An independent, evidence-based trust comparison of MLflow and Promptfoo, two Observability & Evaluation projects in the HVTracker registry. Scores come from public, checkable signals — supply-chain provenance, OSSF Scorecard, maintenance, and adoption — not popularity.
| Signal | MLflowmlflow/mlflow | Promptfoopromptfoo/promptfoo |
|---|---|---|
| HVTrust score | 84.4 | 83.4 |
| Evidence grade | A | A |
| Overall rank | #28 | #31 |
| Rank in Observability & Evaluation | #2 | #3 |
| GitHub stars | 26.9k | 22.9k |
| Last updated | 1d ago | today |
| Build provenance | Yes | Yes |
| OSSF Scorecard | 5.5 / 10 | — |
| License | Apache-2.0 | MIT |
| Downloads | 8.8M/wk | 384k/wk |
| Trust dimensions (points earned) | ||
| Safety / integrity / 25 | 19.4 | 7.5 |
| Identity & provenance / 20 | 18.0 | 18.0 |
| Transparency / 17 | 13.2 | 8.5 |
| Maintenance / 20 | 19.9 | 20.0 |
| Adoption / 20 | 19.9 | 17.9 |
How to read this: HVTrust (0–100) weighs supply-chain signals (provenance, OSSF Scorecard, signed commits, open license) alongside real-world adoption, scaled by an evidence-confidence factor. Grade bands: A ≥ 80, B ≥ 65, C ≥ 50, D < 50. Signals refresh daily. Full methodology v4.0 →