chore(deps-dev): bump flatted from 3.3.2 to 3.4.2 in the npm_and_yarn group across 1 directory by dependabot[bot] · Pull Request #707 · deriv-com/p2p

dependabot · 2026-03-20T21:50:37Z

Bumps the npm_and_yarn group with 1 update in the / directory: flatted.

Updates flatted from 3.3.2 to 3.4.2

Commits

3bf0909 3.4.2
885ddcc fix CWE-1321
0bdba70 added flatted-view to the benchmark
2a02dce 3.4.1
fba4e8f Merge pull request #89 from WebReflection/python-fix
5fe8648 added "when in Rome" also a test for PHP
53517ad some minor improvement
b3e2a0c Fixing recursion issue in Python too
c4b46db Add SECURITY.md for security policy and reporting
f86d071 Create dependabot.yml for version updates
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn group with 1 update in the / directory: [flatted](https://github.com/WebReflection/flatted). Updates `flatted` from 3.3.2 to 3.4.2 - [Commits](WebReflection/flatted@v3.3.2...v3.4.2) --- updated-dependencies: - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-03-20T21:50:47Z

Name	Result
Build status	Failed ❌
Action URL	Visit Action

github-actions · 2026-03-20T21:50:56Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
✅ 0 package(s) with unknown licenses.
⚠️ 2 packages with OpenSSF Scorecard issues.

See the Details below.

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/@emotion/babel-plugin

11.13.5

🟢 5.5

Details

Check	Score	Reason
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 4	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/cache

11.14.0

🟢 5.5

Details

Check	Score	Reason
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 4	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/hash

0.9.2

🟢 5.5

Details

Check	Score	Reason
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 4	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/is-prop-valid

1.4.0

🟢 5.5

Details

Check	Score	Reason
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 4	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/memoize

0.9.0

🟢 5.5

Details

Check	Score	Reason
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 4	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/react

11.14.0

🟢 5.5

Details

Check	Score	Reason
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 4	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/serialize

1.3.3

🟢 5.5

Details

Check	Score	Reason
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 4	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/sheet

1.4.0

🟢 5.5

Details

Check	Score	Reason
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 4	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/styled

11.14.1

🟢 5.5

Details

Check	Score	Reason
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 4	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/unitless

0.10.0

🟢 5.5

Details

Check	Score	Reason
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 4	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/use-insertion-effect-with-fallbacks

1.2.0

🟢 5.5

Details

Check	Score	Reason
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 4	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/utils

1.4.2

🟢 5.5

Details

Check	Score	Reason
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 4	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@emotion/weak-memoize

0.4.0

🟢 5.5

Details

Check	Score	Reason
Code-Review	🟢 8	Found 17/20 approved changesets -- score normalized to 8
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 4	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@jridgewell/source-map

0.3.11

Unknown

npm/@parcel/watcher

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-android-arm64

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-darwin-arm64

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-darwin-x64

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-freebsd-x64

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-linux-arm-glibc

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-linux-arm-musl

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-linux-arm64-glibc

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-linux-arm64-musl

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-linux-x64-glibc

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-linux-x64-musl

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-win32-arm64

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-win32-ia32

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@parcel/watcher-win32-x64

2.5.1

🟢 4.5

Details

Check	Score	Reason
Maintained	🟢 10	20 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 5	Found 17/30 approved changesets -- score normalized to 5
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 7	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@types/parse-json

4.0.2

🟢 6.5

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 8	Found 24/29 approved changesets -- score normalized to 8
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed

npm/acorn

8.16.0

🟢 5

Details

Check	Score	Reason
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 3	Found 9/29 approved changesets -- score normalized to 3
Maintained	🟢 10	10 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Security-Policy	⚠️ 0	security policy file not detected
License	⚠️ 0	license file not detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/babel-plugin-macros

3.1.0

🟢 3.5

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Code-Review	🟢 7	Found 17/22 approved changesets -- score normalized to 7
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/buffer-from

1.1.2

⚠️ 2

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/18 approved changesets -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
Dangerous-Workflow	⚠️ -1	no workflows found
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/call-bind

1.0.8

🟢 3.8

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	⚠️ 0	1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	no SAST tool detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected

npm/callsites

3.1.0

🟢 3.8

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	🟢 3	Found 10/30 approved changesets -- score normalized to 3
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/chokidar

4.0.3

🟢 4.1

Details

Check	Score	Reason
Code-Review	🟢 3	Found 9/25 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 10	all dependencies are pinned
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/commander

2.20.3

🟢 7

Details

Check	Score	Reason
Code-Review	🟢 8	Found 8/9 approved changesets -- score normalized to 8
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 10	7 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 1	dependency not pinned by hash detected -- score normalized to 1
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	🟢 10	SAST tool is run on all commits

npm/convert-source-map

1.9.0

🟢 3.9

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Code-Review	🟢 4	Found 12/30 approved changesets -- score normalized to 4
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/cosmiconfig

7.1.0

🟢 5.4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 10	15 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/detect-libc

1.0.3

🟢 3.8

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 8	binaries present in source code
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	⚠️ 2	Found 7/30 approved changesets -- score normalized to 2
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/error-ex

1.3.2

Unknown

npm/escape-string-regexp

4.0.0

🟢 3.7

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Code-Review	⚠️ 2	Found 6/30 approved changesets -- score normalized to 2
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/find-root

1.1.0

Unknown

npm/framer-motion

12.38.0

Unknown

npm/immutable

5.1.5

🟢 6.5

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 1/8 approved changesets -- score normalized to 1
Maintained	🟢 10	14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/import-fresh

3.3.0

🟢 3.8

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 7/30 approved changesets -- score normalized to 2
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Maintained	⚠️ 1	2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/is-arrayish

0.2.1

Unknown

npm/is-core-module

2.16.1

🟢 4.1

Details

Check	Score	Reason
Maintained	⚠️ 2	3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	no SAST tool detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected

npm/is-extglob

2.1.1

🟢 3

Details

Check	Score	Reason
Dangerous-Workflow	⚠️ -1	no workflows found
Code-Review	⚠️ 0	Found 0/19 approved changesets -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Pinned-Dependencies	⚠️ -1	no dependencies found
SAST	⚠️ 0	no SAST tool detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Security-Policy	🟢 10	security policy file detected

npm/is-glob

4.0.3

🟢 3.6

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 1	Found 3/26 approved changesets -- score normalized to 1
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/jiti

1.21.0

🟢 5.7

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 8/27 approved changesets -- score normalized to 2
Maintained	🟢 10	20 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 1	dependency not pinned by hash detected -- score normalized to 1
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/json-parse-even-better-errors

2.3.1

🟢 5.6

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	🟢 8	SAST tool detected but not run on all commits

npm/lines-and-columns

1.2.4

🟢 3.1

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Code-Review	⚠️ 0	Found 1/17 approved changesets -- score normalized to 0
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	⚠️ -1	packaging workflow not detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/motion-dom

12.38.0

Unknown

npm/motion-utils

12.36.0

Unknown

npm/node-addon-api

7.1.1

🟢 8.9

Details

Check	Score	Reason
Maintained	🟢 10	9 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	🟢 7	dependency not pinned by hash detected -- score normalized to 7
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	🟢 9	SAST tool detected but not run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	🟢 10	packaging workflow detected
Security-Policy	🟢 10	security policy file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
CI-Tests	🟢 9	27 out of 30 merged PRs checked by a CI test -- score normalized to 9
Contributors	🟢 10	project has 47 contributing companies or organizations

npm/parent-module

1.0.1

🟢 3.6

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	⚠️ 1	Found 4/26 approved changesets -- score normalized to 1
Security-Policy	🟢 10	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/parse-json

5.2.0

🟢 4

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Code-Review	🟢 5	Found 15/30 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Security-Policy	🟢 10	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/path-type

4.0.0

🟢 3.7

Details

Check	Score	Reason
Security-Policy	🟢 10	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Maintained	⚠️ 0	1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	⚠️ 2	Found 7/27 approved changesets -- score normalized to 2
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/readdirp

4.1.2

🟢 3.4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 2/28 approved changesets -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Pinned-Dependencies	🟢 10	all dependencies are pinned
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/resolve-from

4.0.0

🟢 3.7

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 2	Found 7/30 approved changesets -- score normalized to 2
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/sass

1.86.3

🟢 4.3

Details

Check	Score	Reason
Code-Review	🟢 9	Found 18/19 approved changesets -- score normalized to 9
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Maintained	🟢 10	22 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/source-map

0.5.7

🟢 4.2

Details

Check	Score	Reason
Code-Review	🟢 8	Found 10/12 approved changesets -- score normalized to 8
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts	🟢 9	binaries present in source code
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	🟢 4	dependency not pinned by hash detected -- score normalized to 4
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/source-map

0.6.1

🟢 4.2

Details

Check	Score	Reason
Code-Review	🟢 8	Found 10/12 approved changesets -- score normalized to 8
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts	🟢 9	binaries present in source code
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	🟢 4	dependency not pinned by hash detected -- score normalized to 4
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/source-map-support

0.5.21

⚠️ 2.3

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/17 approved changesets -- score normalized to 2
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/stylis

4.2.0

Unknown

npm/terser

5.46.1

🟢 5.8

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 2/29 approved changesets -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 10	16 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Security-Policy	🟢 10	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/yaml

1.10.2

🟢 7.2

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/19 approved changesets -- score normalized to 0
Maintained	🟢 10	29 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 9	SAST tool detected but not run on all commits

npm/yaml

2.4.2

🟢 7.2

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/19 approved changesets -- score normalized to 0
Maintained	🟢 10	29 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 9	SAST tool detected but not run on all commits

npm/call-bind

1.0.7

🟢 3.8

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	⚠️ 0	1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	no SAST tool detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected

npm/is-core-module

2.13.1

🟢 4.1

Details

Check	Score	Reason
Maintained	⚠️ 2	3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	no SAST tool detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected

Scanned Manifest Files

package-lock.json

flatted@3.3.2
@babel/eslint-parser@7.28.6
@emnapi/core@1.9.1
@emnapi/runtime@1.9.1
@emnapi/wasi-threads@1.2.0
@emotion/babel-plugin@11.13.5
@emotion/cache@11.14.0
@emotion/hash@0.9.2
@emotion/is-prop-valid@1.4.0
@emotion/memoize@0.9.0
@emotion/react@11.14.0
@emotion/serialize@1.3.3
@emotion/sheet@1.4.0
@emotion/styled@11.14.1
@emotion/unitless@0.10.0
@emotion/use-insertion-effect-with-fallbacks@1.2.0
@emotion/utils@1.4.2
@emotion/weak-memoize@0.4.0
@jridgewell/source-map@0.3.11
@napi-rs/wasm-runtime@0.2.12
@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-1
@nolyfill/is-core-module@1.0.39
@parcel/watcher@2.5.1
@parcel/watcher-android-arm64@2.5.1
@parcel/watcher-darwin-arm64@2.5.1
@parcel/watcher-darwin-x64@2.5.1
@parcel/watcher-freebsd-x64@2.5.1
@parcel/watcher-linux-arm-glibc@2.5.1
@parcel/watcher-linux-arm-musl@2.5.1
@parcel/watcher-linux-arm64-glibc@2.5.1
@parcel/watcher-linux-arm64-musl@2.5.1
@parcel/watcher-linux-x64-glibc@2.5.1
@parcel/watcher-linux-x64-musl@2.5.1
@parcel/watcher-win32-arm64@2.5.1
@parcel/watcher-win32-ia32@2.5.1
@parcel/watcher-win32-x64@2.5.1
@rtsao/scc@1.1.0
@testing-library/dom@10.4.1
@tybys/wasm-util@0.10.1
@types/aria-query@5.0.4
@types/eslint@9.6.1
@types/eslint@7.29.0
@types/eslint@8.56.12
@types/eslint-scope@3.7.7
@types/json5@0.0.29
@types/parse-json@4.0.2
@unrs/resolver-binding-android-arm-eabi@1.11.1
@unrs/resolver-binding-android-arm64@1.11.1
@unrs/resolver-binding-darwin-arm64@1.11.1
@unrs/resolver-binding-darwin-x64@1.11.1
@unrs/resolver-binding-freebsd-x64@1.11.1
@unrs/resolver-binding-linux-arm-gnueabihf@1.11.1
@unrs/resolver-binding-linux-arm-musleabihf@1.11.1
@unrs/resolver-binding-linux-arm64-gnu@1.11.1
@unrs/resolver-binding-linux-arm64-musl@1.11.1
@unrs/resolver-binding-linux-ppc64-gnu@1.11.1
@unrs/resolver-binding-linux-riscv64-gnu@1.11.1
@unrs/resolver-binding-linux-riscv64-musl@1.11.1
@unrs/resolver-binding-linux-s390x-gnu@1.11.1
@unrs/resolver-binding-linux-x64-gnu@1.11.1
@unrs/resolver-binding-linux-x64-musl@1.11.1
@unrs/resolver-binding-wasm32-wasi@1.11.1
@unrs/resolver-binding-win32-arm64-msvc@1.11.1
@unrs/resolver-binding-win32-ia32-msvc@1.11.1
@unrs/resolver-binding-win32-x64-msvc@1.11.1
@webassemblyjs/ast@1.14.1
@webassemblyjs/floating-point-hex-parser@1.13.2
@webassemblyjs/helper-api-error@1.13.2
@webassemblyjs/helper-buffer@1.14.1
@webassemblyjs/helper-numbers@1.13.2
@webassemblyjs/helper-wasm-bytecode@1.13.2
@webassemblyjs/helper-wasm-section@1.14.1
@webassemblyjs/ieee754@1.13.2
@webassemblyjs/leb128@1.13.2
@webassemblyjs/utf8@1.13.2
@webassemblyjs/wasm-edit@1.14.1
@webassemblyjs/wasm-gen@1.14.1
@webassemblyjs/wasm-opt@1.14.1
@webassemblyjs/wasm-parser@1.14.1
@webassemblyjs/wast-printer@1.14.1
@xtuc/ieee754@1.2.0
@xtuc/long@4.2.2
acorn@8.16.0
acorn-import-phases@1.0.4
ajv-formats@2.1.1
ajv-keywords@5.1.0
array-buffer-byte-length@1.0.2
array-includes@3.1.9
array.prototype.findlast@1.2.5
array.prototype.findlastindex@1.2.6
array.prototype.flat@1.3.3
array.prototype.flatmap@1.3.3
array.prototype.tosorted@1.1.4
arraybuffer.prototype.slice@1.0.4
async-function@1.0.0
available-typed-arrays@1.0.7
babel-plugin-macros@3.1.0
buffer-from@1.1.2
call-bind@1.0.8
call-bound@1.0.4
callsites@3.1.0
chokidar@4.0.3
chrome-trace-event@1.0.4
commander@2.20.3
confusing-browser-globals@1.0.11
convert-source-map@1.9.0
cosmiconfig@7.1.0
data-view-buffer@1.0.2
data-view-byte-length@1.0.2
data-view-byte-offset@1.0.1
debug@3.2.7
define-properties@1.2.1
detect-libc@1.0.3
doctrine@2.1.0
dom-accessibility-api@0.5.16
enhanced-resolve@0.9.1
enhanced-resolve@5.20.1
error-ex@1.3.2
es-abstract@1.24.1
es-iterator-helpers@1.3.1
es-module-lexer@2.0.0
es-shim-unscopables@1.1.0
es-to-primitive@1.3.0
escape-string-regexp@4.0.0
eslint-config-airbnb-base@15.0.0
eslint-config-prettier@7.2.0
eslint-formatter-pretty@4.1.0
eslint-import-resolver-node@0.3.9
eslint-import-resolver-typescript@3.10.1
eslint-import-resolver-webpack@0.13.10
eslint-module-utils@2.12.1
eslint-plugin-deprecation@1.5.0
eslint-plugin-import@2.32.0
eslint-plugin-jest@27.9.0
eslint-plugin-jest-dom@5.5.0
eslint-plugin-jest-playwright@0.9.0
eslint-plugin-playwright@0.9.0
eslint-plugin-react@7.37.5
eslint-plugin-simple-import-sort@10.0.0
eslint-plugin-testing-library@6.5.0
eslint-rule-docs@1.1.235
eslint-visitor-keys@2.1.0
eslint-webpack-plugin@4.2.0
events@3.3.0
find-root@1.1.0
flatted@3.4.2
for-each@0.3.5
framer-motion@12.38.0
function.prototype.name@1.1.8
functions-have-names@1.2.3
generator-function@2.0.1
get-symbol-description@1.1.0
get-tsconfig@4.13.6
glob-to-regexp@0.4.1
globalthis@1.0.4
has-bigints@1.1.0
has-proto@1.2.0
immutable@5.1.5
import-fresh@3.3.0
internal-slot@1.1.0
interpret@1.4.0
irregular-plurals@3.5.0
is-array-buffer@3.0.5
is-arrayish@0.2.1
is-async-function@2.1.1
is-bigint@1.1.0
is-boolean-object@1.2.2
is-bun-module@2.0.0
is-callable@1.2.7
is-core-module@2.16.1
is-data-view@1.0.2
is-date-object@1.1.0
is-extglob@2.1.1
is-finalizationregistry@1.1.1
is-generator-function@1.1.2
is-glob@4.0.3
is-map@2.0.3
is-negative-zero@2.0.3
is-number-object@1.1.1
is-regex@1.2.1
is-set@2.0.3
is-shared-array-buffer@1.0.4
is-string@1.1.1
is-symbol@1.1.1
is-typed-array@1.1.15
is-weakmap@2.0.2
is-weakref@1.1.1
is-weakset@2.0.4
iterator.prototype@1.1.5
jest-worker@27.5.1
jiti@1.21.0
json-parse-even-better-errors@2.3.1
json5@1.0.2
jsx-ast-utils@3.3.5
lines-and-columns@1.2.4
loader-runner@4.3.1
lz-string@1.5.0
memory-fs@0.2.0
motion-dom@12.38.0
motion-utils@12.36.0
napi-postinstall@0.3.4
neo-async@2.6.2
node-addon-api@7.1.1
node-exports-info@1.6.0
object-inspect@1.13.4
object.assign@4.1.7
object.entries@1.1.9
object.fromentries@2.0.8
object.groupby@1.0.3
object.values@1.2.1
own-keys@1.0.1
parent-module@1.0.1
parse-json@5.2.0
path-type@4.0.0
plur@4.0.0
possible-typed-array-names@1.1.0
pretty-format@27.5.1
react-is@17.0.2
readdirp@4.1.2
reflect.getprototypeof@1.0.10
regexp.prototype.flags@1.5.4
requireindex@1.2.0
resolve@2.0.0-next.6
resolve-from@4.0.0
resolve-pkg-maps@1.0.0
safe-array-concat@1.1.3
safe-push-apply@1.0.0
safe-regex-test@1.1.0
sass@1.86.3
schema-utils@4.3.3
semver@7.7.4
set-function-name@2.0.2
set-proto@1.0.0
side-channel@1.1.0
side-channel-list@1.0.0
side-channel-map@1.0.1
side-channel-weakmap@1.0.2
source-map@0.5.7
source-map@0.6.1
source-map-support@0.5.21
stable-hash@0.0.5
stop-iteration-iterator@1.1.0
string.prototype.matchall@4.0.12
string.prototype.repeat@1.0.0
string.prototype.trim@1.2.10
string.prototype.trimend@1.0.9
string.prototype.trimstart@1.0.8
strip-bom@3.0.0
stylis@4.2.0
supports-color@8.1.1
supports-hyperlinks@2.3.0
tapable@0.1.10
tapable@2.3.0
terser@5.46.1
terser-webpack-plugin@5.4.0
tsconfig-paths@3.15.0
typed-array-buffer@1.0.3
typed-array-byte-length@1.0.3
typed-array-byte-offset@1.0.4
typed-array-length@1.0.7
unbox-primitive@1.1.0
unrs-resolver@1.11.1
watchpack@2.5.1
webpack@5.105.4
webpack-sources@3.3.4
which-boxed-primitive@1.1.1
which-builtin-type@1.2.1
which-collection@1.0.2
which-typed-array@1.1.20
yaml@1.10.2
yaml@2.4.2
@parcel/watcher@2.5.1
@parcel/watcher-android-arm64@2.5.1
@parcel/watcher-darwin-arm64@2.5.1
@parcel/watcher-darwin-x64@2.5.1
@parcel/watcher-freebsd-x64@2.5.1
@parcel/watcher-linux-arm-glibc@2.5.1
@parcel/watcher-linux-arm-musl@2.5.1
@parcel/watcher-linux-arm64-glibc@2.5.1
@parcel/watcher-linux-arm64-musl@2.5.1
@parcel/watcher-linux-x64-glibc@2.5.1
@parcel/watcher-linux-x64-musl@2.5.1
@parcel/watcher-win32-arm64@2.5.1
@parcel/watcher-win32-ia32@2.5.1
@parcel/watcher-win32-x64@2.5.1
@types/parse-json@4.0.2
acorn@8.15.0
buffer-from@1.1.2
call-bind@1.0.7
callsites@3.1.0
chokidar@4.0.3
detect-libc@1.0.3
error-ex@1.3.2
escape-string-regexp@4.0.0
immutable@5.1.5
import-fresh@3.3.0
is-arrayish@0.2.1
is-core-module@2.13.1
is-extglob@2.1.1
is-glob@4.0.3
jiti@1.21.0
json-parse-even-better-errors@2.3.1
lines-and-columns@1.2.4
mdn-data@2.21.0
node-addon-api@7.1.1
parent-module@1.0.1
parse-json@5.2.0
path-type@4.0.0
readdirp@4.1.2
resolve-from@4.0.0
sass@1.86.3
source-map@0.6.1
yaml@2.4.2

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 20, 2026

dependabot bot requested review from ameerul-deriv and farrah-deriv as code owners March 20, 2026 21:50

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 20, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps-dev): bump flatted from 3.3.2 to 3.4.2 in the npm_and_yarn group across 1 directory#707

chore(deps-dev): bump flatted from 3.3.2 to 3.4.2 in the npm_and_yarn group across 1 directory#707
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-e5a595f223

dependabot bot commented on behalf of github Mar 20, 2026

Uh oh!

github-actions bot commented Mar 20, 2026

Uh oh!

github-actions bot commented Mar 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 20, 2026

Uh oh!

github-actions bot commented Mar 20, 2026

Uh oh!

github-actions bot commented Mar 20, 2026

Dependency Review

OpenSSF Scorecard

Scanned Manifest Files

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants