Narrative
Trust can be repaired
Critical dependency recovering through visible stewardship and deeper security funding.
View GitHub repoLegacy recovery
expressjs / express
A legacy dependency does not need a rebrand. It needs better governance, faster response, and visible budget.
Seeded lanehybrid
66trust
Operator Scenarios
Switch the room from narrative to repricing.
Available
Exploit odds spike on Ollama
Injects a critical incident into a fast-growth repo and flips the agent verdict from review to block.
Available
LangChain funds trust aggressively
Shows how increasing the security budget and audit coverage can move a high-growth repo into the allow range.
Live now
Express recovers maintainership
Demonstrates that operational discipline can rehabilitate a legacy dependency's trust profile.
Signal composition
Trust breakdown
Security Budget
57Weight 26%Confidence 74%
Stake Depth
51Weight 22%Confidence 74%
Audit Coverage
72Weight 20%Confidence 74%
Maintainer Responsiveness
82Weight 12%Confidence 90%
Incident Pressure
33Weight 12%Confidence 90%
Adoption Confidence
92Weight 8%Confidence 74%
Agent Verdict
Allow with human review
The repo is usable, but recent signal quality or market depth is not strong enough for unsupervised adoption.
Threshold 74Provenance
Every signal carries a disclosure label.
Critical dependency demo laneDemo Seeded
Real repo with explicit seeded signals to illustrate systemic risk.
Source linkRecent events
Trust moves when the repo moves.
Maintainer response time normalized
Mar 13, 2026, 2:58 PMFresh stewards and budget commitments raised the repo back toward the allow threshold.
Demo Seeded+10.7Maintainer queue drifted upward
Mar 9, 2026, 10:45 AMSlower response times pushed the repo further into review territory.
Derived-3.4