Home/Learn-LangChain/Trust report

Trust and health report

Learn-LangChain - trust report

Sourced, dated trust signals - maintenance label posture, repository provenance, and security scan status. Not a composite safety grade.

GraphCanon updated today · GitHub synced today

Maintenance

Recency and activity heuristics from public GitHub metadata (maintenance label, momentum); methodology: github_public_v1.

Slowing36% signal

last push 226d ago

Provenance

Repository identity and fork provenance (github_public_v1).

  • GitHub repo id: 1103559077
  • Not a fork
  • Personal account
  • Computed today

Security scan

Dependency advisory security scan when a lockfile is present. Not a full code audit.

Status
16 low
Last scan
today
Scanner
osv@v1

Findings

GHSA-3644-q5cj-c5c7
langsmith@0.3.80 · package-lock.json
GHSA-fw9q-39r9-c252
langsmith@0.3.80 · package-lock.json
GHSA-rr7j-v2q5-chgv
langsmith@0.3.80 · package-lock.json
GHSA-v34v-rq6j-cj6p
langsmith@0.3.80 · package-lock.json
GHSA-r399-636x-v7f6
@langchain/core@1.0.6 · package-lock.json
GHSA-w5hq-g745-h8pq
uuid@9.0.1 · package-lock.json
GHSA-2qvq-rjwj-gvw9
handlebars@4.7.8 · package-lock.json
GHSA-2w6w-674q-4c4q
handlebars@4.7.8 · package-lock.json
GHSA-3mfm-83xf-c92r
handlebars@4.7.8 · package-lock.json
GHSA-442j-39wm-28r2
handlebars@4.7.8 · package-lock.json
GHSA-7rx3-28cr-v5wh
handlebars@4.7.8 · package-lock.json
GHSA-9cx6-37pm-9jff
handlebars@4.7.8 · package-lock.json
GHSA-xhpv-hc6g-r9c6
handlebars@4.7.8 · package-lock.json
GHSA-xjpj-3mr7-gcpf
handlebars@4.7.8 · package-lock.json
GHSA-h67p-54hq-rp68
js-yaml@4.1.1 · package-lock.json
GHSA-48c2-rrv3-qjmp
yaml@2.8.1 · package-lock.json

Method and caveats:these are sourced, dated heuristics from public GitHub data and optional dependency scans. A status like "no criticals found on 2026-07-11" is not a guarantee of safety. Read the full trust methodology · JSON report at /api/graphcanon/tools/iparesh18-learn-langchain/trust.

Common questions

Is Learn-LangChain maintained?
GraphCanon rates Learn-LangChain "Slowing" (36% maintenance signal from public GitHub metadata, computed today). Last push was 226 days ago. This is a recency heuristic, not a guarantee the project will stay maintained.
Is Learn-LangChain safe to use?
Last scanned today (deps profile). Status: 16 low - 16 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report. GraphCanon does not certify Learn-LangChain as safe - review maintenance, provenance, and scan findings on this page before adopting.
Is Learn-LangChain a fork?
No. Learn-LangChain is not flagged as a fork in GitHub metadata at the time of the last refresh.
Does Learn-LangChain have known security vulnerabilities?
Last scanned today (deps profile). Status: 16 low - 16 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report.
How often is the Learn-LangChain trust report updated?
Trust signals refresh on GitHub ingest/refresh cycles and optional dependency/MCP scans. This report was computed today (methodology github_public_v1).
What does GraphCanon never claim about Learn-LangChain?
We never publish a composite safety grade, pen-test endorsement, or "verified secure" label for Learn-LangChain. Signals are sourced heuristics with explicit limits - see trust methodology.
How does GraphCanon assess trust for Learn-LangChain?
Signals are sourced from public GitHub metadata and optional dependency/MCP manifest scans, each tagged with methodology version and computed date. GraphCanon does not publish a composite safety grade. Read trust methodology for full scope and limits.