The Bus Factor Weekly continuity risk in npm + PyPI
Snapshot: 2026-04-20 Methodology: v0.5.0

setuptools

PYPI · mapping confidence high (70 pts)

Watch
Risk 16.2
Importance 90.2
Fragility 18.0
Confidence medium

Fragility evidence

OpenSSF Scorecard

Contribution: 53.0 / 100

OpenSSF Scorecard aggregate score: 4.7 / 10.

Release cadence decay

Contribution: 51.2 / 100

21 releases in the last 365 days vs 43 in the prior 365 days.

Contributor concentration (last 365d)

Contribution: 45.5 / 100

Top contributor authored 57.3% of commits over the last 365 days (unique contributors: 21).

Contributor concentration (all-time)

Contribution: 22.6 / 100

Top contributor authored 43.6% of all-time commits (distinct contributors: 640).

Release recency

Contribution: 0.0 / 100

42 days since latest release.

Commit recency

Contribution: 0.0 / 100

7 days since last commit on default branch.

Issue responsiveness

Contribution: 0.0 / 100

Median first maintainer response: 2.7 days on 48 issues.

Repository mapping

Repository
https://github.com/pypa/setuptools
Registry
https://pypi.org/project/setuptools/
Confidence points
70 pts (high)
Rationale
  • registry_repo_url_resolves(+40)
  • deps_dev_source_repo_match(+20)
  • openssf_scorecard_present(+10)

Timeline

First release
2006-05-12
Latest release
2026-03-09
Last commit
2026-04-13
Archived
No
Deprecated
No