An independent, evidence-based trust comparison of Evidently and Promptfoo, two Observability & Evaluation projects in the HVTracker registry. Scores come from public, checkable signals — supply-chain provenance, OSSF Scorecard, maintenance, and adoption — not popularity.
| Signal | Evidentlyevidentlyai/evidently | Promptfoopromptfoo/promptfoo |
|---|---|---|
| HVTrust score | 91.0 | 92.6 |
| Evidence grade | A | A |
| Overall rank | #29 | #25 |
| Rank in Observability & Evaluation | #3 | #1 |
| GitHub stars | 7.7k | 22.9k |
| Last updated | 63d ago | today |
| Build provenance | Yes | Yes |
| OSSF Scorecard | 3.5 / 10 | — |
| License | Apache-2.0 | MIT |
| Downloads | 296k/wk | 384k/wk |
| Trust dimensions (points earned) | ||
| Safety / integrity / 25 | 16.4 | 7.5 |
| Identity & provenance / 20 | 18.0 | 18.0 |
| Transparency / 17 | 11.5 | 8.5 |
| Maintenance / 20 | 7.8 | 20.0 |
| Adoption / 20 | 16.6 | 17.9 |
How to read this: HVTrust (0–100) weighs supply-chain signals (provenance, OSSF Scorecard, signed commits, open license) alongside real-world adoption, scaled by an evidence-confidence factor. Grade bands: A ≥ 80, B ≥ 65, C ≥ 50, D < 50. Signals refresh daily. Full methodology v4.0 →