chore(dev)(deps-dev): bump the dev-deps group across 1 directory with 11 updates

[dependabot]

Bumps the dev-deps group with 11 updates in the / directory:

Package	From	To
@types/node	24.5.1	24.10.0
eslint	9.36.0	9.39.0
eslint-plugin-playwright	2.2.2	2.3.0
eslint-plugin-react-hooks	5.2.0	7.0.1
eslint-plugin-storybook	9.1.6	10.0.2
eslint-plugin-unused-imports	4.2.0	4.3.0
prettier-plugin-tailwindcss	0.6.14	0.7.1
stylelint	16.24.0	16.25.0
stylelint-config-standard	39.0.0	39.0.1
typescript	5.9.2	5.9.3
vitest	3.2.4	4.0.6

Updates @types/node from 24.5.1 to 24.10.0

Commits

• See full diff in compare view

Updates eslint from 9.36.0 to 9.39.0

Release notes

Sourced from eslint's releases.

v9.39.0

Features

• cc57d87 feat: update error loc to key in no-dupe-class-members (#20259) (Tanuj Kanti)
• 126552f feat: update error location in for-direction and no-dupe-args (#20258) (Tanuj Kanti)
• 167d097 feat: update complexity rule to highlight only static block header (#20245) (jaymarvelz)

Bug Fixes

• 15f5c7c fix: forward traversal step.args to visitors (#20253) (jaymarvelz)
• 5a1a534 fix: allow JSDoc comments in object-shorthand rule (#20167) (Nitin Kumar)
• e86b813 fix: Use more types from @​eslint/core (#20257) (Nicholas C. Zakas)
• 927272d fix: correct Scope typings (#20198) (jaymarvelz)
• 37f76d9 fix: use AST.Program type for Program node (#20244) (Francesco Trotta)
• ae07f0b fix: unify timing report for concurrent linting (#20188) (jaymarvelz)
• b165d47 fix: correct Rule typings (#20199) (jaymarvelz)
• fb97cda fix: improve error message for missing fix function in suggestions (#20218) (jaymarvelz)

Documentation

• d3e81e3 docs: Always recommend to include a files property (#20158) (Percy Ma)
• 0f0385f docs: use consistent naming recommendation (#20250) (Alex M. Spieslechner)
• a3b1456 docs: Update README (GitHub Actions Bot)
• cf5f2dd docs: fix correct tag of no-useless-constructor (#20255) (Tanuj Kanti)
• 10b995c docs: add TS options and examples for nofunc in no-use-before-define (#20249) (Tanuj Kanti)
• 2584187 docs: remove repetitive word in comment (#20242) (reddaisyy)
• 637216b docs: update CLI flags migration instructions (#20238) (jaymarvelz)
• e7cda3b docs: Update README (GitHub Actions Bot)
• 7b9446f docs: handle empty flags sections on the feature flags page (#20222) (sethamus)

Chores

• dfe3c1b chore: update @eslint/js version to 9.39.0 (#20270) (Francesco Trotta)
• 2375a6d chore: package.json update for @​eslint/js release (Jenkins)
• a1f4e52 chore: update @eslint dependencies (#20265) (Francesco Trotta)
• c7d3229 chore: update dependency @​eslint/core to ^0.17.0 (#20256) (renovate[bot])
• 27549bc chore: update fuzz testing to not error if code sample minimizer fails (#20252) (Milos Djermanovic)
• a1370ee ci: bump actions/setup-node from 5 to 6 (#20230) (dependabot[bot])
• 9e7fad4 chore: add script to auto-generate eslint:recommended configuration (#20208) (唯然)

v9.38.0

Features

• ce40f74 feat: update complexity rule to only highlight function header (#20048) (Atul Nair)
• e37e590 feat: correct no-loss-of-precision false positives with e notation (#20187) (Francesco Trotta)

Bug Fixes

• 50c3dfd fix: improve type support for isolated dependencies in pnpm (#20201) (Francesco Trotta)
• a1f06a3 fix: correct SourceCode typings (#20114) (Pixel998)

Documentation

• 462675a docs: improve web accessibility by hiding non-semantic character (#20205) (루밀LuMir)
• c070e65 docs: correct formatting in no-irregular-whitespace rule documentation (#20203) (루밀LuMir)
• b39e71a docs: Update README (GitHub Actions Bot)
• cd39983 docs: move custom-formatters type descriptions to nodejs-api (#20190) (Percy Ma)

... (truncated)

Commits

• ac3a60d 9.39.0
• e79017f Build: changelog update for 9.39.0
• dfe3c1b chore: update @eslint/js version to 9.39.0 (#20270)
• 2375a6d chore: package.json update for @​eslint/js release
• d3e81e3 docs: Always recommend to include a files property (#20158)
• 15f5c7c fix: forward traversal step.args to visitors (#20253)
• 5a1a534 fix: allow JSDoc comments in object-shorthand rule (#20167)
• cc57d87 feat: update error loc to key in no-dupe-class-members (#20259)
• a1f4e52 chore: update @eslint dependencies (#20265)
• e86b813 fix: Use more types from @​eslint/core (#20257)
• Additional commits viewable in compare view

Updates eslint-plugin-playwright from 2.2.2 to 2.3.0

Release notes

Sourced from eslint-plugin-playwright's releases.

v2.3.0

2.3.0 (2025-10-31)

Bug Fixes

• Check for test tags in titles (377238c), closes #392

Features

• Add no-unused-locators rule (#396) (c0937d7)

Commits

• c0937d7 feat: Add no-unused-locators rule (#396)
• 6b85256 chore: Cleanup imports
• 377238c fix: Check for test tags in titles
• 3ecf3ab Update globals dependency, raise typescript target to es2022 (#391)
• See full diff in compare view

Updates eslint-plugin-react-hooks from 5.2.0 to 7.0.1

Changelog

Sourced from eslint-plugin-react-hooks's changelog.

7.0.1

• Disallowed passing inline useEffectEvent values as JSX props to guard against accidental propagation. (#34820 by @​jf-eirinha)
• Switch to export = so eslint-plugin-react-hooks emits correct types for consumers in Node16 ESM projects. (#34949 by @​karlhorky)
• Tightened the typing of configs.flat so the configs export is always defined. (#34950 by @​poteto)
• Fix named import runtime errors. (#34951, #34953 by @​karlhorky)

7.0.0

This release slims down presets to just 2 configurations (recommended and recommended-latest), and all compiler rules are enabled by default.

• Breaking: Removed recommended-latest-legacy and flat/recommended configs. The plugin now provides recommended (legacy and flat configs with all recommended rules), and recommended-latest (legacy and flat configs with all recommended rules plus new bleeding edge experimental compiler rules). (@​poteto in #34757)

6.1.1

Note: 6.1.0 accidentally allowed use of recommended without flat config, causing errors when used with ESLint v9's defineConfig() helper. This has been fixed in 6.1.1.

• Fix recommended config for flat config compatibility. The recommended config has been converted to flat config format. Non-flat config users should use recommended-legacy instead. (@​poteto in #34700)
• Add recommended-latest and recommended-latest-legacy configs that include React Compiler rules. (@​poteto in #34675)
• Remove unused NoUnusedOptOutDirectives rule. (@​poteto in #34703)
• Remove hermes-parser and dependency. (@​poteto in #34719)
• Remove @babel/plugin-proposal-private-methods dependency. (@​ArnaudBarre and @​josephsavona in #34715)
• Update for Zod v3/v4 compatibility. (@​kolian and @​josephsavona in #34717)

6.1.0

Note: Version 6.0.0 was mistakenly released and immediately deprecated and untagged on npm. This is the first official 6.x major release and includes breaking changes.

• Breaking: Require Node.js 18 or newer. (@​michaelfaith in #32458)
• Breaking: Flat config is now the default recommended preset. Legacy config moved to recommended-legacy. (@​michaelfaith in #32457)
• New Violations: Disallow calling use within try/catch blocks. (@​poteto in #34040)
• New Violations: Disallow calling useEffectEvent functions in arbitrary closures. (@​jbrown215 in #33544)
• Handle React.useEffect in addition to useEffect in rules-of-hooks. (@​Ayc0 in #34076)
• Added react-hooks settings config option that to accept additionalEffectHooks that are used across exhaustive-deps and rules-of-hooks rules. (@​jbrown215) in #34497

6.0.0

Accidentally released. See 6.1.0 for the actual changes.

Commits

• See full diff in compare view

Updates eslint-plugin-storybook from 9.1.6 to 10.0.2

Release notes

Sourced from eslint-plugin-storybook's releases.

v10.0.2

10.0.2

• CLI: Fix glob string formatting in csf-factories codemod - #32880, thanks @​yannbf!
• Core: Improve file path resolution on Windows - #32893, thanks @​yannbf!
• Vite: Update `optimizeViteDeps` for addon-docs and addon-vitest - #32881, thanks @​ndelangen!

v10.0.1

10.0.1

• Presets: Fix incorrect imports - #32875, thanks @​ndelangen!
• Upgrade: Satellite compatible with 10.1 prerelease - #32877, thanks @​ndelangen!

v10.0.0

10.0.0

Storybook 10 contains one breaking change: it’s ESM-only. This simplifies our distribution and reduces install size by 29% while simultaneously unminifying dist code for easier debugging. It also includes features to level up your UI development, documentation, and testing workflows:

• 🧩 Module automocking for easier testing
• 🏭 Typesafe CSF factories Preview for React
• 💫 UI editing and sharing optimizations
• 🏷️ Tag filtering exclusion and configuration for sidebar management
• 🔀 Next 16, Vitest 4, Svelte async components, and more!

• A11Y: Bugfix missing `manager.js` entry-file - #32780, thanks @​ndelangen!
• A11y: Persist tab/highlight across docs navigation - #32762, thanks @​404Dealer!
• Addon A11y: Prevent setting highlights for old results - #32178, thanks @​ghengeveld!
• Addon Docs: Fix Symbol conversion issue in docs page and controls panel - #32220, thanks @​yannbf!
• Addon Vitest: Fix incorrect file modifications during setup - #32844, thanks @​yannbf!
• Addon Vitest: Support modifying mergeConfig on addon setup - #32753, thanks @​yannbf!
• Addon-docs: Add eject button to canvas toolbar - #29825, thanks @​mihkeleidast!
• AddonA11Y: Fix postinstall - #32309, thanks @​ndelangen!
• AddonViewport: Stricter types - #32324, thanks @​hpohlmeyer!
• Angular: Add fileURLToPath for preview annotation paths - #32812, thanks @​brandonroberts!
• Angular: Fix `entry.polyfills` undefined error - #32230, thanks @​sk-pub!
• Angular: Inherit options from browserTarget - #32108, thanks @​gingeekrishna!
• AutoMigration: Fix sb10 migration when main config contains `require` - #32558, thanks @​ndelangen!
• Build: Fix dts bundling external detection - #32366, thanks @​mrginglymus!
• Cleanup: Remove duplicated entrypoints in core - #32507, thanks @​ndelangen!
• CLI: Add addon-console automigration - #32083, thanks @​Sidnioulz!
• CLI: Avoid mixed CSF in files with unconventional stories - #32716, thanks @​yannbf!
• CLI: Change message in downgrade-blocker - #32745, thanks @​ndelangen!
• CLI: CSF factories codemod - support annotations in npx context - #32741, thanks @​yannbf!
• CLI: Fix CSF factories addon syncing in storybook add command - #32728, thanks @​yannbf!
• CLI: Fix throwing in readonly environments - #31785, thanks @​JReinhold!
• CLI: Init not running `dev` when it should fixed - #32457, thanks @​ndelangen!

... (truncated)

Changelog

Sourced from eslint-plugin-storybook's changelog.

10.0.2

• CLI: Fix glob string formatting in csf-factories codemod - #32880, thanks @​yannbf!
• Core: Improve file path resolution on Windows - #32893, thanks @​yannbf!
• Vite: Update optimizeViteDeps for addon-docs and addon-vitest - #32881, thanks @​ndelangen!

10.0.1

• Presets: Fix incorrect imports - #32875, thanks @​ndelangen!
• Upgrade: Satellite compatible with 10.1 prerelease - #32877, thanks @​ndelangen!

10.0.0

Storybook 10 contains one breaking change: it’s ESM-only. This simplifies our distribution and reduces install size by 29% while simultaneously unminifying dist code for easier debugging. It also includes features to level up your UI development, documentation, and testing workflows:

• 🧩 Module automocking for easier testing
• 🏭 Typesafe CSF factories Preview for React
• 💫 UI editing and sharing optimizations
• 🏷️ Tag filtering exclusion and configuration for sidebar management
• 🔀 Next 16, Vitest 4, Svelte async components, and more!

• A11Y: Bugfix missing manager.js entry-file - #32780, thanks @​ndelangen!
• A11y: Persist tab/highlight across docs navigation - #32762, thanks @​404Dealer!
• Addon A11y: Prevent setting highlights for old results - #32178, thanks @​ghengeveld!
• Addon Docs: Fix Symbol conversion issue in docs page and controls panel - #32220, thanks @​yannbf!
• Addon Vitest: Fix incorrect file modifications during setup - #32844, thanks @​yannbf!
• Addon Vitest: Support modifying mergeConfig on addon setup - #32753, thanks @​yannbf!
• Addon-docs: Add eject button to canvas toolbar - #29825, thanks @​mihkeleidast!
• AddonA11Y: Fix postinstall - #32309, thanks @​ndelangen!
• AddonViewport: Stricter types - #32324, thanks @​hpohlmeyer!
• Angular: Add fileURLToPath for preview annotation paths - #32812, thanks @​brandonroberts!
• Angular: Fix entry.polyfills undefined error - #32230, thanks @​sk-pub!
• Angular: Inherit options from browserTarget - #32108, thanks @​gingeekrishna!
• AutoMigration: Fix sb10 migration when main config contains require - #32558, thanks @​ndelangen!
• Build: Fix dts bundling external detection - #32366, thanks @​mrginglymus!
• Cleanup: Remove duplicated entrypoints in core - #32507, thanks @​ndelangen!
• CLI: Add addon-console automigration - #32083, thanks @​Sidnioulz!
• CLI: Avoid mixed CSF in files with unconventional stories - #32716, thanks @​yannbf!
• CLI: Change message in downgrade-blocker - #32745, thanks @​ndelangen!
• CLI: CSF factories codemod - support annotations in npx context - #32741, thanks @​yannbf!
• CLI: Fix CSF factories addon syncing in storybook add command - #32728, thanks @​yannbf!
• CLI: Fix throwing in readonly environments - #31785, thanks @​JReinhold!
• CLI: Init not running dev when it should fixed - #32457, thanks @​ndelangen!
• CLI: Make relative imports default in csf-factories codemod - #32610, thanks @​copilot-swe-agent!
• CLI: Switch over to modern-tar - #32763, thanks @​ayuhito!
• Codemod: Replace globby with tinyglobby - #31407, thanks @​benmccann!

... (truncated)

Commits

• 06d0c2f Bump version from "10.0.1" to "10.0.2" [skip ci]
• ce1c3b9 Bump version from "10.0.0" to "10.0.1" [skip ci]
• 88a02e6 Bump version from "10.0.0-rc.4" to "10.0.0" [skip ci]
• 05d448b Bump version from "10.0.0-rc.3" to "10.0.0-rc.4" [skip ci]
• 7286625 Bump version from "10.0.0-rc.2" to "10.0.0-rc.3" [skip ci]
• d075427 Bump version from "10.0.0-rc.1" to "10.0.0-rc.2" [skip ci]
• a02c08b Bump version from "10.0.0-rc.0" to "10.0.0-rc.1" [skip ci]
• f8b44e6 Bump version from "10.0.0-beta.13" to "10.0.0-rc.0" [skip ci]
• 28ab482 Bump version from "10.0.0-beta.12" to "10.0.0-beta.13" [skip ci]
• da26393 Bump version from "10.0.0-beta.11" to "10.0.0-beta.12" [skip ci]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for eslint-plugin-storybook since your current version.

Updates eslint-plugin-unused-imports from 4.2.0 to 4.3.0

Commits

• 6e02be7 chore: release v4.3.0
• 44a7181 fix: preserve imports used in JSDoc @​link tags (#111)
• 275d96e chore: update deps
• See full diff in compare view

Updates prettier-plugin-tailwindcss from 0.6.14 to 0.7.1

Release notes

Sourced from prettier-plugin-tailwindcss's releases.

v0.7.1

Fixed

• Match against correct name of dynamic attributes when using regexes (#410)

v0.7.0

Added

• Format quotes in @source, @plugin, and @config (#387)
• Sort in function calls in Twig (#358)
• Sort in callable template literals (#367)
• Sort in function calls mixed with property accesses (#367)
• Support regular expression patterns for attributes (#405)
• Support regular expression patterns for function names (#405)

Changed

• Improved monorepo support by loading Tailwind CSS relative to the input file instead of prettier config file (#386)
• Improved monorepo support by loading v3 configs relative to the input file instead of prettier config file (#386)
• Fallback to Tailwind CSS v4 instead of v3 by default (#390)
• Don't augment global Prettier ParserOptions and RequiredOptions types (#354)
• Drop support for prettier-plugin-import-sort (#385)

Fixed

• Handle quote escapes in LESS when sorting @apply (#392)
• Fix whitespace removal inside nested concat and template expressions (#396)

Changelog

Sourced from prettier-plugin-tailwindcss's changelog.

[0.7.1] - 2025-10-17

Fixed

• Match against correct name of dynamic attributes when using regexes (#410)

[0.7.0] - 2025-10-14

Added

• Format quotes in @source, @plugin, and @config (#387)
• Sort in function calls in Twig (#358)
• Sort in callable template literals (#367)
• Sort in function calls mixed with property accesses (#367)
• Support regular expression patterns for attributes (#405)
• Support regular expression patterns for function names (#405)

Changed

• Improved monorepo support by loading Tailwind CSS relative to the input file instead of prettier config file (#386)
• Improved monorepo support by loading v3 configs relative to the input file instead of prettier config file (#386)
• Fallback to Tailwind CSS v4 instead of v3 by default (#390)
• Don't augment global Prettier ParserOptions and RequiredOptions types (#354)
• Drop support for prettier-plugin-import-sort (#385)

Fixed

• Handle quote escapes in LESS when sorting @apply (#392)
• Fix whitespace removal inside nested concat and template expressions (#396)

Commits

• a0fea3f 0.7.1
• 56fa1fc Update changelog
• 42aca0c Match against correct name of dynamic attributes when using regexes (#410)
• 3a58565 Fix building on windows
• 9fa7342 Correct typo in README (#407)
• e03702a 0.7.0
• cc87f7b Update changelog
• 7b9e2a7 Update changelog
• 95a3d4e Support regex matches for attributes and function names (#405)
• a195f71 Allow sorting classes inside function calls in Twig templates (#358)
• Additional commits viewable in compare view

Updates stylelint from 16.24.0 to 16.25.0

Release notes

Sourced from stylelint's releases.

16.25.0

It adds 3 new features, including experimental support for bulk suppressions. It's also our first immutable release, with the package published to npm using trusted publishing and our dependencies updated on a cool down for improved supply chain security.

• Added: support for bulk suppressions (#8564) (@​ryo-manba).
• Added: ignoreAtRules: [] to no-invalid-position-declaration (#8781) (@​jrmlt).
• Added: rule name to custom messages (#8774) (@​jhae-de).

Changelog

Sourced from stylelint's changelog.

16.25.0 - 2025-10-03

It adds 3 new features, including experimental support for bulk suppressions. It's also our first immutable release, with the package published to npm using trusted publishing and our dependencies updated on a cool down for improved supply chain security.

• Added: support for bulk suppressions (#8564) (@​ryo-manba).
• Added: ignoreAtRules: [] to no-invalid-position-declaration (#8781) (@​jrmlt).
• Added: rule name to custom messages (#8774) (@​jhae-de).

Commits

• a6efacb Release 16.25.0 (#8796)
• 9c623fb Document new release workflow (#8793)
• f34b6b4 Fix release-pr workflow failure (#8794)
• acc163e Use consistent workflow names (#8792)
• 55de5ed Use new release workflow (#8791)
• 242f757 Add rule name to custom messages (#8774)
• 9045b3e Bump rollup from 4.50.1 to 4.52.0 (#8789)
• 30abc78 Bump eslint from 9.35.0 to 9.36.0 in the eslint group (#8786)
• 808cff3 Bump stylelint/changelog-to-github-release-action from 0.3.1 to 0.5.1 (#8785)
• b478202 Add ignoreAtRules: [] to no-invalid-position-declaration (#8781)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for stylelint since your current version.

Updates stylelint-config-standard from 39.0.0 to 39.0.1

Release notes

Sourced from stylelint-config-standard's releases.

39.0.1

• Fixed: layer-name-pattern false positives for dot notation.

Changelog

Sourced from stylelint-config-standard's changelog.

39.0.1

• Fixed: layer-name-pattern false positives for dot notation.

Commits

• a2416d3 Release 39.0.1 (#374)
• 9911899 Fix layer-name-pattern false positives for dot notation (#373)
• 807ed8d Bump Stylelint (#371)
• f6aea8b Introduce new release workflow (#370)
• 5f6cc89 Bump stylelint/.github from 5c1fac886fb5f8f74e29e133f36d242770d03ed3 to 34f1c...
• 939280e Bump the dev-deps group with 2 updates (#368)
• 8cad224 Shorten dev dependencies group name for Dependabot (#367)
• 552ca29 Sync CODEOWNERS (#366)
• 6c540d2 Bump eslint from 9.34.0 to 9.35.0 in the development-dependencies group (#365)
• bc321ef Introduce cooldown period for Dependabot updates (#364)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for stylelint-config-standard since your current version.

Updates typescript from 5.9.2 to 5.9.3

Release notes

Sourced from typescript's releases.

TypeScript 5.9.3

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)
• fixed issues query for Typescript 5.9.3 (Stable).

Downloads are available on:

• npm

Commits

• c63de15 Bump version to 5.9.3 and LKG
• 8428ca4 🤖 Pick PR #62438 (Fix incorrectly ignored dts file fr...) into release-5.9 (#...
• a131cac 🤖 Pick PR #62351 (Add missing Float16Array constructo...) into release-5.9 (#...
• 0424333 🤖 Pick PR #62423 (Revert PR 61928) into release-5.9 (#62425)
• bdb641a 🤖 Pick PR #62311 (Fix parenthesizer rules for manuall...) into release-5.9 (#...
• 0d9b9b9 🤖 Pick PR #61978 (Restructure CI to prepare for requi...) into release-5.9 (#...
• 2dce0c5 Intentionally regress one buggy declaration output to an older version (#62163)
• See full diff in compare view

Updates vitest from 3.2.4 to 4.0.6

Release notes

Sourced from vitest's releases.

v4.0.6

   🐞 Bug Fixes

• Don't merge errors with different diffs for reporting  -  by @​hi-ogawa in vitest-dev/vitest#8871 (3e19f)
• Do not throw when importing a type from an external package  -  by @​sheremet-va in vitest-dev/vitest#8875 (7e6c3)
• Improve spying types  -  by @​sheremet-va in vitest-dev/vitest#8878 (ca041)
• Reuse the same environment when isolate and fileParallelism are false  -  by @​sheremet-va in vitest-dev/vitest#8889 (31706)
• browser:
  • Support module tracking  -  by @​sheremet-va in vitest-dev/vitest#8877 (9e24a)
  • Ensure setup files are re-evaluated on each test run  -  by @​yjaaidi in vitest-dev/vitest#8883 and vitest-dev/vitest#8884 (f50ea)
• coverage:
  • Prevent filtering out virtual files before remapping to sources  -  by @​AriPerkkio in vitest-dev/vitest#8860 (e3b77)
• happy-dom:
  • Properly teardown additional keys  -  by @​sheremet-va in vitest-dev/vitest#8888 (10a06)
• jsdom:
  • Pass down Node.js FormData to Request  -  by @​sheremet-va in

[dependabot]

Labels

The following labels could not be found: bot:dependabot, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@eslint/config-array	0.21.1	Unknown	Unknown
npm/@eslint/config-helpers	0.4.2	Unknown	Unknown
npm/@eslint/core	0.17.0	Unknown	Unknown
npm/@eslint/js	9.39.1	🟢 6.6	Details Check Score Reason Code-Review 🟢 5 Found 15/26 approved changesets -- score normalized to 5 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/@eslint/object-schema	2.1.7	Unknown	Unknown
npm/@eslint/plugin-kit	0.4.1	Unknown	Unknown
npm/@types/node	24.10.0	🟢 7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 26/28 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 9 license file detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/@vitest/expect	4.0.8	Unknown	Unknown
npm/@vitest/mocker	4.0.8	Unknown	Unknown
npm/@vitest/pretty-format	4.0.8	Unknown	Unknown
npm/@vitest/runner	4.0.8	Unknown	Unknown
npm/@vitest/snapshot	4.0.8	Unknown	Unknown
npm/@vitest/spy	4.0.8	Unknown	Unknown
npm/@vitest/utils	4.0.8	Unknown	Unknown
npm/chai	6.2.0	🟢 5.6	Details Check Score Reason Maintained 🟢 10 28 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 6 Found 9/15 approved changesets -- score normalized to 6 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Packaging 🟢 10 packaging workflow detected Vulnerabilities 🟢 7 3 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/eslint	9.39.1	🟢 6.6	Details Check Score Reason Code-Review 🟢 5 Found 15/26 approved changesets -- score normalized to 5 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/eslint-plugin-playwright	2.3.0	Unknown	Unknown
npm/eslint-plugin-react-hooks	7.0.1	🟢 5.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 25/30 approved changesets -- score normalized to 8 Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Binary-Artifacts 🟢 9 binaries present in source code SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 229 existing vulnerabilities detected
npm/eslint-plugin-storybook	10.0.6	🟢 7.2	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 11 out of 11 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no badge detected Code-Review 🟢 7 9 out of last 12 changesets reviewed before merge -- score normalized to 7 Contributors 🟢 10 42 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) out of 30 and 11 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 non read-only tokens detected in GitHub workflows Vulnerabilities 🟢 10 no vulnerabilities detected
npm/eslint-plugin-unused-imports	4.3.0	🟢 3.2	Details Check Score Reason Code-Review ⚠️ 2 Found 7/29 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 5 6 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities ⚠️ 0 15 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/hermes-estree	0.25.1	🟢 4.8	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 7 binaries present in source code Vulnerabilities ⚠️ 0 28 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed
npm/hermes-parser	0.25.1	🟢 4.8	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 7 binaries present in source code Vulnerabilities ⚠️ 0 28 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed
npm/magic-string	0.30.21	🟢 4.5	Details Check Score Reason Code-Review 🟢 3 Found 10/30 approved changesets -- score normalized to 3 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 15 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 8 2 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/prettier-plugin-tailwindcss	0.7.1	Unknown	Unknown
npm/std-env	3.10.0	Unknown	Unknown
npm/stylelint	16.25.0	🟢 7.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 9/10 approved changesets -- score normalized to 9 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 8 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 2 badge detected: InProgress Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 4 security policy file detected Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches SAST 🟢 8 SAST tool is not run on all commits -- score normalized to 8 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/stylelint-config-standard	39.0.1	🟢 7.4	Details Check Score Reason Maintained 🟢 10 15 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 7 Found 10/14 approved changesets -- score normalized to 7 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned Token-Permissions 🟢 8 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Security-Policy 🟢 4 security policy file detected Vulnerabilities 🟢 8 2 existing vulnerabilities detected SAST 🟢 9 SAST tool is not run on all commits -- score normalized to 9
npm/tinyrainbow	3.0.3	Unknown	Unknown
npm/typescript	5.9.3	🟢 8.5	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Dependency-Update-Tool 🟢 10 update tool detected Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Vulnerabilities 🟢 9 1 existing vulnerabilities detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Binary-Artifacts 🟢 10 no binaries found in the repo SAST 🟢 10 SAST tool is run on all commits Branch-Protection ⚠️ -1 internal error: error during GetBranch(release-5.9): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Fuzzing 🟢 10 project is fuzzed CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 34 contributing companies or organizations
npm/undici-types	7.16.0	🟢 8.3	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 8 binaries present in source code Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 77 contributing companies or organizations
npm/vitest	4.0.8	Unknown	Unknown
npm/zod-validation-error	4.0.2	Unknown	Unknown
npm/@types/node	24.10.0	🟢 7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 26/28 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 9 license file detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/eslint	9.39.1	🟢 6.6	Details Check Score Reason Code-Review 🟢 5 Found 15/26 approved changesets -- score normalized to 5 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy 🟢 10 security policy file detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/eslint-plugin-playwright	2.3.0	Unknown	Unknown
npm/eslint-plugin-react-hooks	7.0.1	🟢 5.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 25/30 approved changesets -- score normalized to 8 Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Binary-Artifacts 🟢 9 binaries present in source code SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 229 existing vulnerabilities detected
npm/eslint-plugin-storybook	10.0.6	🟢 7.2	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 11 out of 11 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no badge detected Code-Review 🟢 7 9 out of last 12 changesets reviewed before merge -- score normalized to 7 Contributors 🟢 10 42 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) out of 30 and 11 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 non read-only tokens detected in GitHub workflows Vulnerabilities 🟢 10 no vulnerabilities detected
npm/eslint-plugin-unused-imports	4.3.0	🟢 3.2	Details Check Score Reason Code-Review ⚠️ 2 Found 7/29 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 5 6 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities ⚠️ 0 15 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/prettier-plugin-tailwindcss	0.7.1	Unknown	Unknown
npm/stylelint	16.25.0	🟢 7.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 9/10 approved changesets -- score normalized to 9 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 8 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 2 badge detected: InProgress Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 4 security policy file detected Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches SAST 🟢 8 SAST tool is not run on all commits -- score normalized to 8 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/stylelint-config-standard	39.0.1	🟢 7.4	Details Check Score Reason Maintained 🟢 10 15 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 7 Found 10/14 approved changesets -- score normalized to 7 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned Token-Permissions 🟢 8 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Security-Policy 🟢 4 security policy file detected Vulnerabilities 🟢 8 2 existing vulnerabilities detected SAST 🟢 9 SAST tool is not run on all commits -- score normalized to 9
npm/typescript	^5.9.3	🟢 8.5	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Dependency-Update-Tool 🟢 10 update tool detected Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Vulnerabilities 🟢 9 1 existing vulnerabilities detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Binary-Artifacts 🟢 10 no binaries found in the repo SAST 🟢 10 SAST tool is run on all commits Branch-Protection ⚠️ -1 internal error: error during GetBranch(release-5.9): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Fuzzing 🟢 10 project is fuzzed CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 34 contributing companies or organizations
npm/vitest	4.0.8	Unknown	Unknown

Scanned Files

• package-lock.json
• package.json

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.