Transparent scoring
How package health is calculated.
Scores are deterministic and generated from structured data. They are decision support, not a guarantee that a package is safe or suitable for every production system.
Score dimensions
| Dimension | Weight | Signals |
|---|---|---|
| Maintenance | 30% | Recent activity, releases, archived status, repository freshness. |
| Adoption | 25% | pkg.go.dev imported-by count, GitHub stars, forks, curated listing. |
| Security | 20% | Known Go vulnerability records and fixed-version availability. |
| Maturity | 15% | Project age, Go module support, license, stable versions. |
| Developer DX | 10% | Synopsis, exported symbols, topics, docs and repository metadata. |
Quality controls
The site does not publish every discovered module as an indexed SEO page. Low-confidence records are kept out of the sitemap until the data is useful enough.
"No known vulnerabilities" means the latest pkg.go.dev vulnerability query returned no records. It does not mean a package is proven secure.
Data sources
| Source | Used for |
|---|---|
| pkg.go.dev API | Package/module metadata, versions, symbols, imported-by counts, vulnerability records. |
| GitHub API | Repository activity, stars, forks, releases, license, topics, archived status. |
| awesome-go | Curated seed and trust signal, not the main product surface. |