, MCP servers, the prompt patterns that work, and what to delegate. Free.
Enter your work email. We send it straight over, plus a few short notes worth knowing. Unsubscribe any time.