How npmjs.com calculates the code quality

Question

When we publish a package to npm, it will show us some data such as popularity, quality, and maintenance in the search page (The example image is blow). I just wonder how npm calculates the quality? Really appreciate if someone can give some clue.

You can see this if you look on the search page. See the right side of search page: npm search for "react"

Answer 1

Edit, january 2020: NPM does not show "Powered by npms.io" anymore. I don't know if this is still accurate.

---

Original answer

npm shows these graphs in search results, but they do not calculate these values themselves. If you look below the search results, you'll see "Powered by npms.io".

According to this service, they don't inspect the code, but use the following metrics to measure code quality:

• Has README? Has license? Has .gitignore and friends?
• Is the version stable (> 1.x.x)? Is it deprecated?
• Has tests? What's their coverage %? Is the build passing?
• Has outdated dependencies? Do they have vulnerabilities?
• Has custom website? Has badges?
• Are there linters configured?

Source: https://npms.io/about