From 64153f53e01217beb14affc3ee536b684739c9f0 Mon Sep 17 00:00:00 2001
From: piiiico <pico@amdal.dev>
Date: Fri, 5 Jun 2026 13:19:26 +0000
Subject: [PATCH] Add proof-of-commitment behavioral supply chain risk scoring

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index d379b55..a00b637 100644
--- a/README.md
+++ b/README.md
@@ -147,6 +147,7 @@ Supply chain is often the target of attacks. Which libraries you use can have a
 | **kritis** | [https://github.com/grafeas/kritis](https://github.com/grafeas/kritis) | Solution for securing your software supply chain for Kubernetes apps |![Kritis](https://img.shields.io/github/stars/grafeas/kritis?style=for-the-badge)|
 | **ratify** | [https://github.com/deislabs/ratify](https://github.com/deislabs/ratify) | Artifact Ratification Framework |![ratify](https://img.shields.io/github/stars/deislabs/ratify?style=for-the-badge)|
 | **chain-bench** | [https://github.com/aquasecurity/chain-bench](https://github.com/aquasecurity/chain-bench) | Supply Chain Audit Tool |![chain-bench](https://img.shields.io/github/stars/aquasecurity/chain-bench?style=for-the-badge)| 
+| **proof-of-commitment** | [https://github.com/piiiico/proof-of-commitment](https://github.com/piiiico/proof-of-commitment) | Behavioral risk scoring for npm, PyPI, Rust, and Go packages — surfaces single-publisher risk, publisher churn, and install-time anomalies that vulnerability scanners miss |![proof-of-commitment](https://img.shields.io/github/stars/piiiico/proof-of-commitment?style=for-the-badge)| 
 
 
 ## SAST