chore(deps): bump @vitejs/plugin-react from 4.4.0 to 5.1.4 by dependabot[bot] · Pull Request #705 · deriv-com/p2p

dependabot · 2026-03-09T02:45:53Z

Bumps @vitejs/plugin-react from 4.4.0 to 5.1.4.

Release notes

Sourced from @vitejs/plugin-react's releases.

plugin-react@5.1.4

Fix canSkipBabel not accounting for babel.overrides (#1098)

When configuring babel.overrides without top-level plugins or presets, Babel was incorrectly skipped. The canSkipBabel function now checks for overrides.length to ensure override configurations are processed.

plugin-react@5.1.3

No release notes provided.

plugin-react@5.1.2

No release notes provided.

plugin-react@5.1.1

Update code to support newer rolldown-vite (#976)

rolldown-vite will remove optimizeDeps.rollupOptions in favor of optimizeDeps.rolldownOptions soon. This plugin now uses optimizeDeps.rolldownOptions to support newer rolldown-vite. Please update rolldown-vite to the latest version if you are using an older version.

plugin-react@5.1.0

Add @vitejs/plugin-react/preamble virtual module for SSR HMR (#890)

SSR applications can now initialize HMR runtime by importing @vitejs/plugin-react/preamble at the top of their client entry instead of manually calling transformIndexHtml. This simplifies SSR setup for applications that don't use the transformIndexHtml API.

Fix raw Rolldown support for Rolldown 1.0.0-beta.44+ (#930)

Rolldown 1.0.0-beta.44+ removed the top-level jsx option in favor of transform.jsx. This plugin now uses the transform.jsx option to support Rolldown 1.0.0-beta.44+.

plugin-react@5.0.4

Perf: use native refresh wrapper plugin in rolldown-vite (#881)

plugin-react@5.0.3

HMR did not work for components imported with queries with rolldown-vite (#872)

Perf: simplify refresh wrapper generation (#835)

plugin-react@5.0.2

Skip transform hook completely in rolldown-vite in dev if possible (#783)

plugin-react@5.0.1

Set optimizeDeps.rollupOptions.transform.jsx instead of optimizeDeps.rollupOptions.jsx for rolldown-vite (#735)

optimizeDeps.rollupOptions.jsx is going to be deprecated in favor of optimizeDeps.rollupOptions.transform.jsx.

Perf: skip babel-plugin-react-compiler if code has no "use memo" when { compilationMode: "annotation" } (#734)

Respect tsconfig jsxImportSource (#726)

Fix reactRefreshHost option on rolldown-vite (#716)

Fix RefreshRuntime being injected twice for class components on rolldown-vite (#708)

Skip babel-plugin-react-compiler on non client environment (689)

... (truncated)

Changelog

Sourced from @vitejs/plugin-react's changelog.

5.1.4 (2026-02-10)

Fix canSkipBabel not accounting for babel.overrides (#1098)

When configuring babel.overrides without top-level plugins or presets, Babel was incorrectly skipped. The canSkipBabel function now checks for overrides.length to ensure override configurations are processed.

5.1.3 (2026-02-02)

5.1.2 (2025-12-08)

5.1.1 (2025-11-12)

Update code to support newer rolldown-vite (#976)

rolldown-vite will remove optimizeDeps.rollupOptions in favor of optimizeDeps.rolldownOptions soon. This plugin now uses optimizeDeps.rolldownOptions to support newer rolldown-vite. Please update rolldown-vite to the latest version if you are using an older version.

5.1.0 (2025-10-24)

Add @vitejs/plugin-react/preamble virtual module for SSR HMR (#890)

SSR applications can now initialize HMR runtime by importing @vitejs/plugin-react/preamble at the top of their client entry instead of manually calling transformIndexHtml. This simplifies SSR setup for applications that don't use the transformIndexHtml API.

Fix raw Rolldown support for Rolldown 1.0.0-beta.44+ (#930)

Rolldown 1.0.0-beta.44+ removed the top-level jsx option in favor of transform.jsx. This plugin now uses the transform.jsx option to support Rolldown 1.0.0-beta.44+.

5.0.4 (2025-09-27)

Perf: use native refresh wrapper plugin in rolldown-vite (#881)

5.0.3 (2025-09-17)

HMR did not work for components imported with queries with rolldown-vite (#872)

Perf: simplify refresh wrapper generation (#835)

5.0.2 (2025-08-28)

Skip transform hook completely in rolldown-vite in dev if possible (#783)

5.0.1 (2025-08-19)

Set optimizeDeps.rollupOptions.transform.jsx instead of optimizeDeps.rollupOptions.jsx for rolldown-vite (#735)

optimizeDeps.rollupOptions.jsx is going to be deprecated in favor of optimizeDeps.rollupOptions.transform.jsx.

Perf: skip babel-plugin-react-compiler if code has no "use memo" when { compilationMode: "annotation" } (#734)

Respect tsconfig jsxImportSource (#726)

... (truncated)

Commits

f066114 release: plugin-react@5.1.4
e299dca fix(plugin-react): canSkipBabel not checking babel.overrides (#1098)
12ffadc fix(deps): update all non-major dependencies (#1103)
cf0cb8a release: plugin-react@5.1.3
99e480c fix(deps): update all non-major dependencies (#1090)
77f5e42 fix(deps): update react 19.2.4 (#1084)
e327da4 fix(deps): update all non-major dependencies (#1083)
3d3dbc2 chore: add metadata for vite-plugin-registry (#1078)
58dfb9d fix(deps): update all non-major dependencies (#1066)
fefad3d fix(deps): update all non-major dependencies (#1048)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @vitejs/plugin-react since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) from 4.4.0 to 5.1.4. - [Release notes](https://github.com/vitejs/vite-plugin-react/releases) - [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@5.1.4/packages/plugin-react) --- updated-dependencies: - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.4 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-03-09T02:46:01Z

Name	Result
Build status	Failed ❌
Action URL	Visit Action

github-actions · 2026-03-09T02:46:17Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
✅ 0 package(s) with unknown licenses.
⚠️ 6 packages with OpenSSF Scorecard issues.

See the Details below.

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/@babel/code-frame

7.29.0

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/compat-data

7.29.0

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/core

7.29.0

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/generator

7.29.1

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/helper-compilation-targets

7.28.6

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/helper-globals

7.28.0

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/helper-module-imports

7.28.6

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/helper-module-transforms

7.28.6

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/helper-plugin-utils

7.28.6

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/helper-string-parser

7.27.1

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/helper-validator-identifier

7.28.5

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/helper-validator-option

7.27.1

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/helpers

7.28.6

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/parser

7.29.0

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/plugin-transform-react-jsx-self

7.27.1

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/plugin-transform-react-jsx-source

7.27.1

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/template

7.28.6

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/traverse

7.29.0

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/types

7.29.0

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/babel-plugin

11.13.5

🟢 5.5

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Security-Policy	🟢 4	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/cache

11.14.0

🟢 5.5

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Security-Policy	🟢 4	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/hash

0.9.2

🟢 5.5

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Security-Policy	🟢 4	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/is-prop-valid

1.4.0

🟢 5.5

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Security-Policy	🟢 4	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/memoize

0.9.0

🟢 5.5

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Security-Policy	🟢 4	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/react

11.14.0

🟢 5.5

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Security-Policy	🟢 4	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/serialize

1.3.3

🟢 5.5

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Security-Policy	🟢 4	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/sheet

1.4.0

🟢 5.5

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Security-Policy	🟢 4	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/styled

11.14.1

🟢 5.5

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Security-Policy	🟢 4	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/unitless

0.10.0

🟢 5.5

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Security-Policy	🟢 4	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/use-insertion-effect-with-fallbacks

1.2.0

🟢 5.5

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Security-Policy	🟢 4	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/utils

1.4.2

🟢 5.5

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Security-Policy	🟢 4	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/weak-memoize

0.4.0

🟢 5.5

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Security-Policy	🟢 4	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@jridgewell/gen-mapping

0.3.13

Unknown

npm/@jridgewell/remapping

2.3.5

Unknown

npm/@jridgewell/source-map

0.3.11

Unknown

npm/@jridgewell/sourcemap-codec

1.5.5

Unknown

npm/@jridgewell/trace-mapping

0.3.31

Unknown

npm/@parcel/watcher

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-android-arm64

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-darwin-arm64

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-darwin-x64

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-freebsd-x64

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-linux-arm-glibc

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-linux-arm-musl

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-linux-arm64-glibc

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-linux-arm64-musl

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-linux-x64-glibc

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-linux-x64-musl

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-win32-arm64

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-win32-ia32

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-win32-x64

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@rolldown/pluginutils

1.0.0-rc.3

Unknown

npm/@types/parse-json

4.0.2

🟢 6.6

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed

npm/@vitejs/plugin-react

5.1.4

🟢 7.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/18 approved changesets -- score normalized to 2
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	🟢 7	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 7	dependency not pinned by hash detected -- score normalized to 7
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
SAST	🟢 8	SAST tool is not run on all commits -- score normalized to 8

npm/acorn

8.16.0

🟢 4.8

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 3	Found 10/29 approved changesets -- score normalized to 3
Maintained	🟢 8	7 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 8
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Security-Policy	⚠️ 0	security policy file not detected
License	⚠️ 0	license file not detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/babel-plugin-macros

3.1.0

🟢 3.5

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 7	Found 17/22 approved changesets -- score normalized to 7
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/buffer-from

1.1.2

⚠️ 2

Details

Check	Score	Reason
Pinned-Dependencies	⚠️ -1	no dependencies found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Binary-Artifacts	🟢 10	no binaries found in the repo
Code-Review	⚠️ 0	Found 1/18 approved changesets -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/call-bind

1.0.8

🟢 3.8

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	⚠️ 0	1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
SAST	⚠️ 0	no SAST tool detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected

npm/callsites

3.1.0

🟢 3.8

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Code-Review	🟢 3	Found 10/30 approved changesets -- score normalized to 3
Security-Policy	🟢 10	security policy file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/chokidar

4.0.3

🟢 4.1

Details

Check	Score	Reason
Maintained	⚠️ 0	1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	🟢 3	Found 9/25 approved changesets -- score normalized to 3
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/commander

2.20.3

🟢 7

Details

Check	Score	Reason
Maintained	🟢 10	7 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Code-Review	🟢 8	Found 8/9 approved changesets -- score normalized to 8
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 1	dependency not pinned by hash detected -- score normalized to 1
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 10	SAST tool is run on all commits

npm/convert-source-map

1.9.0

🟢 3.9

Details

Check	Score	Reason
Code-Review	🟢 4	Found 12/30 approved changesets -- score normalized to 4
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/cosmiconfig

7.1.0

🟢 5.4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 10	15 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/detect-libc

1.0.3

🟢 3.8

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts	🟢 8	binaries present in source code
Code-Review	⚠️ 2	Found 7/30 approved changesets -- score normalized to 2
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/error-ex

1.3.2

Unknown

npm/escape-string-regexp

4.0.0

🟢 3.7

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Code-Review	⚠️ 2	Found 6/30 approved changesets -- score normalized to 2
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/find-root

1.1.0

Unknown

npm/framer-motion

12.35.1

Unknown

npm/immutable

5.1.5

🟢 6.5

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 1/8 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
Fuzzing	🟢 10	project is fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/import-fresh

3.3.0

🟢 3.8

Details

Check	Score	Reason
Maintained	⚠️ 1	2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Code-Review	⚠️ 2	Found 7/30 approved changesets -- score normalized to 2
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/is-arrayish

0.2.1

Unknown

npm/is-core-module

2.16.1

🟢 3.8

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	no SAST tool detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md

npm/is-extglob

2.1.1

🟢 3

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
Pinned-Dependencies	⚠️ -1	no dependencies found
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
SAST	⚠️ 0	no SAST tool detected
Code-Review	⚠️ 0	Found 0/19 approved changesets -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Security-Policy	🟢 10	security policy file detected

npm/is-glob

4.0.3

🟢 3.6

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/26 approved changesets -- score normalized to 1
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/jiti

1.21.0

🟢 5.8

Details

Check	Score	Reason
Code-Review	🟢 3	Found 9/27 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 10	19 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 1	dependency not pinned by hash detected -- score normalized to 1
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/json-parse-even-better-errors

2.3.1

🟢 5.7

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	🟢 10	security policy file detected
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Maintained	⚠️ 1	2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	🟢 8	SAST tool detected but not run on all commits

npm/lines-and-columns

1.2.4

🟢 3.1

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/17 approved changesets -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	⚠️ -1	packaging workflow not detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/motion-dom

12.35.1

Unknown

npm/motion-utils

12.29.2

Unknown

npm/node-addon-api

7.1.1

🟢 8.6

Details

Check	Score	Reason
Maintained	🟢 7	5 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 7
Dependency-Update-Tool	🟢 10	update tool detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Code-Review	🟢 10	all changesets reviewed
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 7	dependency not pinned by hash detected -- score normalized to 7
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
Packaging	🟢 10	packaging workflow detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 9	SAST tool detected but not run on all commits
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
License	🟢 10	license file detected
CI-Tests	🟢 8	26 out of 30 merged PRs checked by a CI test -- score normalized to 8
Contributors	🟢 10	project has 48 contributing companies or organizations

npm/parent-module

1.0.1

🟢 3.6

Details

Check	Score	Reason
Security-Policy	🟢 10	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Code-Review	⚠️ 1	Found 4/26 approved changesets -- score normalized to 1
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/parse-json

5.2.0

🟢 4

Details

Check	Score	Reason
Code-Review	🟢 5	Found 15/30 approved changesets -- score normalized to 5
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/path-type

4.0.0

🟢 3.7

Details

Check	Score	Reason
Maintained	⚠️ 0	1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	⚠️ 2	Found 7/27 approved changesets -- score normalized to 2
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	🟢 10	security policy file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/react-refresh

0.18.0

🟢 6.4

Details

Check	Score	Reason
Code-Review	🟢 8	Found 26/30 approved changesets -- score normalized to 8
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	⚠️ 1	dependency not pinned by hash detected -- score normalized to 1
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/readdirp

4.1.2

🟢 3.4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 2/28 approved changesets -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Pinned-Dependencies	🟢 10	all dependencies are pinned
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/resolve-from

4.0.0

🟢 3.7

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 2	Found 7/30 approved changesets -- score normalized to 2
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/sass

1.86.3

🟢 4.3

Details

Check	Score	Reason
Code-Review	🟢 9	Found 17/18 approved changesets -- score normalized to 9
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 10	26 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Packaging	⚠️ -1	packaging workflow not detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/source-map

0.5.7

🟢 4.2

Details

Check	Score	Reason
Code-Review	🟢 8	Found 10/12 approved changesets -- score normalized to 8
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts	🟢 9	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Pinned-Dependencies	🟢 4	dependency not pinned by hash detected -- score normalized to 4
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed

npm/source-map

0.6.1

🟢 4.2

Details

Check	Score	Reason
Code-Review	🟢 8	Found 10/12 approved changesets -- score normalized to 8
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts	🟢 9	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Pinned-Dependencies	🟢 4	dependency not pinned by hash detected -- score normalized to 4
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed

npm/source-map-support

0.5.21

⚠️ 2.3

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/17 approved changesets -- score normalized to 2
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
Binary-Artifacts	🟢 10	no binaries found in the repo
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Pinned-Dependencies	⚠️ -1	no dependencies found
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/stylis

4.2.0

Unknown

npm/terser

5.46.0

🟢 5.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/29 approved changesets -- score normalized to 1
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 10	9 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/yaml

1.10.2

🟢 7.2

Details

Check	Score	Reason
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	⚠️ 0	Found 1/19 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 9	SAST tool detected but not run on all commits

npm/yaml

2.4.2

🟢 7.2

Details

Check	Score	Reason
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	⚠️ 0	Found 1/19 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 9	SAST tool detected but not run on all commits

npm/@ampproject/remapping

2.3.0

🟢 3.1

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/25 approved changesets -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	⚠️ 0	project is archived
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/code-frame

7.27.1

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/compat-data

7.26.8

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/core

7.26.10

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/generator

7.27.0

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/helper-compilation-targets

7.27.0

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/helper-module-imports

7.25.9

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/helper-module-transforms

7.26.0

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/helper-plugin-utils

7.26.5

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/helper-string-parser

7.25.9

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/helper-validator-identifier

7.27.1

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/helper-validator-option

7.25.9

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/helpers

7.27.0

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/parser

7.27.0

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/plugin-transform-react-jsx-self

7.25.9

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/plugin-transform-react-jsx-source

7.25.9

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/template

7.27.0

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/traverse

7.27.0

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@babel/types

7.27.0

🟢 7.2

Details

Check	Score	Reason
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@jridgewell/gen-mapping

0.3.5

⚠️ 2.8

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	⚠️ 0	Found 1/19 approved changesets -- score normalized to 0
Maintained	⚠️ 0	project is archived
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@jridgewell/set-array

1.2.1

⚠️ 2.8

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/21 approved changesets -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
SAST	⚠️ 0	no SAST tool detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches

npm/@jridgewell/sourcemap-codec

1.4.15

⚠️ 2.8

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	project is archived
Code-Review	⚠️ 0	Found 0/15 approved changesets -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@jridgewell/trace-mapping

0.3.25

⚠️ 2.8

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
Maintained	⚠️ 0	project is archived
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Security-Policy	⚠️ 0	security policy file not detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@vitejs/plugin-react

4.4.0

🟢 7.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/18 approved changesets -- score normalized to 2
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	🟢 7	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 7	dependency not pinned by hash detected -- score normalized to 7
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
SAST	🟢 8	SAST tool is not run on all commits -- score normalized to 8

npm/call-bind

1.0.7

🟢 3.8

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	⚠️ 0	1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
SAST	⚠️ 0	no SAST tool detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected

npm/is-core-module

2.13.1

🟢 3.8

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	no SAST tool detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md

npm/react-refresh

0.17.0

🟢 6.4

Details

Check	Score	Reason
Code-Review	🟢 8	Found 26/30 approved changesets -- score normalized to 8
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	⚠️ 1	dependency not pinned by hash detected -- score normalized to 1
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

Scanned Manifest Files

package-lock.json

@babel/code-frame@7.29.0
@babel/compat-data@7.29.0
@babel/core@7.29.0
@babel/eslint-parser@7.28.6
@babel/generator@7.29.1
@babel/helper-compilation-targets@7.28.6
@babel/helper-globals@7.28.0
@babel/helper-module-imports@7.28.6
@babel/helper-module-transforms@7.28.6
@babel/helper-plugin-utils@7.28.6
@babel/helper-string-parser@7.27.1
@babel/helper-validator-identifier@7.28.5
@babel/helper-validator-option@7.27.1
@babel/helpers@7.28.6
@babel/parser@7.29.0
@babel/plugin-transform-react-jsx-self@7.27.1
@babel/plugin-transform-react-jsx-source@7.27.1
@babel/template@7.28.6
@babel/traverse@7.29.0
@babel/types@7.29.0
@emnapi/core@1.8.1
@emnapi/runtime@1.8.1
@emnapi/wasi-threads@1.1.0
@emotion/babel-plugin@11.13.5
@emotion/cache@11.14.0
@emotion/hash@0.9.2
@emotion/is-prop-valid@1.4.0
@emotion/memoize@0.9.0
@emotion/react@11.14.0
@emotion/serialize@1.3.3
@emotion/sheet@1.4.0
@emotion/styled@11.14.1
@emotion/unitless@0.10.0
@emotion/use-insertion-effect-with-fallbacks@1.2.0
@emotion/utils@1.4.2
@emotion/weak-memoize@0.4.0
@jridgewell/gen-mapping@0.3.13
@jridgewell/remapping@2.3.5
@jridgewell/source-map@0.3.11
@jridgewell/sourcemap-codec@1.5.5
@jridgewell/trace-mapping@0.3.31
@napi-rs/wasm-runtime@0.2.12
@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-1
@nolyfill/is-core-module@1.0.39
@parcel/watcher@2.5.1
@parcel/watcher-android-arm64@2.5.1
@parcel/watcher-darwin-arm64@2.5.1
@parcel/watcher-darwin-x64@2.5.1
@parcel/watcher-freebsd-x64@2.5.1
@parcel/watcher-linux-arm-glibc@2.5.1
@parcel/watcher-linux-arm-musl@2.5.1
@parcel/watcher-linux-arm64-glibc@2.5.1
@parcel/watcher-linux-arm64-musl@2.5.1
@parcel/watcher-linux-x64-glibc@2.5.1
@parcel/watcher-linux-x64-musl@2.5.1
@parcel/watcher-win32-arm64@2.5.1
@parcel/watcher-win32-ia32@2.5.1
@parcel/watcher-win32-x64@2.5.1
@rolldown/pluginutils@1.0.0-rc.3
@rtsao/scc@1.1.0
@testing-library/dom@10.4.1
@tybys/wasm-util@0.10.1
@types/aria-query@5.0.4
@types/eslint@9.6.1
@types/eslint@7.29.0
@types/eslint@8.56.12
@types/eslint-scope@3.7.7
@types/json5@0.0.29
@types/parse-json@4.0.2
@unrs/resolver-binding-android-arm-eabi@1.11.1
@unrs/resolver-binding-android-arm64@1.11.1
@unrs/resolver-binding-darwin-arm64@1.11.1
@unrs/resolver-binding-darwin-x64@1.11.1
@unrs/resolver-binding-freebsd-x64@1.11.1
@unrs/resolver-binding-linux-arm-gnueabihf@1.11.1
@unrs/resolver-binding-linux-arm-musleabihf@1.11.1
@unrs/resolver-binding-linux-arm64-gnu@1.11.1
@unrs/resolver-binding-linux-arm64-musl@1.11.1
@unrs/resolver-binding-linux-ppc64-gnu@1.11.1
@unrs/resolver-binding-linux-riscv64-gnu@1.11.1
@unrs/resolver-binding-linux-riscv64-musl@1.11.1
@unrs/resolver-binding-linux-s390x-gnu@1.11.1
@unrs/resolver-binding-linux-x64-gnu@1.11.1
@unrs/resolver-binding-linux-x64-musl@1.11.1
@unrs/resolver-binding-wasm32-wasi@1.11.1
@unrs/resolver-binding-win32-arm64-msvc@1.11.1
@unrs/resolver-binding-win32-ia32-msvc@1.11.1
@unrs/resolver-binding-win32-x64-msvc@1.11.1
@vitejs/plugin-react@5.1.4
@webassemblyjs/ast@1.14.1
@webassemblyjs/floating-point-hex-parser@1.13.2
@webassemblyjs/helper-api-error@1.13.2
@webassemblyjs/helper-buffer@1.14.1
@webassemblyjs/helper-numbers@1.13.2
@webassemblyjs/helper-wasm-bytecode@1.13.2
@webassemblyjs/helper-wasm-section@1.14.1
@webassemblyjs/ieee754@1.13.2
@webassemblyjs/leb128@1.13.2
@webassemblyjs/utf8@1.13.2
@webassemblyjs/wasm-edit@1.14.1
@webassemblyjs/wasm-gen@1.14.1
@webassemblyjs/wasm-opt@1.14.1
@webassemblyjs/wasm-parser@1.14.1
@webassemblyjs/wast-printer@1.14.1
@xtuc/ieee754@1.2.0
@xtuc/long@4.2.2
acorn@8.16.0
acorn-import-phases@1.0.4
ajv-formats@2.1.1
ajv-keywords@5.1.0
array-buffer-byte-length@1.0.2
array-includes@3.1.9
array.prototype.findlast@1.2.5
array.prototype.findlastindex@1.2.6
array.prototype.flat@1.3.3
array.prototype.flatmap@1.3.3
array.prototype.tosorted@1.1.4
arraybuffer.prototype.slice@1.0.4
async-function@1.0.0
available-typed-arrays@1.0.7
babel-plugin-macros@3.1.0
buffer-from@1.1.2
call-bind@1.0.8
call-bound@1.0.4
callsites@3.1.0
chokidar@4.0.3
chrome-trace-event@1.0.4
commander@2.20.3
confusing-browser-globals@1.0.11
convert-source-map@1.9.0
cosmiconfig@7.1.0
data-view-buffer@1.0.2
data-view-byte-length@1.0.2
data-view-byte-offset@1.0.1
debug@3.2.7
define-properties@1.2.1
detect-libc@1.0.3
doctrine@2.1.0
dom-accessibility-api@0.5.16
enhanced-resolve@0.9.1
enhanced-resolve@5.20.0
error-ex@1.3.2
es-abstract@1.24.1
es-iterator-helpers@1.2.2
es-module-lexer@2.0.0
es-shim-unscopables@1.1.0
es-to-primitive@1.3.0
escape-string-regexp@4.0.0
eslint-config-airbnb-base@15.0.0
eslint-config-prettier@7.2.0
eslint-formatter-pretty@4.1.0
eslint-import-resolver-node@0.3.9
eslint-import-resolver-typescript@3.10.1
eslint-import-resolver-webpack@0.13.10
eslint-module-utils@2.12.1
eslint-plugin-deprecation@1.5.0
eslint-plugin-import@2.32.0
eslint-plugin-jest@27.9.0
eslint-plugin-jest-dom@5.5.0
eslint-plugin-jest-playwright@0.9.0
eslint-plugin-playwright@0.9.0
eslint-plugin-react@7.37.5
eslint-plugin-simple-import-sort@10.0.0
eslint-plugin-testing-library@6.5.0
eslint-rule-docs@1.1.235
eslint-visitor-keys@2.1.0
eslint-webpack-plugin@4.2.0
events@3.3.0
find-root@1.1.0
for-each@0.3.5
framer-motion@12.35.1
function.prototype.name@1.1.8
functions-have-names@1.2.3
generator-function@2.0.1
get-symbol-description@1.1.0
get-tsconfig@4.13.6
glob-to-regexp@0.4.1
globalthis@1.0.4
has-bigints@1.1.0
has-proto@1.2.0
immutable@5.1.5
import-fresh@3.3.0
internal-slot@1.1.0
interpret@1.4.0
irregular-plurals@3.5.0
is-array-buffer@3.0.5
is-arrayish@0.2.1
is-async-function@2.1.1
is-bigint@1.1.0
is-boolean-object@1.2.2
is-bun-module@2.0.0
is-callable@1.2.7
is-core-module@2.16.1
is-data-view@1.0.2
is-date-object@1.1.0
is-extglob@2.1.1
is-finalizationregistry@1.1.1
is-generator-function@1.1.2
is-glob@4.0.3
is-map@2.0.3
is-negative-zero@2.0.3
is-number-object@1.1.1
is-regex@1.2.1
is-set@2.0.3
is-shared-array-buffer@1.0.4
is-string@1.1.1
is-symbol@1.1.1
is-typed-array@1.1.15
is-weakmap@2.0.2
is-weakref@1.1.1
is-weakset@2.0.4
iterator.prototype@1.1.5
jest-worker@27.5.1
jiti@1.21.0
json-parse-even-better-errors@2.3.1
json5@1.0.2
jsx-ast-utils@3.3.5
lines-and-columns@1.2.4
loader-runner@4.3.1
lz-string@1.5.0
memory-fs@0.2.0
motion-dom@12.35.1
motion-utils@12.29.2
napi-postinstall@0.3.4
neo-async@2.6.2
node-addon-api@7.1.1
node-exports-info@1.6.0
object-inspect@1.13.4
object.assign@4.1.7
object.entries@1.1.9
object.fromentries@2.0.8
object.groupby@1.0.3
object.values@1.2.1
own-keys@1.0.1
parent-module@1.0.1
parse-json@5.2.0
path-type@4.0.0
plur@4.0.0
possible-typed-array-names@1.1.0
pretty-format@27.5.1
react-is@17.0.2
react-refresh@0.18.0
readdirp@4.1.2
reflect.getprototypeof@1.0.10
regexp.prototype.flags@1.5.4
requireindex@1.2.0
resolve@2.0.0-next.6
resolve-from@4.0.0
resolve-pkg-maps@1.0.0
safe-array-concat@1.1.3
safe-push-apply@1.0.0
safe-regex-test@1.1.0
sass@1.86.3
schema-utils@4.3.3
semver@7.7.4
set-function-name@2.0.2
set-proto@1.0.0
side-channel@1.1.0
side-channel-list@1.0.0
side-channel-map@1.0.1
side-channel-weakmap@1.0.2
source-map@0.5.7
source-map@0.6.1
source-map-support@0.5.21
stable-hash@0.0.5
stop-iteration-iterator@1.1.0
string.prototype.matchall@4.0.12
string.prototype.repeat@1.0.0
string.prototype.trim@1.2.10
string.prototype.trimend@1.0.9
string.prototype.trimstart@1.0.8
strip-bom@3.0.0
stylis@4.2.0
supports-color@8.1.1
supports-hyperlinks@2.3.0
tapable@0.1.10
tapable@2.3.0
terser@5.46.0
terser-webpack-plugin@5.3.17
tsconfig-paths@3.15.0
typed-array-buffer@1.0.3
typed-array-byte-length@1.0.3
typed-array-byte-offset@1.0.4
typed-array-length@1.0.7
unbox-primitive@1.1.0
unrs-resolver@1.11.1
watchpack@2.5.1
webpack@5.105.4
webpack-sources@3.3.4
which-boxed-primitive@1.1.1
which-builtin-type@1.2.1
which-collection@1.0.2
which-typed-array@1.1.20
yaml@1.10.2
yaml@2.4.2
@ampproject/remapping@2.3.0
@babel/code-frame@7.27.1
@babel/compat-data@7.26.8
@babel/core@7.26.10
@babel/generator@7.27.0
@babel/helper-compilation-targets@7.27.0
@babel/helper-module-imports@7.25.9
@babel/helper-module-transforms@7.26.0
@babel/helper-plugin-utils@7.26.5
@babel/helper-string-parser@7.25.9
@babel/helper-validator-identifier@7.27.1
@babel/helper-validator-option@7.25.9
@babel/helpers@7.27.0
@babel/parser@7.27.0
@babel/plugin-transform-react-jsx-self@7.25.9
@babel/plugin-transform-react-jsx-source@7.25.9
@babel/template@7.27.0
@babel/traverse@7.27.0
@babel/types@7.27.0
@jridgewell/gen-mapping@0.3.5
@jridgewell/set-array@1.2.1
@jridgewell/sourcemap-codec@1.4.15
@jridgewell/trace-mapping@0.3.25
@parcel/watcher@2.5.1
@parcel/watcher-android-arm64@2.5.1
@parcel/watcher-darwin-arm64@2.5.1
@parcel/watcher-darwin-x64@2.5.1
@parcel/watcher-freebsd-x64@2.5.1
@parcel/watcher-linux-arm-glibc@2.5.1
@parcel/watcher-linux-arm-musl@2.5.1
@parcel/watcher-linux-arm64-glibc@2.5.1
@parcel/watcher-linux-arm64-musl@2.5.1
@parcel/watcher-linux-x64-glibc@2.5.1
@parcel/watcher-linux-x64-musl@2.5.1
@parcel/watcher-win32-arm64@2.5.1
@parcel/watcher-win32-ia32@2.5.1
@parcel/watcher-win32-x64@2.5.1
@types/parse-json@4.0.2
@vitejs/plugin-react@4.4.0
acorn@8.15.0
buffer-from@1.1.2
call-bind@1.0.7
callsites@3.1.0
chokidar@4.0.3
detect-libc@1.0.3
error-ex@1.3.2
escape-string-regexp@4.0.0
immutable@5.1.5
import-fresh@3.3.0
is-arrayish@0.2.1
is-core-module@2.13.1
is-extglob@2.1.1
is-glob@4.0.3
jiti@1.21.0
json-parse-even-better-errors@2.3.1
lines-and-columns@1.2.4
node-addon-api@7.1.1
parent-module@1.0.1
parse-json@5.2.0
path-type@4.0.0
react-refresh@0.17.0
readdirp@4.1.2
resolve-from@4.0.0
sass@1.86.3
source-map@0.6.1
yaml@2.4.2

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 9, 2026

dependabot bot requested review from ameerul-deriv and farrah-deriv as code owners March 9, 2026 02:45

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump @vitejs/plugin-react from 4.4.0 to 5.1.4#705

chore(deps): bump @vitejs/plugin-react from 4.4.0 to 5.1.4#705
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/vitejs/plugin-react-5.1.4

dependabot bot commented on behalf of github Mar 9, 2026

Uh oh!

github-actions bot commented Mar 9, 2026

Uh oh!

github-actions bot commented Mar 9, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 9, 2026

plugin-react@5.1.4

Fix canSkipBabel not accounting for babel.overrides (#1098)

plugin-react@5.1.3

plugin-react@5.1.2

plugin-react@5.1.1

Update code to support newer rolldown-vite (#976)

plugin-react@5.1.0

Add @vitejs/plugin-react/preamble virtual module for SSR HMR (#890)

Fix raw Rolldown support for Rolldown 1.0.0-beta.44+ (#930)

plugin-react@5.0.4

Perf: use native refresh wrapper plugin in rolldown-vite (#881)

plugin-react@5.0.3

HMR did not work for components imported with queries with rolldown-vite (#872)

Perf: simplify refresh wrapper generation (#835)

plugin-react@5.0.2

Skip transform hook completely in rolldown-vite in dev if possible (#783)

plugin-react@5.0.1

Set optimizeDeps.rollupOptions.transform.jsx instead of optimizeDeps.rollupOptions.jsx for rolldown-vite (#735)

Perf: skip babel-plugin-react-compiler if code has no "use memo" when { compilationMode: "annotation" } (#734)

Respect tsconfig jsxImportSource (#726)

Fix reactRefreshHost option on rolldown-vite (#716)

Fix RefreshRuntime being injected twice for class components on rolldown-vite (#708)

Skip babel-plugin-react-compiler on non client environment (689)

5.1.4 (2026-02-10)

Fix canSkipBabel not accounting for babel.overrides (#1098)

5.1.3 (2026-02-02)

5.1.2 (2025-12-08)

5.1.1 (2025-11-12)

Update code to support newer rolldown-vite (#976)

5.1.0 (2025-10-24)

Add @vitejs/plugin-react/preamble virtual module for SSR HMR (#890)

Fix raw Rolldown support for Rolldown 1.0.0-beta.44+ (#930)

5.0.4 (2025-09-27)

Perf: use native refresh wrapper plugin in rolldown-vite (#881)

5.0.3 (2025-09-17)

HMR did not work for components imported with queries with rolldown-vite (#872)

Perf: simplify refresh wrapper generation (#835)

5.0.2 (2025-08-28)

Skip transform hook completely in rolldown-vite in dev if possible (#783)

5.0.1 (2025-08-19)

Set optimizeDeps.rollupOptions.transform.jsx instead of optimizeDeps.rollupOptions.jsx for rolldown-vite (#735)

Perf: skip babel-plugin-react-compiler if code has no "use memo" when { compilationMode: "annotation" } (#734)

Respect tsconfig jsxImportSource (#726)

Uh oh!

github-actions bot commented Mar 9, 2026

Uh oh!

github-actions bot commented Mar 9, 2026

Dependency Review

OpenSSF Scorecard

Scanned Manifest Files

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Fix `canSkipBabel` not accounting for `babel.overrides` (#1098)

Update code to support newer `rolldown-vite` (#976)

Add `@vitejs/plugin-react/preamble` virtual module for SSR HMR (#890)

Set `optimizeDeps.rollupOptions.transform.jsx` instead of `optimizeDeps.rollupOptions.jsx` for rolldown-vite (#735)

Perf: skip `babel-plugin-react-compiler` if code has no `"use memo"` when `{ compilationMode: "annotation" }` (#734)

Respect tsconfig `jsxImportSource` (#726)

Fix `reactRefreshHost` option on rolldown-vite (#716)

Fix `RefreshRuntime` being injected twice for class components on rolldown-vite (#708)

Skip `babel-plugin-react-compiler` on non client environment (689)

Fix `canSkipBabel` not accounting for `babel.overrides` (#1098)

Update code to support newer `rolldown-vite` (#976)

Add `@vitejs/plugin-react/preamble` virtual module for SSR HMR (#890)

Set `optimizeDeps.rollupOptions.transform.jsx` instead of `optimizeDeps.rollupOptions.jsx` for rolldown-vite (#735)

Perf: skip `babel-plugin-react-compiler` if code has no `"use memo"` when `{ compilationMode: "annotation" }` (#734)

Respect tsconfig `jsxImportSource` (#726)