Skip to content

build(deps-dev): bump the dev-dependencies group across 1 directory with 6 updates#188

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-e86a826421
Open

build(deps-dev): bump the dev-dependencies group across 1 directory with 6 updates#188
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dev-dependencies-e86a826421

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 15, 2026

Copy link
Copy Markdown
Contributor

Bumps the dev-dependencies group with 6 updates in the / directory:

Package From To
@types/node 26.0.1 26.1.1
@vitest/coverage-v8 4.1.9 4.1.10
eslint 10.6.0 10.7.0
knip 6.23.0 6.26.0
typescript-eslint 8.62.1 8.64.0
vitest 4.1.9 4.1.10

Updates @types/node from 26.0.1 to 26.1.1

Commits

Updates @vitest/coverage-v8 from 4.1.9 to 4.1.10

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.10

   🐞 Bug Fixes

    View changes on GitHub
Commits

Updates eslint from 10.6.0 to 10.7.0

Release notes

Sourced from eslint's releases.

v10.7.0

Features

  • cf2a9bf feat: add errorClassNames option to preserve-caught-error rule (#21032) (sethamus)
  • f8b873a feat: max-nested-callbacks option for constructor callbacks (#21063) (fnx)
  • 557fde8 feat: support computed Number.parseInt member access in radix rule (#21041) (Pixel)
  • 0b4a73b feat: add suggestions to no-compare-neg-zero (#21034) (den$)
  • 96cdd42 feat: report invalid signed numeric radix values in radix rule (#21030) (Pixel)

Bug Fixes

  • 3e7bf15 fix: apply ignoreClassesWithImplements to class expressions (#21069) (Pixel)
  • 0d7d70c fix: insert cause outside wrapping parens in preserve-caught-error (#21062) (Mahin Anowar)
  • 75ec753 fix: handle static template literals in eqeqeq rule (#21058) (Pixel)
  • b717a22 fix: prevent eqeqeq null option from reporting non-equality operators (#21057) (Pixel)
  • e35b05f fix: avoid no-invalid-regexp false positive for shadowed RegExp (#21051) (Pixel)
  • a3172b6 fix: avoid no-control-regex false positive for shadowed RegExp (#21050) (Pixel)
  • d1f637e fix: parenthesize sequence expression operands in no-implicit-coercion (#21045) (spokodev)
  • 8859baf fix: avoid prefer-numeric-literals false positive for shadowed globals (#21047) (한국)
  • a9e5961 fix: use-isnan false positive on shadowed NaN/Number (#20958) (sethamus)
  • 8a240a7 fix: avoid false positives in radix rule for spread arguments (#21044) (Pixel)

Documentation

  • c30d808 docs: Update README (GitHub Actions Bot)
  • 5139800 docs: document ESLint migration codemods in v9 and v10 guides (#20980) (Alex Bit)
  • 04174cb docs: Update README (GitHub Actions Bot)
  • 026e130 docs: update semver policy for bug fixes (#21048) (Milos Djermanovic)
  • 9d42fef docs: Update README (GitHub Actions Bot)
  • b230159 docs: Update README (GitHub Actions Bot)
  • 0129972 docs: correct **/.js glob to **/*.js in config files guide (#21036) (EduardF1)

Chores

  • 9489379 chore: update dependency @​eslint/eslintrc to ^3.3.6 (#21076) (renovate[bot])
  • 81a4774 chore: updates for v9.39.5 release (Jenkins)
  • 9835414 chore: enable $ExpectType annotations in all TypeScript files (#21071) (Francesco Trotta)
  • 72adf6b chore: restrict markdownlint-cli2 updates in renovate (#21067) (lumir)
  • 833ec10 chore: update dependency prettier to v3.9.4 (#21061) (renovate[bot])
  • 7ea106d chore: update ecosystem plugins (#21059) (ESLint Bot)
  • 8fb550e chore: add prettier update commit to .git-blame-ignore-revs (#21056) (lumir)
  • e4e1166 chore: update dependency prettier to v3.9.1 (#21055) (renovate[bot])
  • 0493f53 chore: update prettier to v3.9.0 (#21054) (Pixel)
  • 1056a99 chore: update dependency prettier to v3.8.5 (#21049) (renovate[bot])
  • 4d4155d ci: run ecosystem tests on pull requests (#21027) (sethamus)
  • 993539f chore: update dependency @​eslint/json to ^2.0.1 (#21042) (renovate[bot])
  • 53f8b69 test: add error locations to no-constant-binary-expression (#21039) (lumir)
  • 5ab71d5 refactor: clean up radix rule internals (#21015) (Pixel)
  • a80a9a4 chore: update ecosystem plugins (#21035) (ESLint Bot)
  • 7c9a029 ci: add Node.js 26 to CI (#20847) (lumir)
Commits
  • fabd99b 10.7.0
  • 37c5e75 Build: changelog update for 10.7.0
  • 9489379 chore: update dependency @​eslint/eslintrc to ^3.3.6 (#21076)
  • 81a4774 chore: updates for v9.39.5 release
  • 3e7bf15 fix: apply ignoreClassesWithImplements to class expressions (#21069)
  • 9835414 chore: enable $ExpectType annotations in all TypeScript files (#21071)
  • cf2a9bf feat: add errorClassNames option to preserve-caught-error rule (#21032)
  • c30d808 docs: Update README
  • f8b873a feat: max-nested-callbacks option for constructor callbacks (#21063)
  • 72adf6b chore: restrict markdownlint-cli2 updates in renovate (#21067)
  • Additional commits viewable in compare view

Updates knip from 6.23.0 to 6.26.0

Release notes

Sourced from knip's releases.

Release 6.26.0

  • ci: add path filters (#1871) (4249935adffe1b8eca9570fb325fa19cc8010584) - thanks @​trueberryless!
  • Add CodeRabbit as gold sponsor (1da09fdc8f4d851f3cad30659200018bfb47a5e0)
  • Fix up docs a bit more (39125a7f473e006f61629781bff1ac4a050ca460)
  • Don't report ambient declaration files as unused (aed361c00a82829c2fc80a65a2f7af174316782e)
  • Register oclif command files as entries (3b4d58c9da83d93b6821a2b24f57b919ba886756)
  • Add electron-vite plugin (d92107ea504833b3ee7ad2b695e22d40528b24c3)
  • Add esbuild plugin (ef3b601d957546554de2cb1fbff859f5bdafb741)
  • Ignore more globally available binaries (829298129fdfd1b41a1f8dff5022b9fbbe25f454)
  • Resolve #-imports to source when node condition is unbuilt (resolve #1873) (f2713ed1e499ab286b86615d4b8ec34f711d1bd2)
  • Ignore gh as a globally available binary (a6f0772e5db03a8412a3ac036756779f22d1a27d)
  • Resolve Vitest benchmark files as entries (57429139f7e93f2a4bee35a53d450c4f45dea9ff)
  • Extract shared Vue auto-import machinery into plugins/_vue (73010753d432ae58eb12c7eec9c5723036009749)
  • Scope compiler extensions per workspace (5e6f82b963a83e5801484efbc01a4b6a9ce39ea3)
  • Resolve auto-imported components in the Vue SFC compiler (009aad8f9dab589898e5dba4c85fa41ea57c1a49)
  • Add plugins for the Vue auto-import ecosystem (f638c8302cdd26a63e477344a7cf44ef60af7788)
  • Enable Vue SFC compiler on unplugin-vue and @​vitejs/plugin-vue (9396ab159919147ef81dad16e365e531b32b4b12)
  • Recognize vite-plugin-vue-meta-layouts (same layouts convention) (3ceee89228b0173eddc0466bf50e8181286ffebc)
  • Add vite-plugin-pages and unplugin-icons plugins (9bc17540bcf8eb142474ed84837c1e2cebb7fe73)
  • Add vite-plugin-pwa and @​intlify/unplugin-vue-i18n plugins (45dea0a397ed754c34617ed18deef4dc6f0ec0d4)
  • Dog, food. (e1249ade2558d3801d85e2dc63349d884f3443d4)
  • Update query snapshot (a45941d2db381c04f8a38416533217ee84f77ca7)
  • Don't misread Nitro route types as Vue component auto-imports (43aecd5414eb63bec3637f37ffac0c62a71e7e74)
  • Read oxlint jsPlugins from vite-plus vite.config and .oxlintrc.json (589ffda4e3a7d0c0d772191ad6f8d6e60dd298cf)
  • Add vite-plus plugin for run.tasks and staged scripts (f041c191e4e10dd181ad212b71079e3e10bcf341)
  • Support @​vite-pwa/nuxt PWA config in nuxt.config (8fa7b116690e37484798ad98eca002d26c0c80fe)
  • Add @​vite-pwa/assets-generator plugin (4254f7d53a284a4ea4612f650ae03495bcb0d582)
  • Add @​nuxtjs/i18n plugin (dfb9acbe5a08ebc85562f59a04e7f4bedb4925f1)
  • Read plugin entries from vite.config options and index.html (d533da8cc2b431d206eb7c55323ea51846eca0bb)
  • Fix false positives in VitePress, next-mdx and unplugin-vue-i18n plugins (b99702a76e26b1943a16517f1633de3a0713c196)
  • Respect optional peers in pnpm and Yarn packageExtensions (aab080bbd436494316df045011ab22cbebca06b4)
  • Detect babel plugins in the Storybook config (5dea975adf9b88971ad56434132282a099c7d58c)
  • Add shared AST helpers for imported calls and first property values (c84bb7a87a17f1921c12bb02bcfd43f905cae595)
  • Inline trivial resolveFromAST wrappers and normalize orval and sst (620079d1d07b69a69bbb67b6a6e68963b6c2fc21)
  • Extract inline resolveFromAST implementations to dedicated files (b5231c12f915428067d790187d2dd4c44e2559d4)
  • Normalize resolveFromAST files to a uniform contract (fc1ba0fb45aaf623de678a57bea3b5567ea04750)
  • chore: migrate to Astro 7 and Sätteri (#1875) (f256a5b276c3d69dd5081c591bbb183aacebf766) - thanks @​trueberryless!
  • Show contributor count on docs homepage (6b8454a2841905ce7f08e1a23b54bc17a0854608)
  • Exclude gitignored package entry points (606e5d051b4f0620c776aa23352153b8253bd75b)
  • Add Tauri plugin (199180da79c71acc80865dc65ce89653a26d9579)
  • Add Laravel plugin (197453378f2b60e5143a30ec78b438f02b37c53b)
  • Add Quasar plugin (a220729074bfbb9e7d03ba329e89ad553c3a7799)

Release 6.25.0

  • fix: derive package name from package.json under Yarn nodeLinker: pnpm store (#1852) (3764605ed150b975fb6c88c4c4aa47f5bf9ae149) - thanks @​blowery!
  • Pick up types used in module augmentations via path aliases (resolve #1850) (9cc5a4132793990b5fcf9eae6f3db37426d979c0)
  • feat: add support for packageExtensions in yarn and pnpm (#1847) (61d3164cdac6e9252b3c52ce3bb2909949b4690e) - thanks @​trueberryless!
  • fix(ci): do not run integration on forks (#1855) (d23c10d1ae764c0b70addaafc79f01c543cc5efa) - thanks @​trueberryless!
  • chore(ci): improve security through specific permissions (#1856) (1eb42e639f9ec12d6d2ef88e1aaf07397b5bf226) - thanks @​trueberryless!
  • chore(ci): add concurrency blocks (#1857) (3bf3d115cf677fadcfe8fa72ce0e68cfd435d399) - thanks @​trueberryless!

... (truncated)

Commits
  • 441faf0 Release knip@6.26.0
  • a220729 Add Quasar plugin
  • 1974533 Add Laravel plugin
  • 199180d Add Tauri plugin
  • 606e5d0 Exclude gitignored package entry points
  • fc1ba0f Normalize resolveFromAST files to a uniform contract
  • b5231c1 Extract inline resolveFromAST implementations to dedicated files
  • 620079d Inline trivial resolveFromAST wrappers and normalize orval and sst
  • c84bb7a Add shared AST helpers for imported calls and first property values
  • 5dea975 Detect babel plugins in the Storybook config
  • Additional commits viewable in compare view

Updates typescript-eslint from 8.62.1 to 8.64.0

Release notes

Sourced from typescript-eslint's releases.

v8.64.0

8.64.0 (2026-07-13)

🚀 Features

  • support parsing import defer (#12513)
  • eslint-plugin: [no-loop-func] support using / await using declarations and deprecate the rule (#12500)
  • typescript-estree: throw for invalid definite assignment in class properties (#12543)

🩹 Fixes

  • eslint-plugin: [require-array-sort-compare] handle constrained arrays (#12512)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.63.0

8.63.0 (2026-07-06)

🚀 Features

  • eslint-plugin: [no-misused-promises] detect async usage of a sync dispose usage (#12426)

🩹 Fixes

  • eslint-plugin: [method-signature-style] suggest converting readonly function properties instead of emitting invalid syntax (#12447, #12446)
  • eslint-plugin: [no-unnecessary-type-assertion] handle optional-chained calls to overloaded functions (#12491, #12485)
  • eslint-plugin: [no-base-to-string] don't flag a shadowed String() call (#12492)
  • scope-manager: export ClassStaticBlockScope (#12460)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.64.0 (2026-07-13)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.63.0 (2026-07-06)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates vitest from 4.1.9 to 4.1.10

Release notes

Sourced from vitest's releases.

v4.1.10

   🐞 Bug Fixes

    View changes on GitHub
Commits
  • db616d2 chore: release v4.1.10 (#10718)
  • bae52b5 fix(vm): fix external module resolve error with deps optimizer query for enco...
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…ith 6 updates

Bumps the dev-dependencies group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `26.0.1` | `26.1.1` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.1.9` | `4.1.10` |
| [eslint](https://github.com/eslint/eslint) | `10.6.0` | `10.7.0` |
| [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip) | `6.23.0` | `6.26.0` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.62.1` | `8.64.0` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.9` | `4.1.10` |



Updates `@types/node` from 26.0.1 to 26.1.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@vitest/coverage-v8` from 4.1.9 to 4.1.10
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.10/packages/coverage-v8)

Updates `eslint` from 10.6.0 to 10.7.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.6.0...v10.7.0)

Updates `knip` from 6.23.0 to 6.26.0
- [Release notes](https://github.com/webpro-nl/knip/releases)
- [Commits](https://github.com/webpro-nl/knip/commits/knip@6.26.0/packages/knip)

Updates `typescript-eslint` from 8.62.1 to 8.64.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.64.0/packages/typescript-eslint)

Updates `vitest` from 4.1.9 to 4.1.10
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.10/packages/vitest)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 26.1.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: eslint
  dependency-version: 10.7.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: knip
  dependency-version: 6.26.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: typescript-eslint
  dependency-version: 8.64.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: vitest
  dependency-version: 4.1.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 15, 2026
@github-actions

Copy link
Copy Markdown

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@oxc-project/types 0.139.0 UnknownUnknown
npm/@rolldown/binding-android-arm64 1.1.5 UnknownUnknown
npm/@rolldown/binding-darwin-arm64 1.1.5 UnknownUnknown
npm/@rolldown/binding-darwin-x64 1.1.5 UnknownUnknown
npm/@rolldown/binding-freebsd-x64 1.1.5 UnknownUnknown
npm/@rolldown/binding-linux-arm-gnueabihf 1.1.5 UnknownUnknown
npm/@rolldown/binding-linux-arm64-gnu 1.1.5 UnknownUnknown
npm/@rolldown/binding-linux-arm64-musl 1.1.5 UnknownUnknown
npm/@rolldown/binding-linux-ppc64-gnu 1.1.5 UnknownUnknown
npm/@rolldown/binding-linux-s390x-gnu 1.1.5 UnknownUnknown
npm/@rolldown/binding-linux-x64-gnu 1.1.5 UnknownUnknown
npm/@rolldown/binding-linux-x64-musl 1.1.5 UnknownUnknown
npm/@rolldown/binding-openharmony-arm64 1.1.5 UnknownUnknown
npm/@rolldown/binding-wasm32-wasi 1.1.5 UnknownUnknown
npm/@rolldown/binding-win32-arm64-msvc 1.1.5 UnknownUnknown
npm/@rolldown/binding-win32-x64-msvc 1.1.5 UnknownUnknown
npm/@types/node 26.1.1 🟢 6.6
Details
CheckScoreReason
Code-Review🟢 9Found 28/30 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
npm/@typescript-eslint/eslint-plugin 8.64.0 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 9Found 21/23 approved changesets -- score normalized to 9
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/parser 8.64.0 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 9Found 21/23 approved changesets -- score normalized to 9
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/project-service 8.64.0 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 9Found 21/23 approved changesets -- score normalized to 9
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/scope-manager 8.64.0 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 9Found 21/23 approved changesets -- score normalized to 9
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/tsconfig-utils 8.64.0 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 9Found 21/23 approved changesets -- score normalized to 9
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/type-utils 8.64.0 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 9Found 21/23 approved changesets -- score normalized to 9
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/types 8.64.0 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 9Found 21/23 approved changesets -- score normalized to 9
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/typescript-estree 8.64.0 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 9Found 21/23 approved changesets -- score normalized to 9
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/utils 8.64.0 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 9Found 21/23 approved changesets -- score normalized to 9
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/visitor-keys 8.64.0 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 9Found 21/23 approved changesets -- score normalized to 9
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@vitest/coverage-v8 4.1.10 UnknownUnknown
npm/@vitest/expect 4.1.10 UnknownUnknown
npm/@vitest/mocker 4.1.10 UnknownUnknown
npm/@vitest/pretty-format 4.1.10 UnknownUnknown
npm/@vitest/runner 4.1.10 UnknownUnknown
npm/@vitest/snapshot 4.1.10 UnknownUnknown
npm/@vitest/spy 4.1.10 UnknownUnknown
npm/@vitest/utils 4.1.10 UnknownUnknown
npm/eslint 10.7.0 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 7Found 19/26 approved changesets -- score normalized to 7
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
License🟢 10license file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
npm/ignore 7.0.6 🟢 3.3
Details
CheckScoreReason
Code-Review⚠️ 1Found 3/19 approved changesets -- score normalized to 1
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 56 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 9license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/knip 6.26.0 UnknownUnknown
npm/nanoid 3.3.16 🟢 6.4
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 1/30 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST🟢 5SAST tool is not run on all commits -- score normalized to 5
npm/picomatch 4.0.5 🟢 6.2
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 3Found 7/21 approved changesets -- score normalized to 3
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1010 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
npm/postcss 8.5.19 🟢 7.5
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Code-Review🟢 3Found 9/30 approved changesets -- score normalized to 3
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
SAST⚠️ 1SAST tool is not run on all commits -- score normalized to 1
npm/rolldown 1.1.5 UnknownUnknown
npm/typescript-eslint 8.64.0 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 9Found 21/23 approved changesets -- score normalized to 9
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/vite 8.1.4 🟢 6.8
Details
CheckScoreReason
Code-Review🟢 5Found 14/27 approved changesets -- score normalized to 5
Maintained🟢 1030 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 5detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 4binaries present in source code
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
npm/vitest 4.1.10 UnknownUnknown

Scanned Files

  • package-lock.json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants