Methodology

ax-registry shows three data layers as distinct bands. They are never blended into one opaque score.

Static signals

Computed from public sources only — npm packument and weekly downloads, GitHub repo metadata (stars, presence of a SECURITY.md), the MCP registry, declared manifest, version history, license. Anyone can re-verify every value from the same public sources. Exists day one for every public server, with zero contributors.

Author-declared

Context added by a verified author after claiming the page: safer-mode flags, intended scopes, recommended config. A claim proves npm or GitHub ownership. This band is the author’s stated intent — not a verdict.

Community-observed

Opt-in, anonymized signal from people who ran ax-ray and chose to share. No aggregate is ever shown below the k-anonymity floor (k = 5 to start), so an aggregate can’t deanonymize a contributor. Opens in v2.

Trust language

We say observed, attested by N signals, and listed. We never say verified, safe, or trusted. A page states what was seen, re-checkable by anyone — not a verdict on the publisher.