Home/juicefs/Trust report

Trust and health report

juicefs - trust report

Sourced, dated trust signals - maintenance label posture, repository provenance, and security scan status. Not a composite safety grade.

GraphCanon updated today · GitHub synced today

Maintenance

Recency and activity heuristics from public GitHub metadata (maintenance label, momentum); methodology: github_public_v1.

Very active96% signal

last push 0d ago · last release 5d · 4 releases (90d)

Provenance

Repository identity and fork provenance (github_public_v1).

Security scan

Dependency advisory security scan when a lockfile is present. Not a full code audit.

Status
33 low
Last scan
today
Scanner
osv@v1

Findings

GHSA-fw7p-63qq-7hpr
filippo.io/edwards25519@v1.1.0 · go.sum
GO-2026-4503
filippo.io/edwards25519@v1.1.0 · go.sum
GHSA-pjcq-xvwq-hhpj
github.com/Azure/go-ntlmssp@v0.0.0-20200615164410-66371956d46c · go.sum
GHSA-2wpx-qpw2-g5h5
github.com/coredns/coredns@v1.4.0 · go.sum
GHSA-527x-5wrf-22m2
github.com/coredns/coredns@v1.4.0 · go.sum
GHSA-63cw-r7xf-jmwr
github.com/coredns/coredns@v1.4.0 · go.sum
GHSA-93mf-426m-g6x9
github.com/coredns/coredns@v1.4.0 · go.sum
GHSA-c9v3-4pv7-87pr
github.com/coredns/coredns@v1.4.0 · go.sum
GHSA-ch7v-37xg-75ph
github.com/coredns/coredns@v1.4.0 · go.sum
GHSA-cvx7-x8pj-x2gw
github.com/coredns/coredns@v1.4.0 · go.sum
GHSA-gv9j-4w24-q7vx
github.com/coredns/coredns@v1.4.0 · go.sum
GHSA-h75p-j8xm-m278
github.com/coredns/coredns@v1.4.0 · go.sum
GHSA-h828-v5pv-33qx
github.com/coredns/coredns@v1.4.0 · go.sum
GHSA-h8mm-c463-wjq3
github.com/coredns/coredns@v1.4.0 · go.sum
GHSA-h92q-fgpp-qhrq
github.com/coredns/coredns@v1.4.0 · go.sum
GHSA-hfmw-7g3m-gj6q
github.com/coredns/coredns@v1.4.0 · go.sum
GHSA-m9w6-wp3h-vq8g
github.com/coredns/coredns@v1.4.0 · go.sum
GHSA-qhmp-q7xh-99rh
github.com/coredns/coredns@v1.4.0 · go.sum
GHSA-vp29-5652-4fw9
github.com/coredns/coredns@v1.4.0 · go.sum
GO-2022-0368
github.com/coredns/coredns@v1.4.0 · go.sum
GO-2024-2785
github.com/coredns/coredns@v1.4.0 · go.sum
GO-2024-3130
github.com/coredns/coredns@v1.4.0 · go.sum
GO-2024-3134
github.com/coredns/coredns@v1.4.0 · go.sum
GO-2025-3743
github.com/coredns/coredns@v1.4.0 · go.sum
GO-2025-3942
github.com/coredns/coredns@v1.4.0 · go.sum
GO-2026-4289
github.com/coredns/coredns@v1.4.0 · go.sum
GO-2026-4630
github.com/coredns/coredns@v1.4.0 · go.sum
GO-2026-4635
github.com/coredns/coredns@v1.4.0 · go.sum
GO-2026-4969
github.com/coredns/coredns@v1.4.0 · go.sum
GO-2026-5164
github.com/coredns/coredns@v1.4.0 · go.sum
GO-2026-5417
github.com/coredns/coredns@v1.4.0 · go.sum
GO-2026-5583
github.com/coredns/coredns@v1.4.0 · go.sum
GO-2026-5667
github.com/coredns/coredns@v1.4.0 · go.sum

Method and caveats:these are sourced, dated heuristics from public GitHub data and optional dependency scans. A status like "no criticals found on 2026-07-11" is not a guarantee of safety. Read the full trust methodology · JSON report at /api/graphcanon/tools/juicedata-juicefs/trust.

Common questions

Is juicefs maintained?
GraphCanon rates juicefs "Very active" (96% maintenance signal from public GitHub metadata, computed today). Last push was 0 days ago. 4 GitHub releases in the last 90 days. This is a recency heuristic, not a guarantee the project will stay maintained.
Is juicefs safe to use?
Last scanned today (deps profile). Status: 33 low - 33 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report. GraphCanon does not certify juicefs as safe - review maintenance, provenance, and scan findings on this page before adopting.
Is juicefs a fork?
No. juicefs is not flagged as a fork in GitHub metadata at the time of the last refresh.
Does juicefs have known security vulnerabilities?
Last scanned today (deps profile). Status: 33 low - 33 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report.
How often is the juicefs trust report updated?
Trust signals refresh on GitHub ingest/refresh cycles and optional dependency/MCP scans. This report was computed today (methodology github_public_v1).
What does GraphCanon never claim about juicefs?
We never publish a composite safety grade, pen-test endorsement, or "verified secure" label for juicefs. Signals are sourced heuristics with explicit limits - see trust methodology.
How does GraphCanon assess trust for juicefs?
Signals are sourced from public GitHub metadata and optional dependency/MCP manifest scans, each tagged with methodology version and computed date. GraphCanon does not publish a composite safety grade. Read trust methodology for full scope and limits.