Home/LLocalSearch/Trust report

Trust and health report

LLocalSearch - trust report

Sourced, dated trust signals - maintenance label posture, repository provenance, and security scan status. Not a composite safety grade.

GraphCanon updated today · GitHub synced today

Maintenance

Recency and activity heuristics from public GitHub metadata (maintenance label, momentum); methodology: github_public_v1.

Archived8% signal

last push 109d ago · last release 2y

Provenance

Repository identity and fork provenance (github_public_v1).

  • GitHub repo id: 776347356
  • Not a fork
  • Personal account
  • Computed today

Security scan

Dependency advisory security scan when a lockfile is present. Not a full code audit.

Status
15 low
Last scan
today
Scanner
osv@v1

Findings

GHSA-f886-m6hf-6m8v
brace-expansion@1.1.11 · package-lock.json
GHSA-v6h2-p8h4-qcjw
brace-expansion@1.1.11 · package-lock.json
GHSA-23c5-xmqv-rm74
minimatch@3.1.2 · package-lock.json
GHSA-3ppc-4f35-3m26
minimatch@3.1.2 · package-lock.json
GHSA-7r86-cg39-jmmj
minimatch@3.1.2 · package-lock.json
GHSA-2crg-3p73-43xp
@sveltejs/kit@2.5.4 · package-lock.json
GHSA-3f6h-2hrp-w5wx
@sveltejs/kit@2.5.4 · package-lock.json
GHSA-6q87-84jw-cjhp
@sveltejs/kit@2.5.4 · package-lock.json
GHSA-mh2x-fcqh-fmqv
@sveltejs/kit@2.5.4 · package-lock.json
GHSA-rjjv-87mx-6x3h
@sveltejs/kit@2.5.4 · package-lock.json
GHSA-2g4f-4pwh-qvx6
ajv@6.12.6 · package-lock.json
GHSA-qwcr-r2fm-qrc7
body-parser@1.20.2 · package-lock.json
GHSA-grv7-fg5c-xmjg
braces@3.0.2 · package-lock.json
GHSA-pxg6-pf52-xh8x
cookie@0.6.0 · package-lock.json
GHSA-3xgq-45jj-v275
cross-spawn@7.0.3 · package-lock.json

Method and caveats:these are sourced, dated heuristics from public GitHub data and optional dependency scans. A status like "no criticals found on 2026-07-11" is not a guarantee of safety. Read the full trust methodology · JSON report at /api/graphcanon/tools/nilsherzig-llocalsearch/trust.

Common questions

Is LLocalSearch maintained?
LLocalSearch is archived on GitHub. GraphCanon treats archived repositories as dormant regardless of past activity.
Is LLocalSearch safe to use?
Last scanned today (deps profile). Status: 15 low - 15 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report. GraphCanon does not certify LLocalSearch as safe - review maintenance, provenance, and scan findings on this page before adopting.
Is LLocalSearch a fork?
No. LLocalSearch is not flagged as a fork in GitHub metadata at the time of the last refresh.
Does LLocalSearch have known security vulnerabilities?
Last scanned today (deps profile). Status: 15 low - 15 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report.
How often is the LLocalSearch trust report updated?
Trust signals refresh on GitHub ingest/refresh cycles and optional dependency/MCP scans. This report was computed today (methodology github_public_v1).
What does GraphCanon never claim about LLocalSearch?
We never publish a composite safety grade, pen-test endorsement, or "verified secure" label for LLocalSearch. Signals are sourced heuristics with explicit limits - see trust methodology.
How does GraphCanon assess trust for LLocalSearch?
Signals are sourced from public GitHub metadata and optional dependency/MCP manifest scans, each tagged with methodology version and computed date. GraphCanon does not publish a composite safety grade. Read trust methodology for full scope and limits.