The Bus Factor Weekly continuity risk in npm + PyPI
Snapshot: 2026-04-27 Methodology: v0.5.0

setuptools

PYPI · mapping confidence high (70 pts)

Watch
Risk 16.9
Importance 90.2
Fragility 18.8
Confidence medium

Fragility evidence

Release cadence decay

Contribution: 57.8 / 100

19 releases in the last 365 days vs 45 in the prior 365 days.

OpenSSF Scorecard

Contribution: 53.0 / 100

OpenSSF Scorecard aggregate score: 4.7 / 10.

Contributor concentration (last 365d)

Contribution: 42.8 / 100

Top contributor authored 55.7% of commits over the last 365 days (unique contributors: 20).

Contributor concentration (all-time)

Contribution: 22.6 / 100

Top contributor authored 43.6% of all-time commits (distinct contributors: 640).

Commit recency

Contribution: 0.0 / 100

14 days since last commit on default branch.

Release recency

Contribution: 0.0 / 100

49 days since latest release.

Issue responsiveness

Contribution: 0.0 / 100

Median first maintainer response: 2.7 days on 46 issues.

Repository mapping

Repository
https://github.com/pypa/setuptools
Registry
https://pypi.org/project/setuptools/
Confidence points
70 pts (high)
Rationale
  • registry_repo_url_resolves(+40)
  • deps_dev_source_repo_match(+20)
  • openssf_scorecard_present(+10)

Timeline

First release
2006-05-12
Latest release
2026-03-09
Last commit
2026-04-13
Archived
No
Deprecated
No