@greenarmor/ges-scoring-engine
Advanced tools
Compliance scoring across frameworks for the Green Engineering Standard Framework (GESF).
Calculates per-framework and overall compliance scores based on evaluated controls. Produces structured score files for display and reporting.
npm install @greenarmor/ges-scoring-engine
| Function | Description |
|---|---|
scoreControls(controls) | Calculate a 0–100 score from evaluated controls |
scoreByFramework(controls, frameworks) | Score controls grouped by framework |
computeOverallScore(frameworkScores) | Weighted overall compliance score |
generateScoreFile(controls, frameworks) | Generate a complete ScoreFile structure |
formatScoreOutput(score) | Format score file as a human-readable string |
import { generateScoreFile, formatScoreOutput } from '@greenarmor/ges-scoring-engine';
import { createGDPRControls } from '@greenarmor/ges-compliance-engine';
const controls = createGDPRControls();
const score = generateScoreFile(controls, ['GDPR', 'OWASP', 'NIST', 'CIS']);
console.log(formatScoreOutput(score));
// GDPR ............. 94%
// OWASP ............ 91%
// NIST ............. 89%
// CIS .............. 92%
// Overall .......... 92%
Scores are stored in .ges/score.json and include:
@greenarmor/ges-core — Types and constants@greenarmor/ges-compliance-engine — Control evaluation@greenarmor/ges-report-generator — Report generation from scoresMIT
FAQs
GESF Scoring Engine - Compliance scoring across frameworks
We found that @greenarmor/ges-scoring-engine demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket MCP now lets AI assistants review org alerts, investigate threats using the Socket threat feed, and inspect package files in addition to dependency scoring.
Product
Socket Firewall blocks malicious VS Code and Open VSX extensions before install, protecting developers from compromised editor marketplaces.
Research
More than 140 Mastra npm packages were compromised in a supply chain attack that used a typosquatted dependency to deliver a cross-platform infostealer during installation.