Skip to content

deps(dev)(deps-dev): Bump the dev-minor-patch group across 1 directory with 7 updates#170

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dev-minor-patch-59f67a01e2
Open

deps(dev)(deps-dev): Bump the dev-minor-patch group across 1 directory with 7 updates#170
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dev-minor-patch-59f67a01e2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 9, 2026

Copy link
Copy Markdown
Contributor

Bumps the dev-minor-patch group with 7 updates in the / directory:

Package From To
@types/bun 1.3.9 1.3.10
@types/node 25.3.2 25.3.5
apexcharts 5.6.0 5.10.1
eslint 10.0.2 10.0.3
globals 17.3.0 17.4.0
htmlhint 1.9.1 1.9.2
stylelint 17.3.0 17.4.0

Updates @types/bun from 1.3.9 to 1.3.10

Commits

Updates @types/node from 25.3.2 to 25.3.5

Commits

Updates apexcharts from 5.6.0 to 5.10.1

Release notes

Sourced from apexcharts's releases.

💎 Version 5.10.1

Bug Fixes

Chart Registry Survives Duplicate Module Instances

Problem: When a bundler (Vite, webpack, etc.) accidentally creates two separate copies of the ApexCharts module - for example when mixing CJS and ESM imports, or when optimizeDeps is not configured - ApexCharts.use() would write to one module's registry while the chart renderer read from another. The chart type was effectively never registered, causing a runtime error.

Fix: The chart type registry is now stored on globalThis.__apexcharts_registry__ instead of a module-local variable. All module instances share a single registry on the global object, so registration is never silently lost regardless of how many module copies the bundler created.

This is a defense-in-depth fix. For best results, configure your bundler to deduplicate ApexCharts (Vite: add apexcharts to optimizeDeps.include). The globalThis registry ensures the library degrades gracefully even when deduplication is not configured.

💎 Version 5.10.0

New Features

Per-Type Modular Entry Points

Every public chart type now has its own dedicated entry point matching the chart.type string you already use in config. Previously, users needed to know the internal grouping (e.g. apexcharts/heatmap for treemap charts); now you import by the exact type name.

New entry points:

Import Chart type(s) registered
apexcharts/line line
apexcharts/area area
apexcharts/scatter scatter
apexcharts/bubble bubble
apexcharts/rangeArea rangeArea
apexcharts/bar bar
apexcharts/column bar (column mode)
apexcharts/rangeBar rangeBar
apexcharts/candlestick candlestick
apexcharts/boxPlot boxPlot
apexcharts/pie pie
apexcharts/donut donut
apexcharts/polarArea polarArea
apexcharts/radialBar radialBar
apexcharts/radar radar
apexcharts/heatmap heatmap
apexcharts/treemap treemap (new standalone entry)

Example:

import ApexCharts from 'apexcharts/core'
import 'apexcharts/scatter'    // instead of 'apexcharts/line'
import 'apexcharts/donut'      // instead of 'apexcharts/pie'
import 'apexcharts/treemap'    // instead of 'apexcharts/heatmap'
import 'apexcharts/features/legend'
</tr></table> 

... (truncated)

Commits
  • 08a42b8 release: 5.10.1
  • 0ef2b48 fix: use globalThis for chart registry to survive duplicate module instances
  • b225a37 release: 5.10.0
  • b90a06d feat: add per-type modular entry points for all chart types
  • b9ddfbb release: 5.9.0
  • 996d7d7 release: 5.8.2-beta.1
  • f3ab069 feat: add color-blind mode support & tree-shaking sub-entry deduplication
  • da7f4ef build: 5.8.1
  • 32c46b1 release: 5.8.1
  • 3fb8ca2 fix #5177; tree-shaking link in README
  • Additional commits viewable in compare view
Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates eslint from 10.0.2 to 10.0.3

Release notes

Sourced from eslint's releases.

v10.0.3

Bug Fixes

  • e511b58 fix: update eslint (#20595) (renovate[bot])
  • f4c9cf9 fix: include variable name in no-useless-assignment message (#20581) (sethamus)
  • ee9ff31 fix: update dependency minimatch to ^10.2.4 (#20562) (Milos Djermanovic)

Documentation

  • 9fc31b0 docs: Update README (GitHub Actions Bot)
  • 4efaa36 docs: add info box for eslint-plugin-eslint-comments (#20570) (DesselBane)
  • 23b2759 docs: add v10 migration guide link to Use docs index (#20577) (Pixel998)
  • 80259a9 docs: Remove deprecated eslintrc documentation files (#20472) (Copilot)
  • 9b9b4ba docs: fix typo in no-await-in-loop documentation (#20575) (Pixel998)
  • e7d72a7 docs: document TypeScript 5.3 minimum supported version (#20547) (sethamus)

Chores

  • ef8fb92 chore: package.json update for eslint-config-eslint release (Jenkins)
  • e8f2104 chore: updates for v9.39.4 release (Jenkins)
  • 5cd1604 refactor: simplify isCombiningCharacter helper (#20524) (Huáng Jùnliàng)
  • 70ff1d0 chore: eslint-config-eslint require Node ^20.19.0 || ^22.13.0 || >=24 (#20586) (Milos Djermanovic)
  • e32df71 chore: update eslint-plugin-eslint-comments, remove legacy-peer-deps (#20576) (Milos Djermanovic)
  • 53ca6ee chore: disable eslint-comments/no-unused-disable rule (#20578) (Milos Djermanovic)
  • e121895 ci: pin Node.js 25.6.1 (#20559) (Milos Djermanovic)
  • efc5aef chore: update tsconfig.json in eslint-config-eslint (#20551) (Francesco Trotta)
Commits
  • bfce7ea 10.0.3
  • d44ced8 Build: changelog update for 10.0.3
  • e511b58 fix: update eslint (#20595)
  • ef8fb92 chore: package.json update for eslint-config-eslint release
  • e8f2104 chore: updates for v9.39.4 release
  • 5cd1604 refactor: simplify isCombiningCharacter helper (#20524)
  • 9fc31b0 docs: Update README
  • 70ff1d0 chore: eslint-config-eslint require Node ^20.19.0 || ^22.13.0 || >=24 (#20586)
  • f4c9cf9 fix: include variable name in no-useless-assignment message (#20581)
  • 4efaa36 docs: add info box for eslint-plugin-eslint-comments (#20570)
  • Additional commits viewable in compare view

Updates globals from 17.3.0 to 17.4.0

Release notes

Sourced from globals's releases.

v17.4.0

  • Update globals (2026-03-01) (#338) d43a051

sindresorhus/globals@v17.3.0...v17.4.0

Commits

Updates htmlhint from 1.9.1 to 1.9.2

Release notes

Sourced from htmlhint's releases.

v1.9.2

  • Dependencies update
Commits
  • 2f60ba4 Bump version to 1.9.2 and update docs (#1818)
  • 7395a3c chore(deps): bump rollup from 4.44.0 to 4.59.0 in /website (#1813)
  • 21dd490 npm audit fix (#1817)
  • d0f24da chore(deps): bump svgo from 4.0.0 to 4.0.1 in /website (#1815)
  • 6e59b30 chore(deps): bump github/codeql-action in the github-actions group (#1814)
  • a024ce8 chore(deps): bump minimatch (#1812)
  • dc9ede7 chore(deps): bump devalue from 5.6.2 to 5.6.3 in /website (#1809)
  • 75cdf02 chore(deps): bump super-linter/super-linter in the github-actions group (#1810)
  • 4e012bc Add dependabot cooldown; bump Astro & esbuild (#1808)
  • See full diff in compare view

Updates stylelint from 17.3.0 to 17.4.0

Release notes

Sourced from stylelint's releases.

17.4.0

It adds 2 options to the rules and fixes 7 bugs.

  • Added: ignoreAtRules: [] to at-rule-no-vendor-prefix (#9096) (@​theacrat).
  • Added: ignoreMediaFeatureNames: [] to media-feature-name-no-vendor-prefix (#9097) (@​theacrat).
  • Fixed: performance of selector cloning rules (#9089) (@​jeddy3).
  • Fixed: *-empty-line-before performance (#9092) (@​jeddy3).
  • Fixed: declaration-property-value-no-unknown performance (#9090) (@​jeddy3).
  • Fixed: no-irregular-whitespace performance (#9091) (@​jeddy3).
  • Fixed: property-no-unknown false negatives for at-rule descriptors (#9109) (@​jeddy3).
  • Fixed: property-no-unknown false positives for corner-shape (#9099) (@​jeddy3).
  • Fixed: property-no-unknown false positives for double-slashed properties (#9099) (@​jeddy3).
Changelog

Sourced from stylelint's changelog.

17.4.0 - 2026-02-25

It adds 2 options to the rules and fixes 7 bugs.

  • Added: ignoreAtRules: [] to at-rule-no-vendor-prefix (#9096) (@​theacrat).
  • Added: ignoreMediaFeatureNames: [] to media-feature-name-no-vendor-prefix (#9097) (@​theacrat).
  • Fixed: performance of selector cloning rules (#9089) (@​jeddy3).
  • Fixed: *-empty-line-before performance (#9092) (@​jeddy3).
  • Fixed: declaration-property-value-no-unknown performance (#9090) (@​jeddy3).
  • Fixed: no-irregular-whitespace performance (#9091) (@​jeddy3).
  • Fixed: property-no-unknown false negatives for at-rule descriptors (#9109) (@​jeddy3).
  • Fixed: property-no-unknown false positives for corner-shape (#9099) (@​jeddy3).
  • Fixed: property-no-unknown false positives for double-slashed properties (#9099) (@​jeddy3).
Commits
  • 556b7ad Release 17.4.0 (#9113)
  • 05f64ad Run npm audit for minimatch (#9112)
  • d358479 Document steps for adding an option and fixing a rule bug (#9111)
  • 467c5c9 Fix property-no-unknown false negatives for at-rule descriptors (#9109)
  • 4250b21 Document opening a pull request requests in CONTRIBUTING (#9110)
  • effb787 Remove husky (#8984)
  • f38a18c Remove redundant @types/file-entry-cache type dep (#9108)
  • 83ed11b Add ignoreAtRules: [] to at-rule-no-vendor-prefix (#9096)
  • 0a8f468 Add ignoreMediaFeatureNames: [] to media-feature-name-no-vendor-prefix (#...
  • 83cfd65 Fix property-no-unknown false positives for corner-shape (#9099)
  • Additional commits viewable in compare view
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note

Bump dev-minor-patch dependencies in package.json to update 7 development packages across 1 directory

Update versions for @types/bun, @types/node, apexcharts, eslint, globals, htmlhint, and stylelint in package.json.

📍Where to Start

Start with the dependency changes in package.json.

Macroscope summarized 8de5144.


Summary by cubic

Bump seven dev dependencies to current minor/patch versions to pick up bug fixes, small features, and linting improvements. No app code changes.

  • Dependencies

    • apexcharts 5.6.0 → 5.10.1
    • eslint 10.0.2 → 10.0.3
    • stylelint 17.3.0 → 17.4.0
    • globals 17.3.0 → 17.4.0
    • htmlhint 1.9.1 → 1.9.2
    • @types/node 25.3.2 → 25.3.5
    • @types/bun 1.3.9 → 1.3.10
  • Migration

    • apexcharts and stylelint run a prepare script on install. Ensure CI allows lifecycle scripts.
    • If you see duplicate-module bundling issues, dedupe apexcharts (e.g., add to Vite optimizeDeps.include).

Written for commit 8de5144. Summary will update on new commits.

…y with 7 updates

Bumps the dev-minor-patch group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@types/bun](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/bun) | `1.3.9` | `1.3.10` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.3.2` | `25.3.5` |
| [apexcharts](https://github.com/apexcharts/apexcharts.js) | `5.6.0` | `5.10.1` |
| [eslint](https://github.com/eslint/eslint) | `10.0.2` | `10.0.3` |
| [globals](https://github.com/sindresorhus/globals) | `17.3.0` | `17.4.0` |
| [htmlhint](https://github.com/htmlhint/HTMLHint) | `1.9.1` | `1.9.2` |
| [stylelint](https://github.com/stylelint/stylelint) | `17.3.0` | `17.4.0` |



Updates `@types/bun` from 1.3.9 to 1.3.10
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/bun)

Updates `@types/node` from 25.3.2 to 25.3.5
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `apexcharts` from 5.6.0 to 5.10.1
- [Release notes](https://github.com/apexcharts/apexcharts.js/releases)
- [Commits](apexcharts/apexcharts.js@v5.6.0...v5.10.1)

Updates `eslint` from 10.0.2 to 10.0.3
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.0.2...v10.0.3)

Updates `globals` from 17.3.0 to 17.4.0
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](sindresorhus/globals@v17.3.0...v17.4.0)

Updates `htmlhint` from 1.9.1 to 1.9.2
- [Release notes](https://github.com/htmlhint/HTMLHint/releases)
- [Commits](htmlhint/HTMLHint@v1.9.1...v1.9.2)

Updates `stylelint` from 17.3.0 to 17.4.0
- [Release notes](https://github.com/stylelint/stylelint/releases)
- [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md)
- [Commits](stylelint/stylelint@17.3.0...17.4.0)

---
updated-dependencies:
- dependency-name: "@types/bun"
  dependency-version: 1.3.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-minor-patch
- dependency-name: "@types/node"
  dependency-version: 25.3.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-minor-patch
- dependency-name: apexcharts
  dependency-version: 5.10.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor-patch
- dependency-name: eslint
  dependency-version: 10.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-minor-patch
- dependency-name: globals
  dependency-version: 17.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor-patch
- dependency-name: htmlhint
  dependency-version: 1.9.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-minor-patch
- dependency-name: stylelint
  dependency-version: 17.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Mar 9, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, npm. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@github-actions

github-actions Bot commented Mar 9, 2026

Copy link
Copy Markdown
Contributor

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ❌ 1 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ✅ 0 package(s) with unknown licenses.
See the Details below.

License Issues

package.json

PackageVersionLicenseIssue Type
apexcharts5.10.1LicenseRef-bad-see-license-in-licenseIncompatible License
Allowed Licenses: MIT, ISC, Apache-2.0, BSD-2-Clause, BSD-3-Clause, 0BSD, CC0-1.0, CC-BY-3.0, CC-BY-4.0, Unlicense, Python-2.0, BlueOak-1.0.0, Artistic-2.0, Zlib, MPL-2.0

OpenSSF Scorecard

PackageVersionScoreDetails
npm/@types/bun 1.3.10 🟢 6.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 8Found 23/28 approved changesets -- score normalized to 8
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
npm/@types/node 25.3.5 🟢 6.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 8Found 23/28 approved changesets -- score normalized to 8
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
npm/apexcharts 5.10.1 🟢 5
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/24 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy⚠️ 0security policy file not detected
Binary-Artifacts🟢 10no binaries found in the repo
License🟢 9license file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
npm/eslint 10.0.3 🟢 6.3
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 8Found 22/27 approved changesets -- score normalized to 8
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
License🟢 10license file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ -1internal error: internal error: Client.Checks.ListCheckRunsForRef: internal error: ListCheckRunsForRef: GET https://api.github.com/repos/eslint/eslint/commits/1f09695a7a5271a736cc06cadf360ebb6288296a/check-runs: 500 []
npm/globals 17.4.0 🟢 5
Details
CheckScoreReason
Maintained🟢 1020 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Code-Review🟢 5Found 14/24 approved changesets -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/htmlhint 1.9.2 🟢 8.2
Details
CheckScoreReason
Dependency-Update-Tool🟢 10update tool detected
Security-Policy🟢 10security policy file detected
Code-Review⚠️ 0Found 0/10 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 1025 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Pinned-Dependencies🟢 10all dependencies are pinned
License🟢 10license file detected
CII-Best-Practices🟢 5badge detected: Passing
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Packaging🟢 10packaging workflow detected
Vulnerabilities🟢 73 existing vulnerabilities detected
SAST🟢 10SAST tool is run on all commits
Fuzzing⚠️ 0project is not fuzzed
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 47 contributing companies or organizations
npm/stylelint 17.4.0 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 8detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
CII-Best-Practices⚠️ 2badge detected: InProgress
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Security-Policy🟢 4security policy file detected
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9

Scanned Files

  • package.json

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant