chore(deps-dev): bump the development-dependencies group across 1 directory with 10 updates #53

dependabot · 2025-08-04T22:30:59Z

Bumps the development-dependencies group with 10 updates in the / directory:

Package	From	To
@types/node	`24.0.3`	`24.2.0`
eslint	`9.29.0`	`9.32.0`
eslint-config-prettier	`10.1.5`	`10.1.8`
eslint-import-resolver-typescript	`4.4.3`	`4.4.4`
eslint-plugin-import	`2.31.0`	`2.32.0`
eslint-plugin-prettier	`5.4.1`	`5.5.3`
jest	`30.0.2`	`30.0.5`
prettier	`3.5.3`	`3.6.2`
typescript	`5.8.3`	`5.9.2`
webpack	`5.99.9`	`5.101.0`

Updates @types/node from 24.0.3 to 24.2.0

Commits

See full diff in compare view

Updates eslint from 9.29.0 to 9.32.0

Release notes

Sourced from eslint's releases.

v9.32.0

Features

1245000 feat: support explicit resource management in core rules (#19828) (fnx)

0e957a7 feat: support typescript types in accessor rules (#19882) (fnx)

Bug Fixes

960fd40 fix: Upgrade @eslint/js (#19971) (Nicholas C. Zakas)

bbf23fa fix: Refactor reporting into FileReport (#19877) (Nicholas C. Zakas)

d498887 fix: bump @eslint/plugin-kit to 0.3.4 to resolve vulnerability (#19965) (Milos Djermanovic)

f46fc6c fix: report only global references in no-implied-eval (#19932) (Nitin Kumar)

7863d26 fix: remove outdated types in ParserOptions.ecmaFeatures (#19944) (ntnyq)

3173305 fix: update execScript message in no-implied-eval rule (#19937) (TKDev7)

Documentation

86e7426 docs: Update README (GitHub Actions Bot)

Chores

50de1ce chore: package.json update for @eslint/js release (Jenkins)

74f01a3 ci: unpin jiti to version ^2.5.1 (#19970) (루밀LuMir)

2ab1381 ci: pin jiti to version 2.4.2 (#19964) (Francesco Trotta)

b7f7545 test: switch to flat config mode in SourceCode tests (#19953) (Milos Djermanovic)

f5a35e3 test: switch to flat config mode in eslint-fuzzer (#19960) (Milos Djermanovic)

e22af8c refactor: use CustomRuleDefinitionType in JSRuleDefinition (#19949) (Francesco Trotta)

e855717 chore: switch performance tests to hyperfine (#19919) (Francesco Trotta)

2f73a23 test: switch to flat config mode in ast-utils tests (#19948) (Milos Djermanovic)

c565a53 chore: exclude further_reading_links.json from Prettier formatting (#19943) (Milos Djermanovic)

v9.31.0

Features

35cf44c feat: output full actual location in rule tester if different (#19904) (ST-DDT)

a6a6325 feat: support explicit resource management in no-loop-func (#19895) (Milos Djermanovic)

4682cdc feat: support explicit resource management in no-undef-init (#19894) (Milos Djermanovic)

5848216 feat: support explicit resource management in init-declarations (#19893) (Milos Djermanovic)

bb370b8 feat: support explicit resource management in no-const-assign (#19892) (Milos Djermanovic)

Bug Fixes

07fac6c fix: retry on EMFILE when writing autofix results (#19926) (TKDev7)

28cc7ab fix: Remove incorrect RuleContext types (#19910) (Nicholas C. Zakas)

Documentation

664cb44 docs: Update README (GitHub Actions Bot)

40dbe2a docs: fix mismatch between globalIgnores() code and text (#19914) (MaoShizhong)

5a0069d docs: Update README (GitHub Actions Bot)

fef04b5 docs: Update working on issues info (#19902) (Nicholas C. Zakas)

Chores

3ddd454 chore: upgrade to @eslint/[email protected] (#19935) (Francesco Trotta)

d5054e5 chore: package.json update for @eslint/js release (Jenkins)

0f4a378 chore: update eslint (#19933) (renovate[bot])

76c2340 chore: bump mocha to v11 (#19917) (루밀LuMir)

... (truncated)

Changelog

Sourced from eslint's changelog.

v9.32.0 - July 25, 2025

960fd40 fix: Upgrade @eslint/js (#19971) (Nicholas C. Zakas)

50de1ce chore: package.json update for @eslint/js release (Jenkins)

bbf23fa fix: Refactor reporting into FileReport (#19877) (Nicholas C. Zakas)

74f01a3 ci: unpin jiti to version ^2.5.1 (#19970) (루밀LuMir)

d498887 fix: bump @eslint/plugin-kit to 0.3.4 to resolve vulnerability (#19965) (Milos Djermanovic)

2ab1381 ci: pin jiti to version 2.4.2 (#19964) (Francesco Trotta)

b7f7545 test: switch to flat config mode in SourceCode tests (#19953) (Milos Djermanovic)

f5a35e3 test: switch to flat config mode in eslint-fuzzer (#19960) (Milos Djermanovic)

f46fc6c fix: report only global references in no-implied-eval (#19932) (Nitin Kumar)

86e7426 docs: Update README (GitHub Actions Bot)

e22af8c refactor: use CustomRuleDefinitionType in JSRuleDefinition (#19949) (Francesco Trotta)

1245000 feat: support explicit resource management in core rules (#19828) (fnx)

e855717 chore: switch performance tests to hyperfine (#19919) (Francesco Trotta)

0e957a7 feat: support typescript types in accessor rules (#19882) (fnx)

2f73a23 test: switch to flat config mode in ast-utils tests (#19948) (Milos Djermanovic)

7863d26 fix: remove outdated types in ParserOptions.ecmaFeatures (#19944) (ntnyq)

c565a53 chore: exclude further_reading_links.json from Prettier formatting (#19943) (Milos Djermanovic)

3173305 fix: update execScript message in no-implied-eval rule (#19937) (TKDev7)

v9.31.0 - July 11, 2025

3ddd454 chore: upgrade to @eslint/[email protected] (#19935) (Francesco Trotta)

d5054e5 chore: package.json update for @eslint/js release (Jenkins)

0f4a378 chore: update eslint (#19933) (renovate[bot])

664cb44 docs: Update README (GitHub Actions Bot)

07fac6c fix: retry on EMFILE when writing autofix results (#19926) (TKDev7)

35cf44c feat: output full actual location in rule tester if different (#19904) (ST-DDT)

40dbe2a docs: fix mismatch between globalIgnores() code and text (#19914) (MaoShizhong)

76c2340 chore: bump mocha to v11 (#19917) (루밀LuMir)

28cc7ab fix: Remove incorrect RuleContext types (#19910) (Nicholas C. Zakas)

a6a6325 feat: support explicit resource management in no-loop-func (#19895) (Milos Djermanovic)

4682cdc feat: support explicit resource management in no-undef-init (#19894) (Milos Djermanovic)

5848216 feat: support explicit resource management in init-declarations (#19893) (Milos Djermanovic)

bb370b8 feat: support explicit resource management in no-const-assign (#19892) (Milos Djermanovic)

5a0069d docs: Update README (GitHub Actions Bot)

fef04b5 docs: Update working on issues info (#19902) (Nicholas C. Zakas)

v9.30.1 - July 1, 2025

b035f74 chore: upgrade to @eslint/[email protected] (#19906) (Francesco Trotta)

b3dbc16 chore: package.json update for @eslint/js release (Jenkins)

e91bb87 fix: allow separate default and named type imports (#19899) (xbinaryx)

ab7c625 docs: Update README (GitHub Actions Bot)

dae1e5b docs: update jsdoc's link (#19896) (JamesVanWaza)

v9.30.0 - June 27, 2025

2b6491c chore: upgrade to @eslint/[email protected] (#19889) (Francesco Trotta)

... (truncated)

Commits

2364031 9.32.0
a0e62e2 Build: changelog update for 9.32.0
960fd40 fix: Upgrade @eslint/js (#19971)
50de1ce chore: package.json update for @eslint/js release
bbf23fa fix: Refactor reporting into FileReport (#19877)
74f01a3 ci: unpin jiti to version ^2.5.1 (#19970)
d498887 fix: bump @eslint/plugin-kit to 0.3.4 to resolve vulnerability (#19965)
2ab1381 ci: pin jiti to version 2.4.2 (#19964)
b7f7545 test: switch to flat config mode in SourceCode tests (#19953)
f5a35e3 test: switch to flat config mode in eslint-fuzzer (#19960)
Additional commits viewable in compare view

Updates eslint-config-prettier from 10.1.5 to 10.1.8

Release notes

Sourced from eslint-config-prettier's releases.

v10.1.8

republish latest version

Full Changelog: prettier/eslint-config-prettier@v10.1.5...v10.1.8

Changelog

Sourced from eslint-config-prettier's changelog.

eslint-config-prettier

Commits

9b0b0a4 fix: release a new latest version
See full diff in compare view

Updates eslint-import-resolver-typescript from 4.4.3 to 4.4.4

Release notes

Sourced from eslint-import-resolver-typescript's releases.

v4.4.4

Patch Changes

#468 93b39d2 Thanks @renovate! - chore(deps): bump stable-hash-x v0.2.0

#466 799f1ce Thanks @anomiex! - fix: include options hash in cache key for options normalization

New Contributors

@ShayanTheNerd made their first contribution in import-js/eslint-import-resolver-typescript#464

@anomiex made their first contribution in import-js/eslint-import-resolver-typescript#466

Full Changelog: import-js/eslint-import-resolver-typescript@v4.4.3...v4.4.4

Changelog

Sourced from eslint-import-resolver-typescript's changelog.

4.4.4

Patch Changes

#468 93b39d2 Thanks @renovate! - chore(deps): bump stable-hash-x v0.2.0

#466 799f1ce Thanks @anomiex! - fix: include options hash in cache key for options normalization

Commits

76672ae chore: release eslint-import-resolver-typescript (#467)
93b39d2 fix(deps): update all dependencies (#468)
799f1ce fix: include options hash in cache key for options normalization (#466)
c06392f docs: improve the documentation (#464)
See full diff in compare view

Updates eslint-plugin-import from 2.31.0 to 2.32.0

Release notes

Sourced from eslint-plugin-import's releases.

v2.32.0

Added

add enforce-node-protocol-usage rule and import/node-version setting (#3024, thanks [@GoldStrikeArch] and [@sevenc-nanashi])

add TypeScript types (#3097, thanks [@G-Rath])

extensions: add `pathGroupOverrides to allow enforcement decision overrides based on specifier (#3105, thanks [@Xunnamius])

[order]: add sortTypesGroup option to allow intragroup sorting of type-only imports (#3104, thanks [@Xunnamius])

[order]: add newlines-between-types option to control intragroup sorting of type-only imports (#3127, thanks [@Xunnamius])

[order]: add consolidateIslands option to collapse excess spacing for aesthetically pleasing imports (#3129, thanks [@Xunnamius])

Fixed

[no-unused-modules]: provide more meaningful error message when no .eslintrc is present (#3116, thanks [@michaelfaith])

configs: added missing name attribute for eslint config inspector (#3151, thanks [@NishargShah])

[order]: ensure arcane imports do not cause undefined behavior (#3128, thanks [@Xunnamius])

[order]: resolve undefined property access issue when using named ordering (#3166, thanks [@Xunnamius])

enforce-node-protocol-usage: avoid a crash with some TS code (#3173, thanks [@ljharb])

[order]: codify invariants from docs into config schema (#3152, thanks [@Xunnamius])

Changed

[Docs] extensions, [order]: improve documentation (#3106, thanks [@Xunnamius])

[Docs] add flat config guide for using tseslint.config() (#3125, thanks [@lnuvy])

[Docs] add missing comma (#3122, thanks [@RyanGst])

[readme] Update flatConfig example to include typescript config (#3138, thanks [@intellix])

[Refactor] [order]: remove unnecessary negative check (#3167, thanks [@JounQin])

[Docs] [no-unused-modules]: add missing double quote (#3191, thanks [@albertpastrana])

[Docs] no-restricted-paths: clarify wording and fix errors (#3172, thanks [@greim])

... (truncated)

Changelog

Sourced from eslint-plugin-import's changelog.

[2.32.0] - 2025-06-20

Added

add [enforce-node-protocol-usage] rule and import/node-version setting (#3024, thanks [@GoldStrikeArch] and [@sevenc-nanashi])

add TypeScript types (#3097, thanks [@G-Rath])

[extensions]: add `pathGroupOverrides to allow enforcement decision overrides based on specifier (#3105, thanks [@Xunnamius])

[order]: add sortTypesGroup option to allow intragroup sorting of type-only imports (#3104, thanks [@Xunnamius])

[order]: add newlines-between-types option to control intragroup sorting of type-only imports (#3127, thanks [@Xunnamius])

[order]: add consolidateIslands option to collapse excess spacing for aesthetically pleasing imports (#3129, thanks [@Xunnamius])

Fixed

[no-unused-modules]: provide more meaningful error message when no .eslintrc is present (#3116, thanks [@michaelfaith])

configs: added missing name attribute for eslint config inspector (#3151, thanks [@NishargShah])

[order]: ensure arcane imports do not cause undefined behavior (#3128, thanks [@Xunnamius])

[order]: resolve undefined property access issue when using named ordering (#3166, thanks [@Xunnamius])

[enforce-node-protocol-usage]: avoid a crash with some TS code (#3173, thanks [@ljharb])

[order]: codify invariants from docs into config schema (#3152, thanks [@Xunnamius])

Changed

[Docs] [extensions], [order]: improve documentation (#3106, thanks [@Xunnamius])

[Docs] add flat config guide for using tseslint.config() (#3125, thanks [@lnuvy])

[Docs] add missing comma (#3122, thanks [@RyanGst])

[readme] Update flatConfig example to include typescript config (#3138, thanks [@intellix])

[Refactor] [order]: remove unnecessary negative check (#3167, thanks [@JounQin])

[Docs] [no-unused-modules]: add missing double quote (#3191, thanks [@albertpastrana])

[Docs] no-restricted-paths: clarify wording and fix errors (#3172, thanks [@greim])

Commits

01c9eb0 v2.32.0
ae57cc1 [Deps] update array-includes, array.prototype.findlastindex, `eslint-modu...
9e1ad6b [Fix] order: codify invariants from docs into config schema
f017790 [Docs] no-restricted-paths: clarify wording and fix errors
7d83a57 [Docs] no-unused-modules: add missing double quote
519eb94 [utils] v2.12.1
71ad145 [actions] split out tests into new vs old eslint
9b096c4 [utils] [dev deps] update @arethetypeswrong/cli, @ljharb/tsconfig, `@type...
da5f6ec [Fix] enforce-node-protocol-usage: avoid a crash with some TS code
6e49a58 [Refactor] order: remove unnecessary negative check
Additional commits viewable in compare view

Updates eslint-plugin-prettier from 5.4.1 to 5.5.3

Release notes

Sourced from eslint-plugin-prettier's releases.

v5.5.3

republish the latest version

Full Changelog: prettier/eslint-plugin-prettier@v5.5.2...v5.5.3

v5.5.2

republish the latest version

Full Changelog: prettier/eslint-plugin-prettier@v5.5.1...v5.5.2

v5.5.1

Patch Changes

#748 bfd1e95 Thanks @JounQin! - fix: use prettierRcOptions directly for prettier 3.6+

Full Changelog: prettier/eslint-plugin-prettier@v5.5.0...v5.5.1

v5.5.0

Minor Changes

#743 92f2c9c Thanks @dotcarmen! - feat: support non-js languages like css for @eslint/css and json for @eslint/json

New Contributors

@dotcarmen made their first contribution in prettier/eslint-plugin-prettier#743

Full Changelog: prettier/eslint-plugin-prettier@v5.4.1...v5.5.0

Changelog

Sourced from eslint-plugin-prettier's changelog.

Changelog

5.5.1

Patch Changes

#748 bfd1e95 Thanks @JounQin! - fix: use prettierRcOptions directly for prettier 3.6+

5.5.0

Minor Changes

#743 92f2c9c Thanks @dotcarmen! - feat: support non-js languages like css for @eslint/css and json for @eslint/json

Commits

cdfcefd fix: release a new latest version
d8c303e fix: release a new latest version
3e87f2e chore: release eslint-plugin-prettier (#749)
bfd1e95 fix: use prettierRcOptions directly for prettier 3.6+ (#748)
9c4b792 chore: release eslint-plugin-prettier (#744)
78e41ec chore(deps): update all dependencies (#745)
92f2c9c feat: support non-js languages (#743)
aa4935c chore(deps): update all dependencies (#742)
See full diff in compare view

Updates jest from 30.0.2 to 30.0.5

Changelog

Sourced from jest's changelog.

30.0.5

Features

[jest-config] Allow testMatch to take a string value

[jest-worker] Let workerIdleMemoryLimit accept 0 to always restart worker child processes

Fixes

[expect] Fix bigint error (#15702)

30.0.4

Features

[expect] The Inverse type is now exported (#15714)

[expect] feat: support async functions in toBe (#15704)

Fixes

[jest] jest --onlyFailures --listTests now correctly lists only failed tests (#15700)

[jest-snapshot] Handle line endings in snapshots (#15708)

30.0.3

Fixes

[jest-config] Fix ESM TS config loading in a CJS project (#15694)

[jest-core] jest --onlyFailures --listTests now correctly lists only failed tests(#15700)

Features

[jest-diff] Show non-printable control characters to diffs (#15696)

Commits

22236cf v30.0.5
f4296d2 v30.0.4
d4a6c94 v30.0.3
See full diff in compare view

Updates prettier from 3.5.3 to 3.6.2

Release notes

Sourced from prettier's releases.

3.6.2

What's Changed

Add missing blank line around code block by @fisker in prettier/prettier#17675

🔗 Changelog

3.6.1

Fix "Warning: File descriptor 39 closed but not opened in unmanaged mode" error when running --experimental-cli

🔗 Changelog

3.6.0

diff

🔗 Release note "Prettier 3.6: Experimental fast CLI and new OXC and Hermes plugins!"

Changelog

Sourced from prettier's changelog.

3.6.2

diff

Markdown: Add missing blank line around code block (#17675 by `@fisker`)

<!-- Input -->
1. Some text, and code block below, with newline after code block
---
foo: bar


Another
List

<!-- Prettier 3.6.1 -->


Some text, and code block below, with newline after code block
---
foo: bar


Another
List



<!-- Prettier 3.6.2 -->


Some text, and code block below, with newline after code block
---
foo: bar


Another
List

3.6.1

diff

TypeScript: Allow const without initializer (#17650, #17654 by `@fisker`)

// Input
</tr></table>

... (truncated)

Commits

7a8b05f Release 3.6.2
46526b4 Add missing blank line around code block (#17675)
a04ec11 chore(deps): update babel to v7.27.7 (#17684)
32be5b6 chore(deps): update dependency flow-parser to v0.274.1 (#17676)
b55e777 Update docs about "TypeScript Configuration Files" (#17677)
b197c99 chore(deps): update dependency @vitejs/plugin-react to v4.6.0 (#17674)
1185f83 chore(deps): update dependency @angular/compiler to v20.0.5 (#17680)
aa1316f chore(deps): update dependency browserslist to v4.25.1 (#17671)
c468d33 chore(deps): update dependency oxc-parser to v0.75.0 (#17672)
3f46d91 chore(deps): update dependency vite to v7 (#17673)
Additional commits viewable in compare view

Updates typescript from 5.8.3 to 5.9.2

Release notes

Sourced from typescript's releases.

TypeScript 5.9

For release notes, check out the release announcement

fixed issues query for Typescript 5.9.0 (Beta).

fixed issues query for Typescript 5.9.1 (RC).

No specific changes for TypeScript 5.9.2 (Stable)

Downloads are available on:

npm

TypeScript 5.9 RC

For release notes, check out the release announcement

fixed issues query for Typescript 5.9.0 (Beta).

fixed issues query for Typescript 5.9.1 (RC).

Downloads are available on:

npm

TypeScript 5.9 Beta

For release notes, check out the release announcement.

fixed issues query for Typescript 5.9.0 (Beta).

Downloads are available on:

npm

Commits

be86783 Give more specific errors for verbatimModuleSyntax (#62113)
22ef577 LEGO: Pull request from lego/hb_5378966c-b857-470a-8675-daebef4a6da1_20250714...
d5a414c Don't use noErrorTruncation when printing types with maximumLength set (#...
f14b5c8 Remove unused and confusing dom.iterable.d.ts file (#62037)
2778e84 Restore AbortSignal.abort (#62086)
65cb4bd LEGO: Pull request from lego/hb_5378966c-b857-470a-8675-daebef4a6da1_20250710...
9e20e03 Clear out checker-level stacks on pop (#62016)
87740bc Fix for Issue 61081 (#61221)
833a8d4 Fix Symbol completion priority and cursor positioning (#61945)
0018c9f LEGO: Pull request from lego/hb_5378966c-b857-470a-8675-daebef4a6da1_20250702...
Additional commits viewable in compare view

Updates webpack from 5.99.9 to 5.101.0

Release notes

Sourced from webpack's releases.

v5.101.0

Fixes

Fixed concatenate optimization for ESM that caused undefined export

Respect the output.environment.nodePrefixForCoreModules option everywhere

Respect the output.importMetaName option everywhere

Fixed await async dependencies when accepting them during HMR

Better typescript types

Features

Added colors helpers for CLI

Enable tree-shaking for ESM external modules with named imports

Added the deferImport option to parser options

Performance Improvements

Fixed a regression in module concatenation after implementing deferred import support

Fixed a potential performance issue in CleanPlugin

Avoid extra require in some places

v5.100.2

Fixes

Keep consistent CSS order

Dependency without the source order attribute must keep their original index

Keep module traversal consistent across reexport scenarios

Performance Improvements

Extend importPhasesPlugin only when enable deferImport (#19689)

v5.100.1

Fixes

Tree-shaking unused ignored modules

[Types] Compatibility with old Node.js versions

v5.100.0

Fixes

Fixed the case where an ES modules entry chunk depends on the runtime chunk hash

Handle function exports in webpack module wrapper

Ensure dependent chunks are imported before startup & fix duplicate export of 'default'

Generate lose closing brace when exports are unprovided

CleanPlugin doesn't unlink same file twice

Fixed unexpected error codes from fs.unlink on Windows

Typescript types

Features

... (truncated)

Commits

5b87bed chore(release): 5.101.0
fbb7a8d fix: await async dependencies when accepting them during HMR (#19739)
36a976b feat: added the deferImport option to parser options (#19737)
92304df fix: top level await don't leaves imported module wrapped in a Promise on HMR
f6b7a8e docs: update examples (#19742)
1eb5bb1 chore(deps-dev): bump the dependencies group with 2 updates (#19743)
42daf55 fix: fix potential performance issue in CleanPlugin (#19735)
2259693 chore(deps-dev): bump the dependencies group across 1 directory with 2 update...
3d2dfd2 chore(deps): update (#19736)
1f19f95 refactor: standardize ESM naming management (#19730)
Additional commits viewable in compare vi...
Description has been truncated

github-actions · 2025-08-04T22:31:24Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
✅ 0 package(s) with unknown licenses.
⚠️ 1 packages with OpenSSF Scorecard issues.

See the Details below.

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/@eslint/config-array

0.21.0

Unknown

npm/@eslint/config-helpers

0.3.1

Unknown

npm/@eslint/core

0.15.2

Unknown

npm/@eslint/js

9.33.0

🟢 6.4

Details

Check	Score	Reason
Code-Review	🟢 7	Found 22/30 approved changesets -- score normalized to 7
Maintained	🟢 10	30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
Security-Policy	🟢 4	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 10	SAST tool is run on all commits

npm/@eslint/plugin-kit

0.3.5

Unknown

npm/@jest/console

30.0.5

Unknown

npm/@jest/core

30.0.5

Unknown

npm/@jest/environment

30.0.5

Unknown

npm/@jest/expect

30.0.5

Unknown

npm/@jest/expect-utils

30.0.5

Unknown

npm/@jest/fake-timers

30.0.5

Unknown

npm/@jest/globals

30.0.5

Unknown

npm/@jest/reporters

30.0.5

Unknown

npm/@jest/schemas

30.0.5

Unknown

npm/@jest/snapshot-utils

30.0.5

Unknown

npm/@jest/test-result

30.0.5

Unknown

npm/@jest/test-sequencer

30.0.5

Unknown

npm/@jest/transform

30.0.5

Unknown

npm/@jest/types

30.0.5

Unknown

npm/@jridgewell/trace-mapping

0.3.30

⚠️ 2.8

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	⚠️ 0	project is archived
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
License	🟢 10	license file detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 3	7 existing vulnerabilities detected

npm/@sinclair/typebox

0.34.38

🟢 4.3

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 2	Found 6/29 approved changesets -- score normalized to 2
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Maintained	🟢 10	9 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

npm/@types/estree

1.0.8

🟢 6.9

Details

Check	Score	Reason
Code-Review	🟢 8	Found 26/30 approved changesets -- score normalized to 8
Maintained	🟢 10	30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Fuzzing	⚠️ 0	project is not fuzzed

npm/@types/node

24.2.1

🟢 6.9

Details

Check	Score	Reason
Code-Review	🟢 8	Found 26/30 approved changesets -- score normalized to 8
Maintained	🟢 10	30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Fuzzing	⚠️ 0	project is not fuzzed

npm/acorn-import-phases

1.0.4

Unknown

npm/array-includes

3.1.9

🟢 4.9

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 5	6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
SAST	⚠️ 0	no SAST tool detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	🟢 9	security policy file detected

npm/babel-jest

30.0.5

Unknown

npm/es-abstract

1.24.0

🟢 6

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/23 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 10	16 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
License	🟢 10	license file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 7	SAST tool detected but not run on all commits

npm/eslint

9.33.0

🟢 6.4

Details

Check	Score	Reason
Code-Review	🟢 7	Found 22/30 approved changesets -- score normalized to 7
Maintained	🟢 10	30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
Security-Policy	🟢 4	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 10	SAST tool is run on all commits

npm/eslint-config-prettier

10.1.8

🟢 5.7

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 6	2 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	🟢 4	Found 8/20 approved changesets -- score normalized to 4
License	🟢 10	license file detected
Pinned-Dependencies	🟢 7	dependency not pinned by hash detected -- score normalized to 7
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 7	3 existing vulnerabilities detected

npm/eslint-import-resolver-typescript

4.4.4

🟢 6.6

Details

Check	Score	Reason
Maintained	🟢 10	15 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 3	Found 6/17 approved changesets -- score normalized to 3
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	🟢 9	security policy file detected
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
SAST	🟢 8	SAST tool is not run on all commits -- score normalized to 8
Vulnerabilities	🟢 7	3 existing vulnerabilities detected

npm/eslint-module-utils

2.12.1

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 6	Found 19/30 approved changesets -- score normalized to 6
Maintained	🟢 10	6 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/eslint-plugin-import

2.32.0

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 6	Found 19/30 approved changesets -- score normalized to 6
Maintained	🟢 10	6 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/eslint-plugin-prettier

5.5.4

🟢 6

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Code-Review	⚠️ 2	Found 4/16 approved changesets -- score normalized to 2
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 10	14 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 7	3 existing vulnerabilities detected

npm/expect

30.0.5

Unknown

npm/is-negative-zero

2.0.3

🟢 4.4

Details

Check	Score	Reason
SAST	⚠️ 0	no SAST tool detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	🟢 9	security policy file detected

npm/jest

30.0.5

Unknown

npm/jest-changed-files

30.0.5

Unknown

npm/jest-circus

30.0.5

Unknown

npm/jest-cli

30.0.5

Unknown

npm/jest-config

30.0.5

Unknown

npm/jest-diff

30.0.5

Unknown

npm/jest-each

30.0.5

Unknown

npm/jest-environment-node

30.0.5

Unknown

npm/jest-haste-map

30.0.5

Unknown

npm/jest-leak-detector

30.0.5

Unknown

npm/jest-matcher-utils

30.0.5

Unknown

npm/jest-message-util

30.0.5

Unknown

npm/jest-mock

30.0.5

Unknown

npm/jest-resolve

30.0.5

Unknown

npm/jest-resolve-dependencies

30.0.5

Unknown

npm/jest-runner

30.0.5

Unknown

npm/jest-runtime

30.0.5

Unknown

npm/jest-snapshot

30.0.5

Unknown

npm/jest-util

30.0.5

Unknown

npm/jest-validate

30.0.5

Unknown

npm/jest-watcher

30.0.5

Unknown

npm/jest-worker

30.0.5

Unknown

npm/prettier

3.6.2

🟢 6.7

Details

Check	Score	Reason
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	⚠️ 1	Found 1/6 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 6	4 existing vulnerabilities detected

npm/pretty-format

30.0.5

Unknown

npm/stable-hash-x

0.2.0

Unknown

npm/stop-iteration-iterator

1.1.0

🟢 4.5

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/17 approved changesets -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
SAST	⚠️ 0	no SAST tool detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	🟢 10	security policy file detected

npm/typescript

5.9.2

🟢 8.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
Packaging	⚠️ -1	packaging workflow not detected
Dependency-Update-Tool	🟢 10	update tool detected
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
License	🟢 10	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
SAST	🟢 9	SAST tool detected but not run on all commits
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Vulnerabilities	🟢 8	2 existing vulnerabilities detected
Fuzzing	🟢 10	project is fuzzed
CI-Tests	🟢 9	29 out of 30 merged PRs checked by a CI test -- score normalized to 9
Contributors	🟢 10	project has 35 contributing companies or organizations

npm/undici-types

7.10.0

🟢 8.1

Details

Check	Score	Reason
Code-Review	🟢 9	Found 22/23 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool	🟢 10	update tool detected
Security-Policy	🟢 9	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 8	binaries present in source code
License	🟢 10	license file detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Packaging	🟢 10	packaging workflow detected
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 9	SAST tool detected but not run on all commits
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests	🟢 10	30 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors	🟢 10	project has 77 contributing companies or organizations

npm/webpack

5.101.0

🟢 6

Details

Check	Score	Reason
Code-Review	🟢 5	Found 12/24 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 10	30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/webpack-sources

3.3.3

🟢 4.5

Details

Check	Score	Reason
Code-Review	🟢 3	Found 7/22 approved changesets -- score normalized to 3
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 10	18 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 4	6 existing vulnerabilities detected

npm/@types/node

^24.2.1

🟢 6.9

Details

Check	Score	Reason
Code-Review	🟢 8	Found 26/30 approved changesets -- score normalized to 8
Maintained	🟢 10	30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
License	🟢 9	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Fuzzing	⚠️ 0	project is not fuzzed

npm/eslint

^9.33.0

🟢 6.4

Details

Check	Score	Reason
Code-Review	🟢 7	Found 22/30 approved changesets -- score normalized to 7
Maintained	🟢 10	30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
Security-Policy	🟢 4	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 10	SAST tool is run on all commits

npm/eslint-config-prettier

^10.1.8

🟢 5.7

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 6	2 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 6
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	🟢 4	Found 8/20 approved changesets -- score normalized to 4
License	🟢 10	license file detected
Pinned-Dependencies	🟢 7	dependency not pinned by hash detected -- score normalized to 7
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 7	3 existing vulnerabilities detected

npm/eslint-import-resolver-typescript

^4.4.4

🟢 6.6

Details

Check	Score	Reason
Maintained	🟢 10	15 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 3	Found 6/17 approved changesets -- score normalized to 3
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	🟢 9	security policy file detected
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
SAST	🟢 8	SAST tool is not run on all commits -- score normalized to 8
Vulnerabilities	🟢 7	3 existing vulnerabilities detected

npm/eslint-plugin-import

^2.32.0

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 6	Found 19/30 approved changesets -- score normalized to 6
Maintained	🟢 10	6 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/eslint-plugin-prettier

^5.5.4

🟢 6

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Code-Review	⚠️ 2	Found 4/16 approved changesets -- score normalized to 2
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 10	14 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 7	3 existing vulnerabilities detected

npm/jest

^30.0.5

Unknown

npm/prettier

^3.6.2

🟢 6.7

Details

Check	Score	Reason
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	⚠️ 1	Found 1/6 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 6	4 existing vulnerabilities detected

npm/typescript

^5.9.2

🟢 8.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
Packaging	⚠️ -1	packaging workflow not detected
Dependency-Update-Tool	🟢 10	update tool detected
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
License	🟢 10	license file detected
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
SAST	🟢 9	SAST tool detected but not run on all commits
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Vulnerabilities	🟢 8	2 existing vulnerabilities detected
Fuzzing	🟢 10	project is fuzzed
CI-Tests	🟢 9	29 out of 30 merged PRs checked by a CI test -- score normalized to 9
Contributors	🟢 10	project has 35 contributing companies or organizations

npm/webpack

^5.101.0

🟢 6

Details

Check	Score	Reason
Code-Review	🟢 5	Found 12/24 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 10	30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

Scanned Files

package-lock.json
package.json

…ectory with 10 updates Bumps the development-dependencies group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.0.3` | `24.2.0` | | [eslint](https://github.com/eslint/eslint) | `9.29.0` | `9.32.0` | | [eslint-config-prettier](https://github.com/prettier/eslint-config-prettier) | `10.1.5` | `10.1.8` | | [eslint-import-resolver-typescript](https://github.com/import-js/eslint-import-resolver-typescript) | `4.4.3` | `4.4.4` | | [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) | `2.31.0` | `2.32.0` | | [eslint-plugin-prettier](https://github.com/prettier/eslint-plugin-prettier) | `5.4.1` | `5.5.3` | | [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `30.0.2` | `30.0.5` | | [prettier](https://github.com/prettier/prettier) | `3.5.3` | `3.6.2` | | [typescript](https://github.com/microsoft/TypeScript) | `5.8.3` | `5.9.2` | | [webpack](https://github.com/webpack/webpack) | `5.99.9` | `5.101.0` | Updates `@types/node` from 24.0.3 to 24.2.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `eslint` from 9.29.0 to 9.32.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](eslint/eslint@v9.29.0...v9.32.0) Updates `eslint-config-prettier` from 10.1.5 to 10.1.8 - [Release notes](https://github.com/prettier/eslint-config-prettier/releases) - [Changelog](https://github.com/prettier/eslint-config-prettier/blob/main/CHANGELOG.md) - [Commits](prettier/eslint-config-prettier@v10.1.5...v10.1.8) Updates `eslint-import-resolver-typescript` from 4.4.3 to 4.4.4 - [Release notes](https://github.com/import-js/eslint-import-resolver-typescript/releases) - [Changelog](https://github.com/import-js/eslint-import-resolver-typescript/blob/master/CHANGELOG.md) - [Commits](import-js/eslint-import-resolver-typescript@v4.4.3...v4.4.4) Updates `eslint-plugin-import` from 2.31.0 to 2.32.0 - [Release notes](https://github.com/import-js/eslint-plugin-import/releases) - [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md) - [Commits](import-js/eslint-plugin-import@v2.31.0...v2.32.0) Updates `eslint-plugin-prettier` from 5.4.1 to 5.5.3 - [Release notes](https://github.com/prettier/eslint-plugin-prettier/releases) - [Changelog](https://github.com/prettier/eslint-plugin-prettier/blob/main/CHANGELOG.md) - [Commits](prettier/eslint-plugin-prettier@v5.4.1...v5.5.3) Updates `jest` from 30.0.2 to 30.0.5 - [Release notes](https://github.com/jestjs/jest/releases) - [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/jestjs/jest/commits/v30.0.5/packages/jest) Updates `prettier` from 3.5.3 to 3.6.2 - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.5.3...3.6.2) Updates `typescript` from 5.8.3 to 5.9.2 - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release-publish.yml) - [Commits](microsoft/TypeScript@v5.8.3...v5.9.2) Updates `webpack` from 5.99.9 to 5.101.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.99.9...v5.101.0) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 24.2.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: eslint dependency-version: 9.32.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: eslint-config-prettier dependency-version: 10.1.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: eslint-import-resolver-typescript dependency-version: 4.4.4 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: eslint-plugin-import dependency-version: 2.32.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: eslint-plugin-prettier dependency-version: 5.5.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: jest dependency-version: 30.0.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: prettier dependency-version: 3.6.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: typescript dependency-version: 5.9.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: webpack dependency-version: 5.101.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2025-09-15T16:16:02Z

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

dependabot bot added the dependencies Pull requests that update a dependency file label Aug 4, 2025

dependabot bot force-pushed the dependabot/npm_and_yarn/development-dependencies-2c892b6083 branch from 5b2bc7e to 4e4ae0a Compare August 12, 2025 17:41

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps-dev): bump the development-dependencies group across 1 directory with 10 updates #53

chore(deps-dev): bump the development-dependencies group across 1 directory with 10 updates #53

Uh oh!

dependabot bot commented on behalf of github Aug 4, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Aug 4, 2025 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Sep 15, 2025

Uh oh!

Uh oh!

chore(deps-dev): bump the development-dependencies group across 1 directory with 10 updates #53

Are you sure you want to change the base?

chore(deps-dev): bump the development-dependencies group across 1 directory with 10 updates #53

Uh oh!

Conversation

dependabot bot commented on behalf of github Aug 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v9.32.0

Features

Bug Fixes

Documentation

Chores

v9.31.0

Features

Bug Fixes

Documentation

Chores

v10.1.8

eslint-config-prettier

v4.4.4

Patch Changes

New Contributors

4.4.4

Patch Changes

v2.32.0

Added

Fixed

Changed

[2.32.0] - 2025-06-20

Added

Fixed

Changed

v5.5.3

v5.5.2

v5.5.1

Patch Changes

v5.5.0

Minor Changes

New Contributors

Changelog

5.5.1

Patch Changes

5.5.0

Minor Changes

30.0.5

Features

Fixes

30.0.4

Features

Fixes

30.0.3

Fixes

Features

3.6.2

What's Changed

3.6.1

3.6.0

3.6.2

Markdown: Add missing blank line around code block (#17675 by @​fisker)

3.6.1

TypeScript: Allow const without initializer (#17650, #17654 by @​fisker)

TypeScript 5.9

TypeScript 5.9 RC

TypeScript 5.9 Beta

v5.101.0

Fixes

Features

Performance Improvements

v5.100.2

Fixes

Performance Improvements

v5.100.1

Fixes

v5.100.0

Fixes

Features

Uh oh!

github-actions bot commented Aug 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Dependency Review

dependabot bot commented on behalf of github Aug 4, 2025 •

edited

Loading

Markdown: Add missing blank line around code block (#17675 by `@fisker`)

TypeScript: Allow const without initializer (#17650, #17654 by `@fisker`)

github-actions bot commented Aug 4, 2025 •

edited

Loading