Hono is one of the hottest web frameworks in the JavaScript ecosystem right now. If you're building on Cloudflare Workers, Bun, or Deno — you've probably used it. 34 million weekly downloads. A GitHub star count in the tens of thousands. Fast, lightweight, TypeScript-first. And a single maintainer. I ran hono through proof-of-commitment , a supply chain risk scorer that evaluates npm packages on behavioral signals — the kind of structural data that npm audit doesn't check. The result: CRITICAL. npx proof-of-commitment hono Enter fullscreen mode Exit fullscreen mode Package Risk Score Maintainers Downloads Age ───────────────────────────────────────────────────────────── hono 🔴 CRITICAL 82 1 34.0M/wk 4.3y └ longevity=20 momentum=25 releases=20 maintainers=4 github=13 Enter fullscreen mode Exit fullscreen mode Score of 82 out of 100. One maintainer. 34 million weekly downloads every week. What CRITICAL means CRITICAL = sole maintainer + >10M weekly downloads.…