EOL Scoring System

EOL Component: A component is considered End of Life (EOL) when it is no longer maintained or officially deprecated, making it risky to rely on in production.

Close to EOL Component: A component is considered Close to EOL when warning signals (such as declining maintenance, lack of updates, or security issues) indicate that it may soon reach EOL.

EOL Proximity Scoring System

Risk Level	Score Range	Description
Definite EOL	100	Package has definitively reached End of Life - Immediate migration required
Derived EOL	60–100	Package appears to have reached End of Life based on patterns - Plan migration
Close to EOL	30–59	Package is approaching End of Life - Monitor closely

Categories that Influence the EOL Score

The EOL scoring framework evaluates multiple risk categories and assigns a EOL score.

Category	Description	Example Indicators
Deprecation Signals	Official deprecation notices, archived repositories, or metadata fields clearly indicate that the package is no longer maintained.	Archived GitHub repo, deprecated flag in package metadata
Security Risk	Unpatched high-severity vulnerabilities or the absence of a security response process signal that the package is unsafe to use.	Open CVEs in NVD/OSV, unaddressed security advisories
Maintenance Activity	A decline in commit frequency, long gaps between releases, or reliance on bot-driven maintenance reflects poor upkeep.	Last commit > 1 year ago, bot-driven dependency updates
Community Health	Unanswered issues and pull requests, inactive maintainers, or low contributor engagement highlight weak community support.	PRs open > 6 months, no maintainer responses
Adoption Trends	A sharp decline in downloads or ecosystem usage suggests that the package is losing adoption.	Drop in npm/PyPI downloads, fewer GitHub stars over time
Technology Relevance	Support limited to outdated runtimes, such as EOL versions of Python, Java, or Node.js, shows reduced long-term viability.	Works only on Python 2.7 or Java 7, no support for Node.js LTS