According to Nerq's independent analysis of manifest, this npm has a trust score of 74.0 out of 100, earning a B grade. With 0 stars on npm, it is recommended for production use. Security score: 90/100. Data sourced from 13+ independent signals including GitHub, NVD, OSV.dev, and OpenSSF Scorecard. Last updated: 2026-03-21. Machine-readable data (JSON).
Is Manifest safe?
YES — Manifest has a Nerq Trust Score of 74.0/100 (B). It meets Nerq's trust threshold with strong signals across security, maintenance, and community adoption. Recommended for production use — review the full report below for specific considerations.
Trust Score Breakdown
Security
90
Popularity
45
Key Findings
✓Security score: 90/100 (strong)
⚠Popularity: 45/100 — 0 stars on npm
Details
Author
brunobuddy
Category
npm
Stars
0
Source
N/A
Safety Guide: Manifest
What is Manifest?
Manifest is a Node.js package — LLM router and observability plugin for OpenClaw — smart model routing, real-time cost tracking, and telemetry for your AI agents.
How to Verify Safety
Run npm audit to check for vulnerabilities. Review the package's GitHub repository for recent commits.
You can also check the trust score via API: GET /v1/preflight?target=manifest
Key Safety Concerns for Node.js packages
When evaluating any Node.js package, watch for: dependency vulnerabilities, malicious packages, typosquatting.
Trust Assessment
Manifest has a Nerq Trust Score of 74/100 (B) and meets Nerq trust threshold.
This score is based on automated analysis of security, maintenance, community, and quality signals.
manifest has a Nerq Trust Score of 74.0/100, earning a B grade. Trusted — manifest demonstrates strong trust signals. It meets the threshold for Nerq Verified status, indicating solid security practices, active maintenance, and a healthy ecosystem presence. Its strongest signal is security (90/100). It is Nerq Verified, meaning it meets the 70+ trust threshold. Always review the full KYA report before using any tool in production.
What is manifest's trust score?
Nerq assigns manifest a trust score of 74.0 out of 100, with a grade of B. This score is computed from multiple dimensions including security, compliance, maintenance activity, documentation quality, and community adoption (0 stars). Scores are updated daily based on the latest publicly available signals.
Are there safer alternatives to manifest?
In the npm category, no higher-rated alternatives were found — this is among the top-rated agents. manifest scores 74.0/100. When choosing between agents, consider your specific requirements for security (90), maintenance activity (N/A), and documentation (N/A). Use Nerq's comparison tools or the KYA endpoint for detailed side-by-side analysis.
How often is Manifest's safety score updated?
Nerq continuously monitors Manifest and updates its trust score as new data becomes available. The system ingests signals from 13+ independent sources including GitHub, NVD (National Vulnerability Database), OSV.dev, OpenSSF Scorecard, and major package registries (npm, PyPI). When a new CVE is disclosed, a dependency is updated, or commit activity changes, the score adjusts automatically. For the most current score, query the Nerq API: GET nerq.ai/v1/preflight?target=manifest. The current assessment (74.0/100, B) was last verified on 2026-03-21.
Can I use Manifest in a regulated environment?
Yes — Manifest meets the Nerq Verified threshold (70+), indicating it has passed automated trust checks across security, compliance, and maintenance dimensions. Nerq assesses regulatory alignment across 52 jurisdictions including the EU AI Act, GDPR, CCPA, and sector-specific frameworks. For organizations in regulated industries (healthcare, finance, government), we recommend combining the Nerq Trust Score with your internal security review process, vendor risk assessment, and legal compliance check before deployment.
Disclaimer: Nerq trust scores are automated assessments based on publicly available signals. They are not endorsements or guarantees. Always conduct your own due diligence.