Criticality Score

A project's criticality score defines the influence and importance of a project. It is a number between 0 (least-critical) and 1 (most-critical).

It is based on the following algorithm by Rob Pike:

CProject=1iaiiailog(1+Si)log(1+max(Si,Ti))C_{\textrm{Project}} = \frac{1}{\sum_{i}{a_i}} \sum_{i}{a_i} \frac{\log(1+S_i)}{\log(1+\max(S_i, T_i))}

Take a look at the criticality score for the package @angular/service-worker.

Criticality Score

Parameters
Parameter (Si)Weight (αi)Max Threshold (Ti)DescriptionReasoning
Created Since1120Time since the project was created (in months).Older project has higher chance of being widely used or being dependent upon.
Updated Since-1120Time since the project was last updated (in months).Unmaintained projects with no recent commits have higher chance of being less relied upon.
Contributor Count25000Count of project contributors (with commits).Different contributors involvement indicates project's importance.
Org Count110Count of distinct organizations that contributors belong to.Indicates cross-organization dependency.
Commit Frequency11000Average number of commits per week in the last year.Higher code churn has slight indication of project's importance. Also, higher susceptibility to vulnerabilities.
Recent Releases Count0.526Number of releases in the last year.Frequent releases indicates user dependency. Lower weight since this is not always used.
Closed Issues Count0.55000Number of issues closed in the last 90 days.Indicates high contributor involvement and focus on closing user issues. Lower weight since it is dependent on project contributors.
Updated Issues Count0.55000Number of issues updated in the last 90 days.Indicates high contributor involvement. Lower weight since it is dependent on project contributors.
Comment Frequency115Average number of comments per issue in the last 90 days.Indicates high user activity and dependence.
Dependents Count2500000Number of project mentions in the commit messagesIndicates repository use, usually in version rolls. This parameter works across all languages, including C/C++ that don't have package dependency graphs (though hack-ish). Plan to add package dependency trees in the near future.