Skip to content

build(deps-dev): bump the dev-dependencies group across 1 directory with 7 updates#168

Merged
san360 merged 1 commit into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-502137cf10
Jul 3, 2026
Merged

build(deps-dev): bump the dev-dependencies group across 1 directory with 7 updates#168
san360 merged 1 commit into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-502137cf10

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the dev-dependencies group with 7 updates in the / directory:

Package From To
@playwright/test 1.61.0 1.61.1
@types/node 26.0.0 26.0.1
eslint 10.5.0 10.6.0
eslint-plugin-import-x 4.16.2 4.17.1
knip 6.17.1 6.23.0
lint-staged 17.0.7 17.0.8
typescript-eslint 8.61.1 8.62.1

Updates @playwright/test from 1.61.0 to 1.61.1

Release notes

Sourced from @​playwright/test's releases.

v1.61.1

Bug Fixes

  • #41365 [Bug]: Expect.Extend matcher with same name as default matcher in same expect instance overrides default matchers implementation to custom matcher
  • #41351 [Bug]: Playwright UI mode: apiRequestContext._wrapApiCall reports unexpected number of bytes (same test passes in headed mode)
  • #41360 [Bug]: Trace viewer: message times in websockets are downscaled by 1000
  • #41311 [Bug]: [Regression]: Sync loader throws "context.conditions?.includes is not a function" on Node 22.15
  • #41371 [Regression]: Sync ESM loader (registerHooks) fails to resolve extensionless .ts subpath imports across pnpm workspace symlinks
Commits
  • 39e3553 cherry-pick(#41399): fix(test): load require-reached files as commonjs in syn...
  • 4328122 chore: mark v1.61.1 (#41404)
  • 2c29a94 fix(tracing): stop recording websocket frames outside of chunks (#41398)
  • 4324b19 cherry-pick(#41367): fix(test): keep builtin expect matchers on base extend
  • 041e7e3 cherry-pick(#41364): fix(har): WebSocket message timestamps should be in mi...
  • b8a0fc3 cherry-pick(#41309, #43149): Revert "fix(firefox): treat `navigationCommitted...
  • b5a3175 cherry-pick(#41319): fix(loader): support other node versions
  • d4724a9 cherry-pick(#41290): feat(docker): add Ubuntu 26.04 (Resolute Raccoon) image
  • See full diff in compare view

Updates @types/node from 26.0.0 to 26.0.1

Commits

Updates eslint from 10.5.0 to 10.6.0

Release notes

Sourced from eslint's releases.

v10.6.0

Features

  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981) (Taejin Kim)
  • f291007 feat: add checkRelationalComparisons to no-constant-binary-expression (#20948) (sethamus)

Bug Fixes

  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#20997) (Milos Djermanovic)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#21013) (den$)
  • 8fd8741 fix: don't report shadowed undefined in radix rule (#21011) (Pixel)
  • 5784980 fix: don't report shadowed undefined in no-throw-literal (#21010) (Pixel)
  • 9cd1e6d fix: suppress invalid class suggestion in no-promise-executor-return (#21008) (Pixel)
  • d4eb2dc fix: don't report shadowed undefined in prefer-promise-reject-errors (#21006) (Pixel)
  • 2360464 fix: prefer-promise-reject-errors false positives for shadowed Promise (#21003) (den$)
  • 63d52d2 fix: restore max-classes-per-file report range (#21002) (Pixel)
  • 7feaff0 fix: callback detection logic for IIFEs in max-nested-callbacks (#20979) (fnx)
  • 399a2ec fix: don't report inner non-callbacks in max-nested-callbacks (#20995) (Milos Djermanovic)

Documentation

  • a83683d docs: Update README (GitHub Actions Bot)
  • f5449f9 docs: document userland patterns for global assertionOptions in RuleT… (#20986) (playgirl)
  • bea49f7 docs: Update README (GitHub Actions Bot)
  • e5f70f9 docs: update code-path diagrams (#20984) (Tanuj Kanti)
  • 8890c2d docs: add TypeScript config guidance for MCP server (#20796) (Pierluigi Lenoci)
  • 3eb3d9b docs: Update README (GitHub Actions Bot)
  • c5bb59c docs: Update README (GitHub Actions Bot)
  • eb3c97c docs: fix grammar in prefer-const rule description (#20983) (lumir)

Chores

  • 6a42034 ci: run ecosystem tests on main branch (#20891) (sethamus)
  • 3dbacdb ci: bump actions/checkout from 6 to 7 (#21014) (dependabot[bot])
  • c3abfca chore: correct JSDoc param types in html formatter (#21018) (Minseon Kim)
  • a832320 ci: split ecosystem tests into separate jobs (#21001) (xbinaryx)
  • 27166e7 chore: update ecosystem plugins (#21005) (ESLint Bot)
  • 865d76e ci: bump pnpm/action-setup from 6.0.8 to 6.0.9 (#20989) (dependabot[bot])
  • 27a88c9 chore: update dependency markdown-it to v14 in root (#20994) (Milos Djermanovic)
  • 970cea6 chore: update dependency markdown-it to v14 (#20993) (Milos Djermanovic)
  • b482120 chore: update dependency prettier to v3.8.4 (#20990) (renovate[bot])
  • 6993fb3 chore: update ecosystem plugins (#20985) (ESLint Bot)
Commits
  • 5d12a04 10.6.0
  • f7ca54b Build: changelog update for 10.6.0
  • 6a42034 ci: run ecosystem tests on main branch (#20891)
  • b1f9106 feat: detect Symbol() and BigInt() in no-constant-binary-expression (#20981)
  • 3dbacdb ci: bump actions/checkout from 6 to 7 (#21014)
  • c3abfca chore: correct JSDoc param types in html formatter (#21018)
  • a83683d docs: Update README
  • a832320 ci: split ecosystem tests into separate jobs (#21001)
  • 6b05784 fix: prefer-exponentiation-operator invalid autofix at statement start (#20997)
  • bb9eb2a fix: account for shadowed Boolean in no-extra-boolean-cast (#21013)
  • Additional commits viewable in compare view

Updates eslint-plugin-import-x from 4.16.2 to 4.17.1

Release notes

Sourced from eslint-plugin-import-x's releases.

v4.17.1

Patch Changes

  • #498 cf25a01 Thanks @​marcalexiei! - fix(extensions): don't require an extension for package subpaths that resolve to a .d.ts (e.g. vitest/config)

v4.17.0

Minor Changes

  • #474 4b2c0c5 Thanks @​regseb! - Support RegExp in the import-x/ignore setting and the ignore option of the no-unresolved rule.

Patch Changes

  • #494 1c84235 Thanks @​morgan-coded! - Fixed no-unresolved crashing when case-sensitive path checks encounter EACCES or EPERM on an ancestor directory.

  • #481 3e13121 Thanks @​B4nan! - fix: memoize legacyNodeResolve resolver to avoid native memory leak

  • #484 9a07009 Thanks @​sairus2k! - Make the extensions rule check Node.js subpath imports (specifiers starting with #, e.g. #utils/helper). Previously parsePath treated a leading # as a URL hash fragment, so the rule skipped extension validation for these imports.

    Note: single-segment subpath imports without a slash (e.g. #dep) are still skipped by the existing external-root-module classification; fixing that is deferred to avoid expanding scope.

  • #468 240ed58 Thanks @​silverwind! - Make extensions handle .d.ts correctly

  • #479 e3cc7e4 Thanks @​mrginglymus! - fix: strip querystrings and hash fragments when checking for file existence

  • #476 fce29b1 Thanks @​nbouvrette! - fix(deps): replace @​package-json/types with an inline minimal type

Changelog

Sourced from eslint-plugin-import-x's changelog.

4.17.1

Patch Changes

  • #498 cf25a01 Thanks @​marcalexiei! - fix(extensions): don't require an extension for package subpaths that resolve to a .d.ts (e.g. vitest/config)

4.17.0

Minor Changes

  • #474 4b2c0c5 Thanks @​regseb! - Support RegExp in the import-x/ignore setting and the ignore option of the no-unresolved rule.

Patch Changes

  • #494 1c84235 Thanks @​morgan-coded! - Fixed no-unresolved crashing when case-sensitive path checks encounter EACCES or EPERM on an ancestor directory.

  • #481 3e13121 Thanks @​B4nan! - fix: memoize legacyNodeResolve resolver to avoid native memory leak

  • #484 9a07009 Thanks @​sairus2k! - Make the extensions rule check Node.js subpath imports (specifiers starting with #, e.g. #utils/helper). Previously parsePath treated a leading # as a URL hash fragment, so the rule skipped extension validation for these imports.

    Note: single-segment subpath imports without a slash (e.g. #dep) are still skipped by the existing external-root-module classification; fixing that is deferred to avoid expanding scope.

  • #468 240ed58 Thanks @​silverwind! - Make extensions handle .d.ts correctly

  • #479 e3cc7e4 Thanks @​mrginglymus! - fix: strip querystrings and hash fragments when checking for file existence

  • #476 fce29b1 Thanks @​nbouvrette! - fix(deps): replace @​package-json/types with an inline minimal type

Commits
  • b767b8c chore: release eslint-plugin-import-x (#499)
  • cf25a01 fix(extensions): don't require extension for package subpaths resolving to .d...
  • b543300 docs: document the esmodule option for no-dynamic-require rule (#496)
  • 7578513 chore: release eslint-plugin-import-x (#472)
  • e3cc7e4 fix: strip querystrings and hash fragments when checking for file existence (...
  • 9a07009 fix: make extensions rule check Node.js subpath imports (#484)
  • 3e13121 fix: memoize legacyNodeResolve resolver to avoid native memory leak (#481)
  • fce29b1 fix(deps): replace @​package-json/types with an inline minimal type (#476)
  • 1c84235 fix: handle access errors during case checks (#494)
  • 96222bf chore: drop unused tmp (#487)
  • Additional commits viewable in compare view

Updates knip from 6.17.1 to 6.23.0

Release notes

Sourced from knip's releases.

Release 6.23.0

  • feat: add customCss to Starlight plugin (#1828) (f85d96f84a47f10c34df95a5246ee1ddefd95db5) - thanks @​trueberryless!
  • fix: enable vite and vitest plugins when vite-plus is found (#1830) (62e97538fca8dff3d152326b114ffc4b7241a0d2) - thanks @​ghostdevv!
  • feat: add support for @​astrojs/markdoc (#1829) (94e2863308947f19f5e759cc12666952c8f683d7) - thanks @​trueberryless!
  • Support nub (resolve #1831) (8a6050e6a92da81d4875f730f852fb7d9252a018)
  • Don't report optimizeDeps and dedupe deps as unlisted (resolve #1832) (849b5ac230e7a8c103b6e1b1e2ddb333d2da3ca0)

Release 6.22.0

  • Support XO v1+ (#1819) (1dffe368b5c336d190e358ab4c2e2240e3d50e26) - thanks @​patrik-csak!
  • feat: detect execaNode scripts in execa visitor (#1824) (5095ae1ccd0ceb083d4434e827443f03ba19a1ff) - thanks @​gwagjiug!
  • Skip optional peerDeps referenced only via a host (resolve #1823) (7759a9894f2ac1d9425cf682e1e3c400f0976080)
  • docs: update npmjs.com links to npmx.dev (#1826) (11fe8bd248c839c6eeb95b06c8204c25294e0adb) - thanks @​serhalp!
  • docs: fix semi-broken link to DEVELOPMENT.md in CONTRIBUTING.md (#1827) (a5302b2466be1294633b1f40e86ca81a00605293) - thanks @​serhalp!
  • feat: add support for Lunaria (#1825) (3e1b8212086dfae26fa7f368f245285ec82af14d) - thanks @​trueberryless!
  • Fix lint issues (76c92e2328a94257afead6ae497a747a9e2944ea)

Release 6.21.0

  • Detect Vite config dependencies (resolve #1721) (8754c43368112922c6f80d1f8d1d8ddb6cb29f25)
  • fix: Update timerifyMethods to include resolveFromAST (#1814) (3c8deac3b856def31c16372f85525bf867105132) - thanks @​gwagjiug!
  • Fix crash on null root export in package.json (resolve #1815) (9b8af2b343e1aacae46fedcb155252f56f9bae61)
  • Fix unresolved subpath imports with a colon prefix (resolve #1816) (f89db4192ff7ff6c873828ed19fe40d379566b49)
  • Detect Next.js entry files in subdirectory (resolve #1817) (f32c6ea215dde54a59af7b91fd8bdd2177cc2881)

Release 6.20.0

  • Add raw transfer opt-out (resolve #1813) (6f08c680ac4acd6edf0806ba3c1c5c8f7bca24cd)
  • Fix cached plugin config cycles (resolve #1811) (2bc2f2420ca71db1ae70846626c6152896d270ee)

Release 6.19.0

  • feat: support new optional sveltekit config pattern via vite config (#1810) (3fee8bf608e0862d7bcdd1377cfb859a9185f17d) - thanks @​fubits1!
  • Optimize hot path string scanning (e30cfe796423e3ecd9adff42291f3c4de6604d2b)
  • Update astro snapshot (71e71a71b888a1b8034d4438635e94831d62b330)

Release 6.18.0

  • Update dependencies (pin oxc-resolver) (7dda4eccc65c6d61ef2546442eb752b2a73edab9)
  • Resolve tsconfig paths for non-TS importers independent of oxc ownership (3b71565e72107d43cbd6d2ddec7ab2fbbf65c001)
  • Format (64865f8247b8956def52f1a387234562fbddd667)
  • Fix false positive for Vitest mocks (#1802) (ec93e2013deb53902b406463b30fa6386445f9c9) - thanks @​remcohaszing!
  • Mark npx-run binaries optional unless --no-install (resolve #1803) (203c31e1b2bd77eb9c94f82121f353fbf0671c67)
  • Ignore pnpm [WARN] lines in ecosystem snapshots (392835a39b9429a3d85d712025da4c6531b8ece6)
  • Update slonik snapshot (62d802bf8d53d7790f6322f481a290e09812cbcc)
  • Update Jest entry patterns for Jest 30 (#1808) (d2caeddf32ba99ca12e5c26e891b7974392f981a) - thanks @​gwagjiug!
  • Report stale workspaces configuration keys as configuration hints (#1807) (9083c16b3313fbebf5cb3cd11cadf45ac773bc3d) - thanks @​WooWan!

Release 6.17.2

  • Fix up jest plugin (63dbd653b6e1be08a36401f5f728b351ab69e81b)
  • Detect coverage provider from bare vitest --coverage flag (#1800) (dc11d9fc5458e6e1f734013eb82403eab07af2c1) - thanks @​WooWan!
  • Don't disable configuration hints in workspace-scoped runs (#1791) (8ce1ec8160a786dad90903e43c3ef646ffba9464) - thanks @​WooWan!
  • Detect react-email v6 packages from non-numeric version ranges (resolve #1798) (27a1caeb1bff6abcccd7140c7e92e4a57197ad47)
  • Discover workspaces included after a negated pattern (resolve #1797) (630e152f6f687d9404cc25ffa01f0d49737d9229)
Commits

Updates lint-staged from 17.0.7 to 17.0.8

Release notes

Sourced from lint-staged's releases.

v17.0.8

Patch Changes

  • #1809 179b437 - Fix lint-staged discarding the ongoing merge conflict status (.git/MERGE_HEAD) when using the --hide-unstaged or --hide-all options.

  • #1811 3d0b2c0 - Fix issues with Git commands that are successful but also emit warnings to stderr, by ignoring the stderr output completely when the process exits with code 0. This was the behavior when using nano-spawn and execa, but when switching to tinyexec in 16.3.0 both stdout and stderr were used as interleaved output.

Changelog

Sourced from lint-staged's changelog.

17.0.8

Patch Changes

  • #1809 179b437 - Fix lint-staged discarding the ongoing merge conflict status (.git/MERGE_HEAD) when using the --hide-unstaged or --hide-all options.

  • #1811 3d0b2c0 - Fix issues with Git commands that are successful but also emit warnings to stderr, by ignoring the stderr output completely when the process exits with code 0. This was the behavior when using nano-spawn and execa, but when switching to tinyexec in 16.3.0 both stdout and stderr were used as interleaved output.

Commits
  • 5f3b8f2 Merge pull request #1812 from lint-staged/changeset-release/main
  • 43a9b8d chore(changeset): release
  • 630e2f6 Merge pull request #1809 from lint-staged/restore-merge-status
  • 179b437 fix: restore Git merge status after creating backup stash
  • 6bae2e2 Merge pull request #1811 from lint-staged/exec-git-ignore-stderr
  • b82a830 ci: run npm audit omitting dev, including prod dependencies
  • 0b19b80 build(deps): update dependencies
  • 3d0b2c0 fix: ignore stderr when doing Git operations
  • See full diff in compare view

Updates typescript-eslint from 8.61.1 to 8.62.1

Release notes

Sourced from typescript-eslint's releases.

v8.62.1

8.62.1 (2026-06-29)

🩹 Fixes

  • eslint-plugin: [prefer-optional-chain] use suggestion instead of autofix for trailing binary operator (#12328)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] preserve boolean result in fixer for nullable true comparisons (#12365)
  • eslint-plugin: [no-unnecessary-type-assertion] parenthesize object literal at left edge of expression statement (#12443, #12418)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.62.0

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

🩹 Fixes

  • add "files" to rule-schema-to-typescript-types (#12441)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.62.1 (2026-06-29)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…ith 7 updates

Bumps the dev-dependencies group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@playwright/test](https://github.com/microsoft/playwright) | `1.61.0` | `1.61.1` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `26.0.0` | `26.0.1` |
| [eslint](https://github.com/eslint/eslint) | `10.5.0` | `10.6.0` |
| [eslint-plugin-import-x](https://github.com/un-ts/eslint-plugin-import-x) | `4.16.2` | `4.17.1` |
| [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip) | `6.17.1` | `6.23.0` |
| [lint-staged](https://github.com/lint-staged/lint-staged) | `17.0.7` | `17.0.8` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.61.1` | `8.62.1` |



Updates `@playwright/test` from 1.61.0 to 1.61.1
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.61.0...v1.61.1)

Updates `@types/node` from 26.0.0 to 26.0.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint` from 10.5.0 to 10.6.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.5.0...v10.6.0)

Updates `eslint-plugin-import-x` from 4.16.2 to 4.17.1
- [Release notes](https://github.com/un-ts/eslint-plugin-import-x/releases)
- [Changelog](https://github.com/un-ts/eslint-plugin-import-x/blob/master/CHANGELOG.md)
- [Commits](un-ts/eslint-plugin-import-x@v4.16.2...v4.17.1)

Updates `knip` from 6.17.1 to 6.23.0
- [Release notes](https://github.com/webpro-nl/knip/releases)
- [Commits](https://github.com/webpro-nl/knip/commits/knip@6.23.0/packages/knip)

Updates `lint-staged` from 17.0.7 to 17.0.8
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v17.0.7...v17.0.8)

Updates `typescript-eslint` from 8.61.1 to 8.62.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.1/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@playwright/test"
  dependency-version: 1.61.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: "@types/node"
  dependency-version: 26.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: eslint
  dependency-version: 10.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: eslint-plugin-import-x
  dependency-version: 4.17.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: knip
  dependency-version: 6.23.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: lint-staged
  dependency-version: 17.0.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: typescript-eslint
  dependency-version: 8.62.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 1, 2026
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@emnapi/core 1.11.1 🟢 3.4
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/30 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1026 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@emnapi/core 1.11.0 🟢 3.4
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/30 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1026 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@emnapi/runtime 1.11.1 🟢 3.4
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/30 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1026 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@emnapi/runtime 1.11.0 🟢 3.4
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/30 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1026 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@emnapi/wasi-threads 1.2.2 🟢 3.4
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/30 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1026 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@napi-rs/wasm-runtime 1.1.6 🟢 5.2
Details
CheckScoreReason
Security-Policy🟢 10security policy file detected
Code-Review⚠️ 2Found 4/20 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Fuzzing⚠️ 0project is not fuzzed
Packaging⚠️ -1packaging workflow not detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@oxc-parser/binding-android-arm-eabi 0.137.0 UnknownUnknown
npm/@oxc-parser/binding-android-arm64 0.137.0 UnknownUnknown
npm/@oxc-parser/binding-darwin-arm64 0.137.0 UnknownUnknown
npm/@oxc-parser/binding-darwin-x64 0.137.0 UnknownUnknown
npm/@oxc-parser/binding-freebsd-x64 0.137.0 UnknownUnknown
npm/@oxc-parser/binding-linux-arm-gnueabihf 0.137.0 UnknownUnknown
npm/@oxc-parser/binding-linux-arm-musleabihf 0.137.0 UnknownUnknown
npm/@oxc-parser/binding-linux-arm64-gnu 0.137.0 UnknownUnknown
npm/@oxc-parser/binding-linux-arm64-musl 0.137.0 UnknownUnknown
npm/@oxc-parser/binding-linux-ppc64-gnu 0.137.0 UnknownUnknown
npm/@oxc-parser/binding-linux-riscv64-gnu 0.137.0 UnknownUnknown
npm/@oxc-parser/binding-linux-riscv64-musl 0.137.0 UnknownUnknown
npm/@oxc-parser/binding-linux-s390x-gnu 0.137.0 UnknownUnknown
npm/@oxc-parser/binding-linux-x64-gnu 0.137.0 UnknownUnknown
npm/@oxc-parser/binding-linux-x64-musl 0.137.0 UnknownUnknown
npm/@oxc-parser/binding-openharmony-arm64 0.137.0 UnknownUnknown
npm/@oxc-parser/binding-wasm32-wasi 0.137.0 UnknownUnknown
npm/@oxc-parser/binding-win32-arm64-msvc 0.137.0 UnknownUnknown
npm/@oxc-parser/binding-win32-ia32-msvc 0.137.0 UnknownUnknown
npm/@oxc-parser/binding-win32-x64-msvc 0.137.0 UnknownUnknown
npm/@oxc-project/types 0.137.0 UnknownUnknown
npm/@oxc-resolver/binding-android-arm-eabi 11.21.3 UnknownUnknown
npm/@oxc-resolver/binding-android-arm64 11.21.3 UnknownUnknown
npm/@oxc-resolver/binding-darwin-arm64 11.21.3 UnknownUnknown
npm/@oxc-resolver/binding-darwin-x64 11.21.3 UnknownUnknown
npm/@oxc-resolver/binding-freebsd-x64 11.21.3 UnknownUnknown
npm/@oxc-resolver/binding-linux-arm-gnueabihf 11.21.3 UnknownUnknown
npm/@oxc-resolver/binding-linux-arm-musleabihf 11.21.3 UnknownUnknown
npm/@oxc-resolver/binding-linux-arm64-gnu 11.21.3 UnknownUnknown
npm/@oxc-resolver/binding-linux-arm64-musl 11.21.3 UnknownUnknown
npm/@oxc-resolver/binding-linux-ppc64-gnu 11.21.3 UnknownUnknown
npm/@oxc-resolver/binding-linux-riscv64-gnu 11.21.3 UnknownUnknown
npm/@oxc-resolver/binding-linux-riscv64-musl 11.21.3 UnknownUnknown
npm/@oxc-resolver/binding-linux-s390x-gnu 11.21.3 UnknownUnknown
npm/@oxc-resolver/binding-linux-x64-gnu 11.21.3 UnknownUnknown
npm/@oxc-resolver/binding-linux-x64-musl 11.21.3 UnknownUnknown
npm/@oxc-resolver/binding-openharmony-arm64 11.21.3 UnknownUnknown
npm/@oxc-resolver/binding-wasm32-wasi 11.21.3 UnknownUnknown
npm/@oxc-resolver/binding-win32-arm64-msvc 11.21.3 UnknownUnknown
npm/@oxc-resolver/binding-win32-x64-msvc 11.21.3 UnknownUnknown
npm/@playwright/test 1.61.1 🟢 6.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) out of 30 and 6 issue activity out of 30 found in the last 90 days -- score normalized to 10
Code-Review🟢 9GitHub code reviews found for 29 commits out of the last 30 -- score normalized to 9
CII-Best-Practices⚠️ 0no badge detected
Vulnerabilities🟢 10no vulnerabilities detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1no published package detected
Token-Permissions⚠️ 0non read-only tokens detected in GitHub workflows
Binary-Artifacts🟢 6binaries present in source code
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
npm/@tybys/wasm-util 0.10.3 UnknownUnknown
npm/@types/node 26.0.1 🟢 6.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 8Found 25/28 approved changesets -- score normalized to 8
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
npm/@typescript-eslint/eslint-plugin 8.62.1 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/parser 8.62.1 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/project-service 8.62.1 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/scope-manager 8.62.1 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/tsconfig-utils 8.62.1 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/type-utils 8.62.1 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/types 8.62.1 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/typescript-estree 8.62.1 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/utils 8.62.1 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/visitor-keys 8.62.1 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/brace-expansion 5.0.7 🟢 7.2
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1010 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 3Found 8/21 approved changesets -- score normalized to 3
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/eslint 10.6.0 🟢 6.6
Details
CheckScoreReason
Code-Review🟢 8Found 23/28 approved changesets -- score normalized to 8
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
npm/eslint-plugin-import-x 4.17.1 UnknownUnknown
npm/knip 6.23.0 UnknownUnknown
npm/lint-staged 17.0.8 UnknownUnknown
npm/oxc-parser 0.137.0 UnknownUnknown
npm/oxc-resolver 11.21.3 UnknownUnknown
npm/playwright 1.61.1 🟢 6.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) out of 30 and 6 issue activity out of 30 found in the last 90 days -- score normalized to 10
Code-Review🟢 9GitHub code reviews found for 29 commits out of the last 30 -- score normalized to 9
CII-Best-Practices⚠️ 0no badge detected
Vulnerabilities🟢 10no vulnerabilities detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1no published package detected
Token-Permissions⚠️ 0non read-only tokens detected in GitHub workflows
Binary-Artifacts🟢 6binaries present in source code
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
npm/playwright-core 1.61.1 🟢 6.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) out of 30 and 6 issue activity out of 30 found in the last 90 days -- score normalized to 10
Code-Review🟢 9GitHub code reviews found for 29 commits out of the last 30 -- score normalized to 9
CII-Best-Practices⚠️ 0no badge detected
Vulnerabilities🟢 10no vulnerabilities detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1no published package detected
Token-Permissions⚠️ 0non read-only tokens detected in GitHub workflows
Binary-Artifacts🟢 6binaries present in source code
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
npm/typescript-eslint 8.62.1 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 8Found 25/29 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • package-lock.json

@san360 san360 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dev dependency minor/patch bumps only, no breaking changes.

@san360 san360 merged commit c9bcad0 into main Jul 3, 2026
5 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/dev-dependencies-502137cf10 branch July 3, 2026 12:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant