From a5dc424b2f4c1991df8ad3e18e337c5e3e66b6cb Mon Sep 17 00:00:00 2001 From: piiiico Date: Wed, 3 Jun 2026 21:08:44 +0000 Subject: [PATCH 1/2] =?UTF-8?q?Add=20proof-of-commitment=20=E2=80=94=20sup?= =?UTF-8?q?ply=20chain=20risk=20scoring=20for=20npm,=20PyPI,=20Rust,=20Go?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- data/tools/proof-of-commitment.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 data/tools/proof-of-commitment.yml diff --git a/data/tools/proof-of-commitment.yml b/data/tools/proof-of-commitment.yml new file mode 100644 index 000000000..efb5d4887 --- /dev/null +++ b/data/tools/proof-of-commitment.yml @@ -0,0 +1,23 @@ +name: proof-of-commitment +categories: + - linter +tags: + - javascript + - typescript + - python + - rust + - go + - security + - package +license: MIT +types: + - cli + - web +source: 'https://github.com/piiiico/proof-of-commitment' +homepage: 'https://getcommit.dev' +description: >- + Supply chain risk scoring for npm packages, PyPI packages, Rust crates, Go modules, + and GitHub repos. Scores packages on behavioral commitment signals — + publisher concentration, transfer history, contributor counts — that + traditional vulnerability scanners miss. Run with `npx proof-of-commitment` + to audit your project's dependencies. From 834879e5ade706e692d7b2dbe2d60364a27eac9d Mon Sep 17 00:00:00 2001 From: piiiico Date: Wed, 3 Jun 2026 21:48:44 +0000 Subject: [PATCH 2/2] fix: remove invalid 'web' type from proof-of-commitment.yml --- data/tools/proof-of-commitment.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/data/tools/proof-of-commitment.yml b/data/tools/proof-of-commitment.yml index efb5d4887..ffe3efb0b 100644 --- a/data/tools/proof-of-commitment.yml +++ b/data/tools/proof-of-commitment.yml @@ -12,7 +12,6 @@ tags: license: MIT types: - cli - - web source: 'https://github.com/piiiico/proof-of-commitment' homepage: 'https://getcommit.dev' description: >-