deps: bump the svelte group across 1 directory with 7 updates by dependabot[bot] · Pull Request #197 · colibri-hq/colibri

dependabot · 2026-02-16T05:07:06Z

Bumps the svelte group with 7 updates in the / directory:

Package	From	To
@sveltejs/adapter-node	`5.5.1`	`5.5.3`
@sveltejs/adapter-cloudflare	`7.2.5`	`7.2.7`
bits-ui	`2.15.4`	`2.15.5`
@sveltejs/adapter-auto	`7.0.0`	`7.0.1`
@sveltejs/kit	`2.49.5`	`2.52.0`
svelte-check	`4.3.5`	`4.4.0`
svelte	`5.46.4`	`5.51.2`

Updates @sveltejs/adapter-node from 5.5.1 to 5.5.3

Release notes

Sourced from @sveltejs/adapter-node's releases.

@sveltejs/adapter-node@5.5.3

Patch Changes

fix: validate ORIGIN env var at startup (#15045)

chore(deps): update dependency @rollup/plugin-commonjs to v29 (#14856)

Updated dependencies [37293a5, 5d05ca6, ed69b77, b1fc959, 159aece, c690579, dc8cf2d, ace2116, 0f38f49]:

@sveltejs/kit@2.51.0

@sveltejs/adapter-node@5.5.2

Patch Changes

fix: disable gzip and brotli when precompress=false (#15182)

Updated dependencies [46c1ebd, 2dd74c8, 8871b54]:

@sveltejs/kit@2.50.1

Changelog

Sourced from @sveltejs/adapter-node's changelog.

5.5.3

Patch Changes

fix: validate ORIGIN env var at startup (#15045)

chore(deps): update dependency @rollup/plugin-commonjs to v29 (#14856)

Updated dependencies [37293a5, 5d05ca6, ed69b77, b1fc959, 159aece, c690579, dc8cf2d, ace2116, 0f38f49]:

@sveltejs/kit@2.51.0

5.5.2

Patch Changes

fix: disable gzip and brotli when precompress=false (#15182)

Updated dependencies [46c1ebd, 2dd74c8, 8871b54]:

@sveltejs/kit@2.50.1

Commits

060b1dc Version Packages (#15241)
80f5bbc fix: validate ORIGIN env var at startup (#15045)
f032591 chore(deps): update dependency @rollup/plugin-commonjs to v29 (#14856)
3b2ea1b Version Packages (#15186)
ed82a9f fix: don't send "Vary: Accept-Encoding" header when precompress=false (#15182)
8a82859 chore: fix lint errors (#15174)
See full diff in compare view

Updates @sveltejs/adapter-cloudflare from 7.2.5 to 7.2.7

Release notes

Sourced from @sveltejs/adapter-cloudflare's releases.

@sveltejs/adapter-cloudflare@7.2.7

Patch Changes

fix: error if _routes.json is in the /static public directory (#12821)

fix: correctly handle pathnames found in the _redirects file (#12821)

Updated dependencies [37293a5, 5d05ca6, ed69b77, b1fc959, 159aece, c690579, dc8cf2d, ace2116, 0f38f49]:

@sveltejs/kit@2.51.0

@sveltejs/adapter-cloudflare@7.2.6

Patch Changes

fix: ensure manifest paths are relative when building worker (#15163)

Updated dependencies [46c1ebd, 2dd74c8, 8871b54]:

@sveltejs/kit@2.50.1

Changelog

Sourced from @sveltejs/adapter-cloudflare's changelog.

7.2.7

Patch Changes

fix: error if _routes.json is in the /static public directory (#12821)

fix: correctly handle pathnames found in the _redirects file (#12821)

Updated dependencies [37293a5, 5d05ca6, ed69b77, b1fc959, 159aece, c690579, dc8cf2d, ace2116, 0f38f49]:

@sveltejs/kit@2.51.0

7.2.6

Patch Changes

fix: ensure manifest paths are relative when building worker (#15163)

Updated dependencies [46c1ebd, 2dd74c8, 8871b54]:

@sveltejs/kit@2.50.1

Commits

060b1dc Version Packages (#15241)
db1cc81 chore: upgrade to playwright 1.58.2 (#15301)
2f3a007 chore: test matrix dimension for vite (#15208)
b9da77c fix: correctly handle pathnames found in the _redirects file (#12821)
3b2ea1b Version Packages (#15186)
4fc3257 fix: ensure injected paths are prefixed with ./ (#15163)
0027dfd docs: update cloudflare adapter package description and misc (#15164)
See full diff in compare view

Updates bits-ui from 2.15.4 to 2.15.5

Release notes

Sourced from bits-ui's releases.

bits-ui@2.15.5

Patch Changes

fix(Tooltip): allow overriding trigger tabindex (#1932)

fix(Pin Input): keyboard navigation (#1872)

fix(ScrollArea): cleanup when pointercapture is lost (#1935)

fix(Accordion): allow overriding trigger tabindex (#1932)

fix(Presence): optimize animation detection for large DOMs (#1924)

fix: floating components should respect style prop (#1934)

fix(FocusScope): ensure focus scopes works with only 1 tabbable item (#1933)

Commits

7dba301 Version Packages (#1931)
db9d917 fix(PinInput): keyboard nav/replacement (#1872)
2d96579 fix(ScrollArea): restore webkitUserSelect on lost pointer capture (#1935)
baef86f fix: floating components should respect style prop (#1934)
a893114 fix(FocusScope): improve focus management for single tabbable item (#1933)
32df06c fix(Tooltip): customizable tabindex for trigger component (#1932)
d0a3e18 fix(Presence): optimize animation detection for large DOMs (#1924)
4789141 chore: update deps (#1925)
See full diff in compare view

Updates @sveltejs/adapter-auto from 7.0.0 to 7.0.1

Release notes

Sourced from @sveltejs/adapter-auto's releases.

@sveltejs/adapter-auto@7.0.1

Patch Changes

feat: update adapter-netlify to version 6 (77ab341)

Changelog

Sourced from @sveltejs/adapter-auto's changelog.

7.0.1

Patch Changes

feat: update adapter-netlify to version 6 (77ab341)

Commits

c727a90 Version Packages (#15309)
77ab341 feat: update adapter-netlify to version 6
1d2be12 chore: update suggestion message (#15165)
0da365a chore(deps): update vitest monorepo to v4 (major) (#14789)
See full diff in compare view

Updates @sveltejs/kit from 2.49.5 to 2.52.0

Release notes

Sourced from @sveltejs/kit's releases.

@sveltejs/kit@2.52.0

Minor Changes

feat: match function to map a path back to a route id and params (#14997)

Patch Changes

fix: respect scroll-margin when navigating to a url-supplied anchor (#15246)

fix: resolve will narrow types to follow trailing slash page settings (#15027)

@sveltejs/kit@2.51.0

Minor Changes

feat: add scroll property to NavigationTarget in navigation callbacks (#15248)

Navigation callbacks (beforeNavigate, onNavigate, and afterNavigate) now include scroll position information via the scroll property on from and to targets:

from.scroll: The scroll position at the moment navigation was triggered

to.scroll: In beforeNavigate and onNavigate, this is populated for popstate navigations (back/forward) with the scroll position that will be restored, and null for other navigation types. In afterNavigate, this is always the final scroll position after navigation completed.

This enables use cases like animating transitions based on the target scroll position when using browser back/forward navigation.

feat: hydratable's injected script now works with CSP (#15048)

Patch Changes

fix: put preloads before styles (#15232)

fix: suppress false-positive inner content warning when children prop is forwarded to a child component (#15269)

fix: fetch not working when URL is same host but different than paths.base (#15291)

fix: navigate to hash link when base element is present (#15236)

fix: avoid triggering handleError when redirecting in a remote function (#15222)

fix: include test directory in generated tsconfig.json alongside existing tests entry (#15254)

fix: generate tsconfig.json using the value of kit.files.src (#15253)

@sveltejs/kit@2.50.2

Patch Changes

... (truncated)

Changelog

Sourced from @sveltejs/kit's changelog.

2.52.0

Minor Changes

feat: match function to map a path back to a route id and params (#14997)

Patch Changes

fix: respect scroll-margin when navigating to a url-supplied anchor (#15246)

fix: resolve will narrow types to follow trailing slash page settings (#15027)

2.51.0

Minor Changes

feat: add scroll property to NavigationTarget in navigation callbacks (#15248)

Navigation callbacks (beforeNavigate, onNavigate, and afterNavigate) now include scroll position information via the scroll property on from and to targets:

from.scroll: The scroll position at the moment navigation was triggered

to.scroll: In beforeNavigate and onNavigate, this is populated for popstate navigations (back/forward) with the scroll position that will be restored, and null for other navigation types. In afterNavigate, this is always the final scroll position after navigation completed.

This enables use cases like animating transitions based on the target scroll position when using browser back/forward navigation.

feat: hydratable's injected script now works with CSP (#15048)

Patch Changes

fix: put preloads before styles (#15232)

fix: suppress false-positive inner content warning when children prop is forwarded to a child component (#15269)

fix: fetch not working when URL is same host but different than paths.base (#15291)

fix: navigate to hash link when base element is present (#15236)

fix: avoid triggering handleError when redirecting in a remote function (#15222)

fix: include test directory in generated tsconfig.json alongside existing tests entry (#15254)

... (truncated)

Commits

b024b17 Version Packages (#15312)
0e3e4f6 feat: type resolve with the correct trailing slash option (#15027)
e7cbc78 feat: provide match function to allow the opposite of resolve (#14997)
9f0292f fix: respect scroll-margin when navigating to a url-supplied anchor (#15246)
f0a13b6 chore: fix type checking in client test (#15303)
060b1dc Version Packages (#15241)
dc8cf2d fix: include test directory in generated tsconfig.json (#15254)
ace2116 fix: use kit.files.src when generating tsconfig.json (#15253)
db1cc81 chore: upgrade to playwright 1.58.2 (#15301)
ed69b77 fix: remove unnecessary path validation which breaks fetch with custom path b...
Additional commits viewable in compare view

Updates svelte-check from 4.3.5 to 4.4.0

Release notes

Sourced from svelte-check's releases.

svelte-check@4.4.0

Minor Changes

feat: provide --incremental and --tsgo flags (#2932)

Patch Changes

fix: ignore Unix domain sockets in file watcher to prevent crashes (#2931)

fix: properly use machine output by default for Claude Code (e9f58d2)

svelte-check@4.3.6

Patch Changes

fix: don't hoist type/snippet referencing $store (#2926)

Commits

3b17f20 Version Packages (#2929)
2142753 feat: add links to diagnostic error codes via codeDescription (#2936)
8f4fe71 fix(svelte-check): ignore Unix domain sockets in file watcher (#2931)
0b8af82 feat: svelte-check --incremental / --tsgo (#2932)
e9f58d2 fix: properly use machine output by default for Claude Code
7752b2f Version Packages (#2928)
b0e5eb9 fix: apply text synchronize change in order (#2927)
6b83202 Version Packages (#2919)
9c05c1a fix: compatibility with prettier-plugin-tailwindcss in monorepo (#2925)
e2f09eb fix: don't hoist type/snippet referencing $store (#2926)
Additional commits viewable in compare view

Updates svelte from 5.46.4 to 5.51.2

Release notes

Sourced from svelte's releases.

svelte@5.51.2

Patch Changes

fix: take async into consideration for dev delegated handlers (#17710)

fix: emit state_referenced_locally warning for non-destructured props (#17708)

svelte@5.51.1

Patch Changes

fix: don't crash on undefined document.contentType (#17707)

fix: use symbols for encapsulated event delegation (#17703)

svelte@5.51.0

Minor Changes

feat: Use TrustedTypes for HTML handling where supported (#16271)

Patch Changes

fix: sanitize template-literal-special-characters in SSR attribute values (#17692)

fix: follow-up formatting in print() — flush block-level elements into separate sequences (#17699)

fix: preserve delegated event handlers as long as one or more root components are using them (#17695)

svelte@5.50.3

Patch Changes

fix: take into account nodeName case sensitivity on XHTML pages (#17689)

fix: render multiple and selected attributes as empty strings for XHTML compliance (#17689)

fix: always lowercase HTML elements, for XHTML compliance (#17664)

fix: freeze effects-inside-deriveds when disconnecting, unfreeze on reconnect (#17682)

fix: propagate $effect errors to <svelte:boundary> (#17684)

svelte@5.50.2

Patch Changes

fix: resolve effect_update_depth_exceeded when using bind:value on <select> with derived state in legacy mode (#17645)

fix: don't swallow DOMException when media.play() fails in bind:paused (#17656)

chore: provide proper public type for parseCss result (#17654)

fix: robustify blocker calculation (#17676)

... (truncated)

Changelog

Sourced from svelte's changelog.

5.51.2

Patch Changes

fix: take async into consideration for dev delegated handlers (#17710)

fix: emit state_referenced_locally warning for non-destructured props (#17708)

5.51.1

Patch Changes

fix: don't crash on undefined document.contentType (#17707)

fix: use symbols for encapsulated event delegation (#17703)

5.51.0

Minor Changes

feat: Use TrustedTypes for HTML handling where supported (#16271)

Patch Changes

fix: sanitize template-literal-special-characters in SSR attribute values (#17692)

fix: follow-up formatting in print() — flush block-level elements into separate sequences (#17699)

fix: preserve delegated event handlers as long as one or more root components are using them (#17695)

5.50.3

Patch Changes

fix: take into account nodeName case sensitivity on XHTML pages (#17689)

fix: render multiple and selected attributes as empty strings for XHTML compliance (#17689)

fix: always lowercase HTML elements, for XHTML compliance (#17664)

fix: freeze effects-inside-deriveds when disconnecting, unfreeze on reconnect (#17682)

fix: propagate $effect errors to <svelte:boundary> (#17684)

5.50.2

Patch Changes

fix: resolve effect_update_depth_exceeded when using bind:value on <select> with derived state in legacy mode (#17645)

... (truncated)

Commits

82265f1 Version Packages (#17711)
dd9fc0d Warn on non-destructured $props() reads in runes mode (#17708)
01f1937 fix: take async into consideration for dev delegated handlers (#17710)
7299ffc Version Packages (#17704)
743d52a fix: don't crash on undefined document.contentType (#17707)
220b526 fix: use symbols for encapsulated event delegation (#17703)
7b6755e Version Packages (#17693)
86d5522 fix: follow-up formatting in print() for block-level elements (#17699)
0565dca fix: implement ref counting for mount with same target (#17695)
6c15e71 [fix]: Add support for TrustedTypes in Svelte (#16271)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the svelte group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@sveltejs/adapter-node](https://github.com/sveltejs/kit/tree/HEAD/packages/adapter-node) | `5.5.1` | `5.5.3` | | [@sveltejs/adapter-cloudflare](https://github.com/sveltejs/kit/tree/HEAD/packages/adapter-cloudflare) | `7.2.5` | `7.2.7` | | [bits-ui](https://github.com/huntabyte/bits-ui) | `2.15.4` | `2.15.5` | | [@sveltejs/adapter-auto](https://github.com/sveltejs/kit/tree/HEAD/packages/adapter-auto) | `7.0.0` | `7.0.1` | | [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) | `2.49.5` | `2.52.0` | | [svelte-check](https://github.com/sveltejs/language-tools) | `4.3.5` | `4.4.0` | | [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `5.46.4` | `5.51.2` | Updates `@sveltejs/adapter-node` from 5.5.1 to 5.5.3 - [Release notes](https://github.com/sveltejs/kit/releases) - [Changelog](https://github.com/sveltejs/kit/blob/main/packages/adapter-node/CHANGELOG.md) - [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/adapter-node@5.5.3/packages/adapter-node) Updates `@sveltejs/adapter-cloudflare` from 7.2.5 to 7.2.7 - [Release notes](https://github.com/sveltejs/kit/releases) - [Changelog](https://github.com/sveltejs/kit/blob/main/packages/adapter-cloudflare/CHANGELOG.md) - [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/adapter-cloudflare@7.2.7/packages/adapter-cloudflare) Updates `bits-ui` from 2.15.4 to 2.15.5 - [Release notes](https://github.com/huntabyte/bits-ui/releases) - [Commits](https://github.com/huntabyte/bits-ui/compare/bits-ui@2.15.4...bits-ui@2.15.5) Updates `@sveltejs/adapter-auto` from 7.0.0 to 7.0.1 - [Release notes](https://github.com/sveltejs/kit/releases) - [Changelog](https://github.com/sveltejs/kit/blob/main/packages/adapter-auto/CHANGELOG.md) - [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/adapter-auto@7.0.1/packages/adapter-auto) Updates `@sveltejs/kit` from 2.49.5 to 2.52.0 - [Release notes](https://github.com/sveltejs/kit/releases) - [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md) - [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.52.0/packages/kit) Updates `svelte-check` from 4.3.5 to 4.4.0 - [Release notes](https://github.com/sveltejs/language-tools/releases) - [Commits](https://github.com/sveltejs/language-tools/compare/svelte-check@4.3.5...svelte-check@4.4.0) Updates `svelte` from 5.46.4 to 5.51.2 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md) - [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.51.2/packages/svelte) --- updated-dependencies: - dependency-name: "@sveltejs/adapter-node" dependency-version: 5.5.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: svelte - dependency-name: "@sveltejs/adapter-cloudflare" dependency-version: 7.2.7 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: svelte - dependency-name: bits-ui dependency-version: 2.15.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: svelte - dependency-name: "@sveltejs/adapter-auto" dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: svelte - dependency-name: "@sveltejs/kit" dependency-version: 2.52.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: svelte - dependency-name: svelte-check dependency-version: 4.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: svelte - dependency-name: svelte dependency-version: 5.51.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: svelte ... Signed-off-by: dependabot[bot] <support@github.com>

cloudflare-workers-and-pages · 2026-02-16T05:07:17Z

Deploying with Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	colibri-docs	`62a6d33`	Commit Preview URL Branch Preview URL	Feb 16 2026, 05:11 AM

github-actions · 2026-02-16T05:07:24Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/@sveltejs/adapter-node

^5.5.3

Unknown

npm/@sveltejs/adapter-cloudflare

^7.2.7

Unknown

npm/bits-ui

^2.15.5

Unknown

npm/@floating-ui/core

1.7.4

Unknown

npm/@floating-ui/dom

1.7.5

Unknown

npm/@rollup/plugin-commonjs

29.0.0

🟢 3

Details

Check	Score	Reason
Code-Review	🟢 3	Found 6/20 approved changesets -- score normalized to 3
Maintained	⚠️ 2	0 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 2
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Binary-Artifacts	🟢 7	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	30 existing vulnerabilities detected

npm/@rollup/rollup-android-arm-eabi

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-android-arm64

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-darwin-arm64

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-darwin-x64

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-freebsd-arm64

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-freebsd-x64

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-linux-arm-gnueabihf

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-linux-arm-musleabihf

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-linux-arm64-gnu

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-linux-arm64-musl

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-linux-loong64-gnu

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-linux-loong64-musl

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-linux-ppc64-gnu

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-linux-ppc64-musl

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-linux-riscv64-gnu

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-linux-riscv64-musl

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-linux-s390x-gnu

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-linux-x64-gnu

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-linux-x64-musl

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-openbsd-x64

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-openharmony-arm64

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-win32-arm64-msvc

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-win32-ia32-msvc

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-win32-x64-gnu

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@rollup/rollup-win32-x64-msvc

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/@sveltejs/adapter-auto

7.0.1

Unknown

npm/@sveltejs/adapter-cloudflare

7.2.7

Unknown

npm/@sveltejs/adapter-node

5.5.3

Unknown

npm/@sveltejs/kit

2.52.0

Unknown

npm/bits-ui

2.15.5

Unknown

npm/diff

4.0.4

🟢 4.2

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 4/28 approved changesets -- score normalized to 1
Dangerous-Workflow	⚠️ -1	no workflows found
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 10	11 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 8	2 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/esrap

2.2.3

Unknown

npm/rollup

4.57.1

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Packaging	🟢 10	packaging workflow detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/semver

7.7.4

🟢 6.6

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 5	5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	🟢 8	SAST tool detected but not run on all commits

npm/set-cookie-parser

3.0.1

🟢 4.6

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 1	Found 1/7 approved changesets -- score normalized to 1
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Maintained	🟢 10	18 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 9	1 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/svelte

5.51.2

🟢 6.4

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 10	30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Security-Policy	🟢 10	security policy file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 7	SAST tool is not run on all commits -- score normalized to 7
Vulnerabilities	🟢 7	3 existing vulnerabilities detected

npm/svelte-check

4.4.0

🟢 5.7

Details

Check	Score	Reason
Code-Review	🟢 4	Found 11/25 approved changesets -- score normalized to 4
Maintained	🟢 10	26 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	15 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

Scanned Files

apps/app/package.json
apps/docs/package.json
packages/ui/package.json
pnpm-lock.yaml

dependabot · 2026-03-09T05:06:59Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot added the dependencies Pull requests that update a dependency file label Feb 16, 2026

dependabot Bot closed this Mar 9, 2026

dependabot Bot deleted the dependabot/npm_and_yarn/main/svelte-8f9c56198c branch March 9, 2026 05:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

deps: bump the svelte group across 1 directory with 7 updates#197

deps: bump the svelte group across 1 directory with 7 updates#197
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/main/svelte-8f9c56198c

dependabot Bot commented on behalf of github Feb 16, 2026 •

edited

Loading

Uh oh!

cloudflare-workers-and-pages Bot commented Feb 16, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented Feb 16, 2026

Uh oh!

dependabot Bot commented on behalf of github Mar 9, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github Feb 16, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

@​sveltejs/adapter-node@​5.5.3

Patch Changes

@​sveltejs/adapter-node@​5.5.2

Patch Changes

5.5.3

Patch Changes

5.5.2

Patch Changes

@​sveltejs/adapter-cloudflare@​7.2.7

Patch Changes

@​sveltejs/adapter-cloudflare@​7.2.6

Patch Changes

7.2.7

Patch Changes

7.2.6

Patch Changes

bits-ui@2.15.5

Patch Changes

@​sveltejs/adapter-auto@​7.0.1

Patch Changes

7.0.1

Patch Changes

@​sveltejs/kit@​2.52.0

Minor Changes

Patch Changes

@​sveltejs/kit@​2.51.0

Minor Changes

Patch Changes

@​sveltejs/kit@​2.50.2

Patch Changes

2.52.0

Minor Changes

Patch Changes

2.51.0

Minor Changes

Patch Changes

svelte-check@4.4.0

Minor Changes

Patch Changes

svelte-check@4.3.6

Patch Changes

svelte@5.51.2

Patch Changes

svelte@5.51.1

Patch Changes

svelte@5.51.0

Minor Changes

Patch Changes

svelte@5.50.3

Patch Changes

svelte@5.50.2

Patch Changes

5.51.2

Patch Changes

5.51.1

Patch Changes

5.51.0

Minor Changes

Patch Changes

5.50.3

Patch Changes

5.50.2

Patch Changes

Uh oh!

cloudflare-workers-and-pages Bot commented Feb 16, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Deploying with Cloudflare Workers

Uh oh!

github-actions Bot commented Feb 16, 2026

Dependency Review

OpenSSF Scorecard

Scanned Files

Uh oh!

dependabot Bot commented on behalf of github Mar 9, 2026

Uh oh!

Reviewers

dependabot Bot commented on behalf of github Feb 16, 2026 •

edited

Loading

`@sveltejs/adapter-node@5`.5.3

`@sveltejs/adapter-node@5`.5.2

`@sveltejs/adapter-cloudflare@7`.2.7

`@sveltejs/adapter-cloudflare@7`.2.6

`@sveltejs/adapter-auto@7`.0.1

`@sveltejs/kit@2`.52.0

`@sveltejs/kit@2`.51.0

`@sveltejs/kit@2`.50.2

cloudflare-workers-and-pages Bot commented Feb 16, 2026 •

edited

Loading