Hugging Face's logo

Spaces:
holistic-ai
/
LibVulnWatch
Running

App Files Community
1
wu981526092 commited on
Commit
4761cc6
·
1 Parent(s): 3211e96

add

Browse files
Files changed (8) hide show
  1. assessment-results/crewai_crewai.json +48 -0
  2. assessment-results/google_jax.json +47 -0
  3. assessment-results/{sample_assessment.json → langchain-ai_langchain.json} +19 -19
  4. assessment-results/langchain-ai_langgraph.json +47 -0
  5. assessment-results/{sample_assessment3.json → microsoft_autogen.json} +4 -4
  6. assessment-results/onnx_onnx.json +47 -0
  7. assessment-results/{sample_assessment2.json → pytorch_pytorch.json} +14 -13
  8. assessment-results/tensorflow_tensorflow.json +47 -0
assessment-results/crewai_crewai.json ADDED
@@ -0,0 +1,48 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ {
2
+ "assessment": {
3
+ "library_name": "crewai/crewai",
4
+ "version": "v0.19.0",
5
+ "language": "Python",
6
+ "framework": "Agent Framework",
7
+ "completed_time": "2024-06-18T12:00:00Z",
8
+ "last_updated": "2024-06-18T12:00:00Z",
9
+ "active_maintenance": true,
10
+ "independently_verified": true,
11
+ "report_url": "https://github.com/LibVulnWatch/reports/raw/main/crewai_crewai.html",
12
+ "scores": {
13
+ "license_validation": 0.0,
14
+ "security_assessment": 8.0,
15
+ "maintenance_health": 4.0,
16
+ "dependency_management": 8.0,
17
+ "regulatory_compliance": 8.0
18
+ },
19
+ "details": {
20
+ "license_validation": {
21
+ "license_type": "MIT",
22
+ "compatibility": "High",
23
+ "issues": "None"
24
+ },
25
+ "security_assessment": {
26
+ "known_vulnerabilities": 4,
27
+ "patch_responsiveness": "Low",
28
+ "last_security_review": "None",
29
+ "issues": "Telemetry and data collection without user consent"
30
+ },
31
+ "maintenance_health": {
32
+ "active_contributors": 15,
33
+ "release_frequency": "Medium",
34
+ "issue_response_time": "3.5 days"
35
+ },
36
+ "dependency_management": {
37
+ "vulnerable_dependencies": 5,
38
+ "dependency_freshness": "Poor",
39
+ "supply_chain_security": "Missing SBOM"
40
+ },
41
+ "regulatory_compliance": {
42
+ "documentation_quality": "Low",
43
+ "data_privacy_features": "Minimal",
44
+ "audit_readiness": "Low"
45
+ }
46
+ }
47
+ }
48
+ }
assessment-results/google_jax.json ADDED
@@ -0,0 +1,47 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ {
2
+ "assessment": {
3
+ "library_name": "google/jax",
4
+ "version": "v0.4.14",
5
+ "language": "Python",
6
+ "framework": "Machine Learning",
7
+ "completed_time": "2024-06-12T12:00:00Z",
8
+ "last_updated": "2024-06-12T12:00:00Z",
9
+ "active_maintenance": true,
10
+ "independently_verified": true,
11
+ "report_url": "https://github.com/LibVulnWatch/reports/raw/main/google_jax.html",
12
+ "scores": {
13
+ "license_validation": 0.0,
14
+ "security_assessment": 4.0,
15
+ "maintenance_health": 2.0,
16
+ "dependency_management": 8.0,
17
+ "regulatory_compliance": 8.0
18
+ },
19
+ "details": {
20
+ "license_validation": {
21
+ "license_type": "Apache-2.0",
22
+ "compatibility": "High",
23
+ "issues": "None"
24
+ },
25
+ "security_assessment": {
26
+ "known_vulnerabilities": 1,
27
+ "patch_responsiveness": "Medium",
28
+ "last_security_review": "2024-04-15"
29
+ },
30
+ "maintenance_health": {
31
+ "active_contributors": 125,
32
+ "release_frequency": "High",
33
+ "issue_response_time": "2.1 days"
34
+ },
35
+ "dependency_management": {
36
+ "vulnerable_dependencies": 3,
37
+ "dependency_freshness": "Good",
38
+ "supply_chain_security": "Missing SBOM"
39
+ },
40
+ "regulatory_compliance": {
41
+ "documentation_quality": "Low",
42
+ "data_privacy_features": "Limited",
43
+ "audit_readiness": "Low"
44
+ }
45
+ }
46
+ }
47
+ }
assessment-results/{sample_assessment.json → langchain-ai_langchain.json} RENAMED
@@ -3,18 +3,18 @@
3
  "library_name": "langchain-ai/langchain",
4
  "version": "v0.1.0",
5
  "language": "Python",
6
- "framework": "Python SDK",
7
- "completed_time": "2025-05-01T12:00:00Z",
8
- "last_updated": "2025-05-01T12:00:00Z",
9
  "active_maintenance": true,
10
  "independently_verified": true,
11
- "report_url": "https://github.com/LibVulnWatch/reports/raw/main/langchain-ai_langchain_v0.1.0.html",
12
  "scores": {
13
- "license_validation": 2.5,
14
- "security_assessment": 4.8,
15
- "maintenance_health": 1.2,
16
- "dependency_management": 3.7,
17
- "regulatory_compliance": 5.2
18
  },
19
  "details": {
20
  "license_validation": {
@@ -23,24 +23,24 @@
23
  "issues": "None"
24
  },
25
  "security_assessment": {
26
- "known_vulnerabilities": 3,
27
- "patch_responsiveness": "Medium",
28
- "last_security_review": "2025-03-15"
29
  },
30
  "maintenance_health": {
31
- "active_contributors": 42,
32
- "release_frequency": "High",
33
- "issue_response_time": "1.2 days"
34
  },
35
  "dependency_management": {
36
- "vulnerable_dependencies": 2,
37
- "dependency_freshness": "Good",
38
- "supply_chain_security": "Medium"
39
  },
40
  "regulatory_compliance": {
41
  "documentation_quality": "Medium",
42
  "data_privacy_features": "Basic",
43
- "audit_readiness": "Low"
44
  }
45
  }
46
  }
 
3
  "library_name": "langchain-ai/langchain",
4
  "version": "v0.1.0",
5
  "language": "Python",
6
+ "framework": "LLM Orchestration",
7
+ "completed_time": "2024-06-15T12:00:00Z",
8
+ "last_updated": "2024-06-15T12:00:00Z",
9
  "active_maintenance": true,
10
  "independently_verified": true,
11
+ "report_url": "https://github.com/LibVulnWatch/reports/raw/main/langchain-ai_langchain.html",
12
  "scores": {
13
+ "license_validation": 0.0,
14
+ "security_assessment": 8.0,
15
+ "maintenance_health": 8.0,
16
+ "dependency_management": 8.0,
17
+ "regulatory_compliance": 4.0
18
  },
19
  "details": {
20
  "license_validation": {
 
23
  "issues": "None"
24
  },
25
  "security_assessment": {
26
+ "known_vulnerabilities": 2,
27
+ "patch_responsiveness": "Low",
28
+ "last_security_review": "2024-03-15"
29
  },
30
  "maintenance_health": {
31
+ "active_contributors": 87,
32
+ "release_frequency": "Low",
33
+ "issue_response_time": "4.5 days"
34
  },
35
  "dependency_management": {
36
+ "vulnerable_dependencies": 3,
37
+ "dependency_freshness": "Poor",
38
+ "supply_chain_security": "Missing SBOM"
39
  },
40
  "regulatory_compliance": {
41
  "documentation_quality": "Medium",
42
  "data_privacy_features": "Basic",
43
+ "audit_readiness": "Medium"
44
  }
45
  }
46
  }
assessment-results/langchain-ai_langgraph.json ADDED
@@ -0,0 +1,47 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ {
2
+ "assessment": {
3
+ "library_name": "langchain-ai/langgraph",
4
+ "version": "v0.0.30",
5
+ "language": "Python",
6
+ "framework": "Agent Framework",
7
+ "completed_time": "2024-06-20T12:00:00Z",
8
+ "last_updated": "2024-06-20T12:00:00Z",
9
+ "active_maintenance": true,
10
+ "independently_verified": true,
11
+ "report_url": "https://github.com/LibVulnWatch/reports/raw/main/langchain-ai_langgraph.html",
12
+ "scores": {
13
+ "license_validation": 8.0,
14
+ "security_assessment": 8.0,
15
+ "maintenance_health": 2.0,
16
+ "dependency_management": 8.0,
17
+ "regulatory_compliance": 8.0
18
+ },
19
+ "details": {
20
+ "license_validation": {
21
+ "license_type": "Missing explicit license",
22
+ "compatibility": "Unknown",
23
+ "issues": "No license file found"
24
+ },
25
+ "security_assessment": {
26
+ "known_vulnerabilities": 3,
27
+ "patch_responsiveness": "Low",
28
+ "last_security_review": "None"
29
+ },
30
+ "maintenance_health": {
31
+ "active_contributors": 21,
32
+ "release_frequency": "High",
33
+ "issue_response_time": "1.2 days"
34
+ },
35
+ "dependency_management": {
36
+ "vulnerable_dependencies": 2,
37
+ "dependency_freshness": "Poor",
38
+ "supply_chain_security": "Missing SBOM"
39
+ },
40
+ "regulatory_compliance": {
41
+ "documentation_quality": "Low",
42
+ "data_privacy_features": "Minimal",
43
+ "audit_readiness": "Low"
44
+ }
45
+ }
46
+ }
47
+ }
assessment-results/{sample_assessment3.json → microsoft_autogen.json} RENAMED
@@ -4,11 +4,11 @@
4
  "version": "v0.2.0",
5
  "language": "Python",
6
  "framework": "Agent Framework",
7
- "completed_time": "2025-05-03T12:00:00Z",
8
- "last_updated": "2025-05-03T12:00:00Z",
9
  "active_maintenance": true,
10
  "independently_verified": true,
11
- "report_url": "https://github.com/LibVulnWatch/reports/raw/main/microsoft_autogen_v0.2.0.html",
12
  "scores": {
13
  "license_validation": 3.1,
14
  "security_assessment": 6.7,
@@ -25,7 +25,7 @@
25
  "security_assessment": {
26
  "known_vulnerabilities": 5,
27
  "patch_responsiveness": "Medium",
28
- "last_security_review": "2025-02-20"
29
  },
30
  "maintenance_health": {
31
  "active_contributors": 28,
 
4
  "version": "v0.2.0",
5
  "language": "Python",
6
  "framework": "Agent Framework",
7
+ "completed_time": "2024-06-05T12:00:00Z",
8
+ "last_updated": "2024-06-05T12:00:00Z",
9
  "active_maintenance": true,
10
  "independently_verified": true,
11
+ "report_url": "https://github.com/LibVulnWatch/reports/raw/main/microsoft_autogen.html",
12
  "scores": {
13
  "license_validation": 3.1,
14
  "security_assessment": 6.7,
 
25
  "security_assessment": {
26
  "known_vulnerabilities": 5,
27
  "patch_responsiveness": "Medium",
28
+ "last_security_review": "2024-02-20"
29
  },
30
  "maintenance_health": {
31
  "active_contributors": 28,
assessment-results/onnx_onnx.json ADDED
@@ -0,0 +1,47 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ {
2
+ "assessment": {
3
+ "library_name": "onnx/onnx",
4
+ "version": "v1.15.0",
5
+ "language": "Python",
6
+ "framework": "Machine Learning",
7
+ "completed_time": "2024-06-14T12:00:00Z",
8
+ "last_updated": "2024-06-14T12:00:00Z",
9
+ "active_maintenance": true,
10
+ "independently_verified": true,
11
+ "report_url": "https://github.com/LibVulnWatch/reports/raw/main/onnx_onnx.html",
12
+ "scores": {
13
+ "license_validation": 2.0,
14
+ "security_assessment": 4.0,
15
+ "maintenance_health": 4.0,
16
+ "dependency_management": 8.0,
17
+ "regulatory_compliance": 6.0
18
+ },
19
+ "details": {
20
+ "license_validation": {
21
+ "license_type": "MIT",
22
+ "compatibility": "High",
23
+ "issues": "Patent risk concerns"
24
+ },
25
+ "security_assessment": {
26
+ "known_vulnerabilities": 1,
27
+ "patch_responsiveness": "Medium",
28
+ "last_security_review": "2024-02-10"
29
+ },
30
+ "maintenance_health": {
31
+ "active_contributors": 78,
32
+ "release_frequency": "Medium",
33
+ "issue_response_time": "5.7 days"
34
+ },
35
+ "dependency_management": {
36
+ "vulnerable_dependencies": 2,
37
+ "dependency_freshness": "Medium",
38
+ "supply_chain_security": "Missing SBOM"
39
+ },
40
+ "regulatory_compliance": {
41
+ "documentation_quality": "Low",
42
+ "data_privacy_features": "Limited",
43
+ "audit_readiness": "Low"
44
+ }
45
+ }
46
+ }
47
+ }
assessment-results/{sample_assessment2.json → pytorch_pytorch.json} RENAMED
@@ -4,17 +4,17 @@
4
  "version": "v2.1.0",
5
  "language": "Python",
6
  "framework": "Machine Learning",
7
- "completed_time": "2025-05-02T12:00:00Z",
8
- "last_updated": "2025-05-02T12:00:00Z",
9
  "active_maintenance": true,
10
  "independently_verified": true,
11
- "report_url": "https://github.com/LibVulnWatch/reports/raw/main/pytorch_pytorch_v2.1.0.md",
12
  "scores": {
13
- "license_validation": 1.8,
14
- "security_assessment": 3.2,
15
- "maintenance_health": 2.0,
16
- "dependency_management": 2.5,
17
- "regulatory_compliance": 4.1
18
  },
19
  "details": {
20
  "license_validation": {
@@ -23,9 +23,10 @@
23
  "issues": "None"
24
  },
25
  "security_assessment": {
26
- "known_vulnerabilities": 2,
27
  "patch_responsiveness": "High",
28
- "last_security_review": "2025-04-05"
 
29
  },
30
  "maintenance_health": {
31
  "active_contributors": 156,
@@ -33,9 +34,9 @@
33
  "issue_response_time": "3.2 days"
34
  },
35
  "dependency_management": {
36
- "vulnerable_dependencies": 1,
37
- "dependency_freshness": "Good",
38
- "supply_chain_security": "Good"
39
  },
40
  "regulatory_compliance": {
41
  "documentation_quality": "Medium",
 
4
  "version": "v2.1.0",
5
  "language": "Python",
6
  "framework": "Machine Learning",
7
+ "completed_time": "2024-06-10T12:00:00Z",
8
+ "last_updated": "2024-06-10T12:00:00Z",
9
  "active_maintenance": true,
10
  "independently_verified": true,
11
+ "report_url": "https://github.com/LibVulnWatch/reports/raw/main/pytorch_pytorch.html",
12
  "scores": {
13
+ "license_validation": 0.0,
14
+ "security_assessment": 8.0,
15
+ "maintenance_health": 4.0,
16
+ "dependency_management": 8.0,
17
+ "regulatory_compliance": 4.0
18
  },
19
  "details": {
20
  "license_validation": {
 
23
  "issues": "None"
24
  },
25
  "security_assessment": {
26
+ "known_vulnerabilities": 3,
27
  "patch_responsiveness": "High",
28
+ "last_security_review": "2024-05-10",
29
+ "critical_issue": "CVE-2023-43654 (RCE in model deserialization)"
30
  },
31
  "maintenance_health": {
32
  "active_contributors": 156,
 
34
  "issue_response_time": "3.2 days"
35
  },
36
  "dependency_management": {
37
+ "vulnerable_dependencies": 4,
38
+ "dependency_freshness": "Medium",
39
+ "supply_chain_security": "Missing SBOM"
40
  },
41
  "regulatory_compliance": {
42
  "documentation_quality": "Medium",
assessment-results/tensorflow_tensorflow.json ADDED
@@ -0,0 +1,47 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ {
2
+ "assessment": {
3
+ "library_name": "tensorflow/tensorflow",
4
+ "version": "v2.15.0",
5
+ "language": "Python",
6
+ "framework": "Machine Learning",
7
+ "completed_time": "2024-06-08T12:00:00Z",
8
+ "last_updated": "2024-06-08T12:00:00Z",
9
+ "active_maintenance": true,
10
+ "independently_verified": true,
11
+ "report_url": "https://github.com/LibVulnWatch/reports/raw/main/tensorflow_tensorflow.html",
12
+ "scores": {
13
+ "license_validation": 0.0,
14
+ "security_assessment": 8.0,
15
+ "maintenance_health": 4.0,
16
+ "dependency_management": 8.0,
17
+ "regulatory_compliance": 4.0
18
+ },
19
+ "details": {
20
+ "license_validation": {
21
+ "license_type": "Apache-2.0",
22
+ "compatibility": "High",
23
+ "issues": "None"
24
+ },
25
+ "security_assessment": {
26
+ "known_vulnerabilities": 5,
27
+ "patch_responsiveness": "High",
28
+ "last_security_review": "2024-03-20"
29
+ },
30
+ "maintenance_health": {
31
+ "active_contributors": 221,
32
+ "release_frequency": "Medium",
33
+ "issue_response_time": "4.5 days"
34
+ },
35
+ "dependency_management": {
36
+ "vulnerable_dependencies": 3,
37
+ "dependency_freshness": "Medium",
38
+ "supply_chain_security": "Missing SBOM"
39
+ },
40
+ "regulatory_compliance": {
41
+ "documentation_quality": "Medium",
42
+ "data_privacy_features": "Basic",
43
+ "audit_readiness": "Medium"
44
+ }
45
+ }
46
+ }
47
+ }