Trust scoring and maintainer-change alerts.
Roadmap item. Score every package version on maintainer continuity, release cadence, install-script presence, and download-pattern anomalies. Block when the score drops significantly versus the last approved version.
Executable docs ship with the install
The full reference for this topic — configuration files, code samples, CLI flags, API endpoints — ships inside every dpndncY installation so it always matches your installed version. This public-preview page lists what the in-product docs cover.
In the in-product docs
- Trust-score components (maintainer count, release cadence, install scripts, anomaly signals)
- Threshold tuning per ecosystem
- Cooldown windows for fresh versions
- Allowlist for legitimate major-version rewrites
- Reference incidents this rule type targets