Docs

Trust model

How scores are produced and what they mean.

Nipcode returns two integers per recommendation: decision_score and trust_score. Both are 0-100. Both come from the same structured LLM ranking step over source-owned evidence.

Score bands

ScoreDecisionAgent behavior
75-100recommendedPresent with its install plan and approval boundary.
50-74usable_with_warningShow warnings clearly before user decides.
0-49unknown / avoidDo not execute by default.

A package can only be marked recommended: true when decision_score >= 70 AND risk_level != "high". Popularity alone never makes a package recommended.

Signals consumed

The ranking step sees source-owned metadata only:

  • license. SPDX identifier if declared
  • maintainers count and recent activity
  • release recency and version sanity
  • registry-native quality / download counts (ranking weight only)
  • repo link present and resolving
  • description (first 160 chars, truncated to avoid prompt injection)

Signals explicitly NOT consumed: README body content, model card text, MCP descriptions, anything caller-supplied about the package.

Trust flags

Hard signals that always populate the trust.flags array:

  • no_license_declared
  • no_maintainers_listed
  • low_quality_score (npm only, score < 0.2)
  • low_repo_stars (github only, < 5)
  • package_deprecated
  • latest_version_yanked
  • repository_archived
  • install_scripts_present
  • very_deep_dependency_tree (> 200 deps)
  • not_updated_in_2_years

Heuristic fallback

If the LLM ranker is unavailable (provider outage, configuration missing), Nipcode falls back to a heuristic ranker that maps the trust-flag count onto the same band system.

The fallback path is never marked recommended: true. The highest level it returns is review_caution. Agents that depend on Nipcode for safety should treat fallback responses as lower confidence.