Edit, january 2020: NPM does not show “Powered by npms.io” anymore. I don’t know if this is still accurate.
Original answer
npm shows these graphs in search results, but they do not calculate these values themselves. If you look below the search results, you’ll see “Powered by npms.io“.
According to this service, they don’t inspect the code, but use the following metrics to measure code quality:
- Has README? Has license? Has
.gitignoreand friends? - Is the version stable (
> 1.x.x)? Is it deprecated? - Has tests? What’s their coverage %? Is the build passing?
- Has outdated dependencies? Do they have vulnerabilities?
- Has custom website? Has badges?
- Are there linters configured?
Source: https://npms.io/about