Hono is one of the hottest web frameworks in the JavaScript ecosystem right now. If you're building on Cloudflare Workers, Bun, or Deno — you've probably used it. 35 million weekly downloads. A GitHub star count in the tens of thousands. Fast, lightweight, TypeScript-first. And a single npm publisher. I ran hono through proof-of-commitment , a supply chain risk scorer that evaluates npm packages on behavioral signals — the kind of structural data that npm audit doesn't check. The result: CRITICAL. npx proof-of-commitment hono Enter fullscreen mode Exit fullscreen mode Package Risk Score Publishers Downloads Age ───────────────────────────────────────────────────────────── hono 🔴 CRITICAL 82 1 35.1M/wk 4.3y └ longevity=20 momentum=25 releases=20 publishers=4 github=13 Enter fullscreen mode Exit fullscreen mode Score of 82 out of 100. One npm publisher. 35 million weekly downloads. What CRITICAL means CRITICAL = sole publisher + >10M weekly downloads.…