piiiico/proof-of-commitment
by Various
Supply chain risk scorer for npm and PyPI — single-maintainer CRITICAL flags before attacks happen
MCP
piiiico/proof-of-commitment
Added 1 June 2026
Overview
Proof of Commitment is a supply chain risk scorer for npm and PyPI packages. It flags single-maintainer packages marked as CRITICAL before attacks occur, using TypeScript to analyze maintainer risk.
Best for
Best for
Developers and security teams vetting dependencies in npm or PyPI projects
Use cases
- Audit npm dependencies for single-maintainer critical packages
- Scan PyPI packages for supply chain risk before deployment
- Integrate risk scoring into CI/CD pipelines
Notes
Proof of Commitment is a supply chain risk scorer for npm and PyPI packages. It flags single-maintainer packages marked as CRITICAL before attacks occur, using TypeScript to analyze maintainer risk.
5 stars on GitHub. Last updated 2026-05-29. Licensed MIT.
Use cases
- Audit npm dependencies for single-maintainer critical packages
- Scan PyPI packages for supply chain risk before deployment
- Integrate risk scoring into CI/CD pipelines
Pros
- Proactive risk detection for single-maintainer critical packages
- Supports both npm and PyPI ecosystems
- Lightweight TypeScript implementation
Cons
- Limited to single-maintainer risk, not broader supply chain threats
- Only 5 GitHub stars, indicating early-stage adoption
- No clear update frequency or maintenance guarantees
Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.
Pros
- Proactive risk detection for single-maintainer critical packages
- Supports both npm and PyPI ecosystems
- Lightweight TypeScript implementation
Cons
- Limited to single-maintainer risk, not broader supply chain threats
- Only 5 GitHub stars, indicating early-stage adoption
- No clear update frequency or maintenance guarantees
Pairs with
Other entries in the index that connect to this one. Click through to see the chain.