chore(deps): bump the all-npm group across 1 directory with 9 updates #448

dependabot · 2025-12-21T23:01:24Z

Bumps the all-npm group with 9 updates in the / directory:

Package	From	To
@biomejs/biome	`2.3.9`	`2.3.10`
@types/node	`24.10.4`	`25.0.3`
oxlint	`1.33.0`	`1.34.0`
vite-tsconfig-paths	`6.0.2`	`6.0.3`
lucide-vue-next	`0.561.0`	`0.562.0`
vue	`3.5.25`	`3.5.26`
libphonenumber-js	`1.12.31`	`1.12.33`
vue-i18n	`11.2.2`	`11.2.7`
vue-tsc	`3.1.8`	`3.2.0`

Updates @biomejs/biome from 2.3.9 to 2.3.10

Release notes

Sourced from @biomejs/biome's releases.

Biome CLI v2.3.10

2.3.10

Patch Changes
#8417 c3a2557 Thanks @taga3s! - Fixed #7809: noRedeclare no longer reports redeclarations for infer type in conditional types.

#8477 90e8684 Thanks @dyc3! - Fixed #8475: fixed a regression in how noExtraNonNullAssertion flags extra non-null assertions

#8479 250b519 Thanks @dyc3! - Fixed #8473: The semantic model now indexes typescript constructor method definitions, and no longer panics if you use one (a regression in 2.3.9).

#8448 2af85c1 Thanks @mdevils! - Improved handling of defineProps() macro in Vue components. The noVueReservedKeys rule now avoids false positives in non-setup scripts.

#8420 42033b0 Thanks @vsn4ik! - Fixed the nursery rule noLeakedRender.

The biome migrate eslint command now correctly detects the rule react/jsx-no-leaked-render in your eslint configurations.

#8426 285d932 Thanks @anthonyshew! - Added a Turborepo domain and a new "noUndeclaredEnvVars" rule in it for warning users of unsafe environment variable usage in Turborepos.

#8410 a21db74 Thanks @ematipico! - Fixed #2988 where Biome couldn't handle properly characters that contain multiple code points when running in stdin mode.
#8372 b352ee4 Thanks @Netail! - Added the nursery rule noAmbiguousAnchorText, which disallows ambiguous anchor descriptions.

Invalid
<a>learn more</a>
What's Changed

feat: new Turborepo domain and noUndeclaredEnvVars rule by @anthonyshew in biomejs/biome#8426

fix(noExtraNonNullAssertion): fix regression by @dyc3 in biomejs/biome#8477

fix(analyze/js): index ts constructor methods in semantic model (regression) by @dyc3 in biomejs/biome#8479

fix(lint): lint/suspicous/noRedeclare should not report redeclarations for infer type in conditional types by @taga3s in biomejs/biome#8417

fix(noLeakedRender): eslint rule name fix by @vsn4ik in biomejs/biome#8420

chore: add kraken as bronze sponsor by @dyc3 in biomejs/biome#8486

fix(linter): improve Vue defineProps handling in noVueReservedKeys by @mdevils in biomejs/biome#8448

fix(cli): colors with multi-codepoints characters by @ematipico in biomejs/biome#8410

feat(lint): implement noAmbiguousAnchorText by @Netail in biomejs/biome#8372

ci: release by @github-actions[bot] in biomejs/biome#8474

docs: fix typos for assist/actions/organize-imports by @sergioness in biomejs/biome#8490

New Contributors

@taga3s made their first contribution in biomejs/biome#8417

@vsn4ik made their first contribution in biomejs/biome#8420

@sergioness made their first contribution in biomejs/biome#8490

... (truncated)

Changelog

Sourced from @biomejs/biome's changelog.

2.3.10

Patch Changes
#8417 c3a2557 Thanks @taga3s! - Fixed #7809: noRedeclare no longer reports redeclarations for infer type in conditional types.

#8477 90e8684 Thanks @dyc3! - Fixed #8475: fixed a regression in how noExtraNonNullAssertion flags extra non-null assertions

#8479 250b519 Thanks @dyc3! - Fixed #8473: The semantic model now indexes typescript constructor method definitions, and no longer panics if you use one (a regression in 2.3.9).

#8448 2af85c1 Thanks @mdevils! - Improved handling of defineProps() macro in Vue components. The noVueReservedKeys rule now avoids false positives in non-setup scripts.

#8420 42033b0 Thanks @vsn4ik! - Fixed the nursery rule noLeakedRender.

The biome migrate eslint command now correctly detects the rule react/jsx-no-leaked-render in your eslint configurations.

#8426 285d932 Thanks @anthonyshew! - Added a Turborepo domain and a new "noUndeclaredEnvVars" rule in it for warning users of unsafe environment variable usage in Turborepos.

#8410 a21db74 Thanks @ematipico! - Fixed #2988 where Biome couldn't handle properly characters that contain multiple code points when running in stdin mode.
#8372 b352ee4 Thanks @Netail! - Added the nursery rule noAmbiguousAnchorText, which disallows ambiguous anchor descriptions.

Invalid
<a>learn more</a>

Commits

fd279f3 ci: release (#8474)
b352ee4 feat(lint): implement noAmbiguousAnchorText (#8372)
67546bc chore: add kraken as bronze sponsor (#8486)
285d932 feat: new Turborepo domain and noUndeclaredEnvVars rule (#8426)
See full diff in compare view

Updates @types/node from 24.10.4 to 25.0.3

Commits

See full diff in compare view

Updates oxlint from 1.33.0 to 1.34.0

Release notes

Sourced from oxlint's releases.

oxlint v1.27.0 && oxfmt v0.12.0

Oxlint v1.27.0

🚀 Features

222a8f0 linter/plugins: Implement SourceCode#isSpaceBetween (#15498) (overlookmotel)

2f9735d linter/plugins: Implement context.languageOptions (#15486) (overlookmotel)

bc731ff linter/plugins: Stub out all Context APIs (#15479) (overlookmotel)

5822cb4 linter/plugins: Add extend method to FILE_CONTEXT (#15477) (overlookmotel)

7b1e6f3 apps: Add pure rust binaries and release to github (#15469) (Boshen)

2a89b43 linter: Introduce debug assertions after fixes to assert validity (#15389) (camc314)

ad3c45a editor: Add oxc.path.node option (#15040) (Sysix)

🐛 Bug Fixes

6f3cd77 linter/no-var: Incorrect warning for blocks (#15504) (Hamir Mahal)

6957fb9 linter/plugins: Do not allow access to Context#id in createOnce (#15489) (overlookmotel)

7409630 linter/plugins: Allow access to cwd in createOnce in ESLint interop mode (#15488) (overlookmotel)

732205e parser: Reject using / await using in a switch case / default clause (#15225) (sapphi-red)

a17ca32 linter/plugins: Replace Context class (#15448) (overlookmotel)

ecf2f7b language_server: Fail gracefully when tsgolint executable not found (#15436) (camc314)

3c8d3a7 lang-server: Improve logging in failure case for tsgolint (#15299) (camc314)

ef71410 linter: Use jsx if source type is JS in fix debug assertion (#15434) (camc314)

e32bbf6 linter/no-var: Handle TypeScript declare keyword in fixer (#15426) (camc314)

6565dbe linter/switch-case-braces: Skip comments when searching for : token (#15425) (camc314)

85bd19a linter/prefer-class-fields: Insert value after type annotation in fixer (#15423) (camc314)

fde753e linter/plugins: Block access to context.settings in createOnce (#15394) (overlookmotel)

ddd9f9f linter/forward-ref-uses-ref: Dont suggest removing wrapper in invalid positions (#15388) (camc314)

dac2a9c linter/no-template-curly-in-string: Remove fixer (#15387) (camc314)

989b8e3 linter/no-var: Only fix to const if the var has an initializer (#15385) (camc314)

cc403f5 linter/plugins: Return empty object for unimplemented parserServices (#15364) (magic-akari)

⚡ Performance

25d577e language_server: Start tools in parallel (#15500) (Sysix)

3c57291 linter/plugins: Optimize loops (#15449) (overlookmotel)

3166233 linter/plugins: Remove Arcs (#15431) (overlookmotel)

9de1322 linter/plugins: Lazily deserialize settings JSON (#15395) (overlookmotel)

3049ec2 linter/plugins: Optimize deepFreezeSettings (#15392) (overlookmotel)

444ebfd linter/plugins: Use single object for parserServices (#15378) (overlookmotel)

📚 Documentation

97d2104 linter: Update comment in lint.rs about default value for tsconfig path (#15530) (Connor Shea)

2c6bd9e linter: Always refer as "ES2015" instead of "ES6" (#15411) (sapphi-red)

a0c5203 linter/import/named: Update "ES7" comment in examples (#15410) (sapphi-red)

3dc24b5 linter,minifier: Always refer as "ES Modules" instead of "ES6 Modules" (#15409) (sapphi-red)

2ad77fb linter/no-this-before-super: Correct "Why is this bad?" section (#15408) (sapphi-red)

57f0ce1 linter: Add backquotes where appropriate (#15407) (sapphi-red)

Oxfmt v0.12.0

... (truncated)

Changelog

Sourced from oxlint's changelog.

[1.34.0] - 2025-12-19

🚀 Features

a0f74a0 linter/config: Allow aliasing plugin names to allow names the same as builtin plugins (#15569) (Cameron)

🐛 Bug Fixes

005ec25 linter: Permit $schema .oxlintrc.json struct (#17060) (Copilot)

d446c43 linter: Prevent extra fields from being present on oxlint config file (#16874) (connorshea)

[1.30.0] - 2025-11-24

🚀 Features

595867a oxlint: Generate markdownDescription fields for oxlint JSON schema. (#15959) (connorshea)

[1.29.0] - 2025-11-17

🚀 Features

84de1ca oxlint,oxfmt: Allow comments and also commas for vscode-json-ls (#15612) (leaysgur)

[1.26.0] - 2025-11-05

🚀 Features

26f24d5 linter: Permit comments in .oxlintrc.json via json schema file (#15249) (Martin Leduc)

🐛 Bug Fixes

d6996d0 linter: Fix JSON schema to deny additional properties for categories enum. (#15257) (Connor Shea)

9304f9f linter: Fix JSON schema to deny additional properties for plugins enum. (#15259) (Connor Shea)

📚 Documentation

84ef5ab linter: Avoid linebreaks for markdown links and update plugins docs in the configuration schema. (#15246) (Connor Shea)

[1.25.0] - 2025-10-30

🚀 Features

bd74603 linter: Add support for vitest/valid-title rule (#12085) (Tyler Earls)

[1.24.0] - 2025-10-22

🐛 Bug Fixes

... (truncated)

Commits

2804276 release(apps): oxlint v1.34.0 && oxfmt v0.19.0 (#17097)
1cc4253 chore(oxlint): bump min tsgolint pkg version to 0.9.2 (#17083)
005ec25 fix(linter): permit $schema .oxlintrc.json struct (#17060)
a0f74a0 feat(linter/config): allow aliasing plugin names to allow names the same as b...
d446c43 fix(linter): Prevent extra fields from being present on oxlint config file (#...
dece1fa chore(linter): Update the GitHub URL for the vitest eslint plugin repo. (#16941)
6fca2f7 chore(infra): use oxfmt for all files, remove dprint (#16599)
See full diff in compare view

Updates vite-tsconfig-paths from 6.0.2 to 6.0.3

Commits

6b0e61c chore: release v6.0.3
3d97cb4 fix: ensure project references don’t get lost
6119433 chore(test): add control over -p value of tsc
04e4602 chore(test): add case for common “project reference” pattern (#198)
0f27ad2 chore(docs): mention vite-postgres
See full diff in compare view

Updates lucide-vue-next from 0.561.0 to 0.562.0

Release notes

Sourced from lucide-vue-next's releases.

Version 0.562.0

What's Changed

fix(icons): changed paint-bucket icon by @jguddas in lucide-icons/lucide#3880

fix(site): Fix and unify color-picker font-size by @taimar in lucide-icons/lucide#3889

fix(react-native-web): only add className prop to parent Icon component by @jguddas in lucide-icons/lucide#3892

fix(lucide-react-native): remove icons namespace export to enable tree-shaking by @jtomaszewski in lucide-icons/lucide#3868

feat(icons): added toolbox icon by @karsa-mistmere in lucide-icons/lucide#3871

New Contributors

@taimar made their first contribution in lucide-icons/lucide#3889

@jtomaszewski made their first contribution in lucide-icons/lucide#3868

Full Changelog: lucide-icons/lucide@0.561.0...0.562.0

Commits

See full diff in compare view

Updates vue from 3.5.25 to 3.5.26

Release notes

Sourced from vue's releases.

v3.5.26

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

Changelog

Sourced from vue's changelog.

3.5.26 (2025-12-18)

Bug Fixes

compat: fix compat handler of draggable (#12445) (ed85953), closes #12444

compat: handle v-model deprecation warning with missing appContext (#14203) (945a543), closes #14202

compiler-sfc: demote const reactive bindings used in v-model (#14214) (e24ff7d), closes #11265 #11275

compiler-ssr: handle ssr attr fallthrough when preserve whitespace (#12304) (4783118), closes #8072

hmr: handle cached text node update (#14134) (69ce3c7), closes #14127

keep-alive: use resolved component name for async components in cache pruning (#14212) (dfe667c), closes #14210

runtime-core: ensure correct anchor el for deeper unresolved async components (#14182) (f5b3bf2), closes #14173

runtime-core: handle patch stable fragment edge case (#12411) (94aeb64), closes #12410

runtime-core: pass component instance to flushPreFlushCbs on unmount (#14221) (e857e12), closes #14215

Performance Improvements

compiler-core: use binary-search to get line and column (#14222) (1904053)

Commits

c68bebf release: v3.5.26
e857e12 fix(runtime-core): pass component instance to flushPreFlushCbs on unmount (#1...
f33b308 types(defineProps): avoid never props becoming boolean flags (#14059)
94aeb64 fix(runtime-core): handle patch stable fragment edge case (#12411)
ed85953 fix(compat): fix compat handler of draggable (#12445)
4783118 fix(compiler-ssr): handle ssr attr fallthrough when preserve whitespace (#12304)
6611dda types(runtime-core): export DirectiveModifiers type (#14198)
e24ff7d fix(compiler-sfc): demote const reactive bindings used in v-model (#14214)
69ce3c7 fix(hmr): handle cached text node update (#14134)
1904053 perf(compiler-core): use binary-search to get line and column (#14222)
Additional commits viewable in compare view

Updates libphonenumber-js from 1.12.31 to 1.12.33

Changelog

Sourced from libphonenumber-js's changelog.

1.12.33 / 18.12.2025

Updated metadata to version 9.0.21:

Updated alternate formatting data for country calling code(s): 91

Updated phone metadata for region code(s): CL, EE, ET, GE, GY, HK, IN, KR, MG, SG, SV, US

New geocoding data for country calling code(s): 1353 (en)

Updated geocoding data for country calling code(s): 251 (en)

Updated carrier data for country calling code(s): 34 (en), 36 (en), 43 (en), 48 (en), 56 (en), 65 (en), 261 (en), 501 (en), 503 (en), 852 (en, zh)

Updated / refreshed time zone meta data.

1.12.32 / 5.12.2025

Updated metadata to version 9.0.20:

Updated phone metadata for region code(s): GY, IL, MU, TD, TZ, UG, UZ

New geocoding data for country calling code(s): 229 (en)

Updated carrier data for country calling code(s): 34 (en), 230 (en), 255 (en), 256 (en), 998 (en)

Commits

5f43506 1.12.33
b2135b3 Updated metadata
3c252ca 1.12.32
a3b1423 Updated metadata
df6a274 Update CHANGELOG.md
See full diff in compare view

Updates vue-i18n from 11.2.2 to 11.2.7

Release notes

Sourced from vue-i18n's releases.

v11.2.7

Full Changelog: intlify/vue-i18n@v11.2.6...v11.2.7

v11.2.6

Full Changelog: intlify/vue-i18n@v11.2.5...v11.2.6

v11.2.5

Full Changelog: intlify/vue-i18n@v11.2.4...v11.2.5

v11.2.4

Full Changelog: intlify/vue-i18n@v11.2.3...v11.2.4

v11.2.3

What's Changed

⚡ Improvement Features

fix: avoid bundler warning for getCurrentInstance compatibility by @kazupon in intlify/vue-i18n#2337

Full Changelog: intlify/vue-i18n@v11.2.2...v11.2.3

Commits

0c600d2 release: v11.2.7
6c45430 release: v11.2.6
6434100 release: v11.2.5
a951c6f release: v11.2.4
89e454f release: v11.2.3
See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vue-i18n since your current version.

Updates vue-tsc from 3.1.8 to 3.2.0

Release notes

Sourced from vue-tsc's releases.

v3.2.0

vscode

fix: Vue TS highlighting when trailing type alias is missing semicolon (#5853) - Thanks to @serkodev!

perf: replace fast-diff with custom character-by-character alignment algorithm (#5849) (#5851)

refactor: update Vue grammar scope name to "text.html.vue" (#5856)

test: add test for embedded grammars (#5861) - Thanks to @serkodev!

language-service

feat: rich hover message (#5881)

feat: support markdown JSDoc for rich hover message description (#5890) - Thanks to @serkodev!

chore: adjust rich hover message title layout (#5889) - Thanks to @serkodev!

component-meta

feat: add tags to slots and exposed (#5862) - Thanks to @aj-dev!

feat: filter out irrelevant properties from exposed (#5868) - Thanks to @aj-dev!

refactor: redundant logic between deduplication and language-core (#5875)

refactor: de-dependency from component-type-helpers (#5876)

refactor: search prop defaults with symbol declarations (#5879)

refactor: deprecate "noDeclarations" and "forceUseTs" options (#5887)

typescript-plugin

feat: include leading dot when finding references to CSS classes (#5852)

fix: missing module error after file rename (#5839) - Thanks to @serkodev!

fix: prioritize non-warning completion entries over warning ones (#5847)

fix: always pass rest parameters for future compatibility (#5859) - Thanks to @KazariEX!

fix: add nullish guards before accessing ts.CompletionEntryData (#5869) - Thanks to @KazariEX!

fix: handle import type nodes in definition proxy (#5873)

fix: handle type imports in component auto-import(#5874)

language-core

feat: revert overcorrection of v-for type inference (#5836)

feat: align v-for key type with Object.keys (#5837) - Thanks to @serkodev!

feat: narrow component and directive types (#5841)

feat: support  magic comment (#5845)

fix: correctly resolve <script src=""> (#5838)

fix: preserve template slot wrappers during createIfBranch (#5844) - Thanks to @serkodev!

fix: include end tag locations when renaming global components

refactor: replace dynamic types generation with static files (#5872)

refactor: improve Vue version detection and plugin resolution

component-type-helpers

refactor: remove ComponentType helper

workspace

... (truncated)

Changelog

Sourced from vue-tsc's changelog.

3.2.0 (2025-12-20)

vscode

fix: Vue TS highlighting when trailing type alias is missing semicolon (#5853) - Thanks to @serkodev!

perf: replace fast-diff with custom character-by-character alignment algorithm (#5849) (#5851)

refactor: update Vue grammar scope name to "text.html.vue" (#5856)

test: add test for embedded grammars (#5861) - Thanks to @serkodev!

language-service

feat: rich hover message (#5881)

feat: support markdown JSDoc for rich hover message description (#5890) - Thanks to @serkodev!

chore: adjust rich hover message title layout (#5889) - Thanks to @serkodev!

component-meta

feat: add tags to slots and exposed (#5862) - Thanks to @aj-dev!

feat: filter out irrelevant properties from exposed (#5868) - Thanks to @aj-dev!

refactor: redundant logic between deduplication and language-core (#5875)

refactor: de-dependency from component-type-helpers (#5876)

refactor: search prop defaults with symbol declarations (#5879)

refactor: deprecate "noDeclarations" and "forceUseTs" options (#5887)

typescript-plugin

feat: include leading dot when finding references to CSS classes (#5852)

fix: missing module error after file rename (#5839) - Thanks to @serkodev!

fix: prioritize non-warning completion entries over warning ones (#5847)

fix: always pass rest parameters for future compatibility (#5859) - Thanks to @KazariEX!

fix: add nullish guards before accessing ts.CompletionEntryData (#5869) - Thanks to @KazariEX!

fix: handle import type nodes in definition proxy (#5873)

fix: handle type imports in component auto-import(#5874)

language-core

feat: revert overcorrection of v-for type inference (#5836)

feat: align v-for key type with Object.keys (#5837) - Thanks to @serkodev!

feat: narrow component and directive types (#5841)

feat: support  magic comment (#5845)

fix: correctly resolve <script src=""> (#5838)

fix: preserve template slot wrappers during createIfBranch (#5844) - Thanks to @serkodev!

fix: include end tag locations when renaming global components

refactor: replace dynamic types generation with static files (#5872)

refactor: improve Vue version detection and plugin resolution

component-type-helpers

refactor: remove ComponentType helper

... (truncated)

Commits

bd12c1d v3.2.0 (#5870)
f498667 refactor(language-core): replace dynamic types generation with static files (...
27772e5 chore: delete tests for Vue 3.4 (#5871)
232665d feat(component-meta): filter out irrelevant properties from exposed (#5868)
a144b6b feat(component-meta): add tags to slots and exposed (#5862)
b780861 chore: update package dependencies to use workspace references
4fbd087 chore: update testing infrastructure (#5848)
0f16db8 fix(typescript-plugin): missing module error after renaming file (#5839)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

cloudflare-workers-and-pages · 2025-12-21T23:01:26Z

Deploying cvix with Cloudflare Pages

Latest commit:	`011b4af`
Status:	✅ Deploy successful!
Preview URL:	https://6c74fc46.cvix.pages.dev
Branch Preview URL:	https://dependabot-npm-and-yarn-all-tmor.cvix.pages.dev

View logs

coderabbitai · 2025-12-21T23:01:35Z

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

github-actions · 2025-12-21T23:16:58Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 4 package(s) with unknown licenses.
⚠️ 6 packages with OpenSSF Scorecard issues.

See the Details below.

License Issues

client/apps/marketing/package.json

Package	Version	License	Issue Type
lucide-vue-next	^0.562.0	Null	Unknown License

client/apps/webapp/package.json

Package	Version	License	Issue Type
lucide-vue-next	^0.562.0	Null	Unknown License

client/packages/ui/package.json

Package	Version	License	Issue Type
lucide-vue-next	^0.562.0	Null	Unknown License

pnpm-lock.yaml

Package	Version	License	Issue Type
lucide-vue-next	0.562.0	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/lucide-vue-next

^0.562.0

⚠️ 2.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 7	Found 22/30 approved changesets -- score normalized to 7
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 9	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	35 existing vulnerabilities detected

npm/vue

^3.5.26

🟢 5.6

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	🟢 5	Found 11/21 approved changesets -- score normalized to 5
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	🟢 5	5 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@types/node

^25.0.3

🟢 7

Details

Check	Score	Reason
Code-Review	🟢 9	Found 28/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Fuzzing	⚠️ 0	project is not fuzzed

npm/libphonenumber-js

^1.12.33

⚠️ 2.7

Details

Check	Score	Reason
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	11 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
SAST	⚠️ 0	no SAST tool detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	29 existing vulnerabilities detected

npm/lucide-vue-next

^0.562.0

⚠️ 2.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 7	Found 22/30 approved changesets -- score normalized to 7
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 9	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	35 existing vulnerabilities detected

npm/oxlint

~1.35.0

Unknown

npm/vue

^3.5.26

🟢 5.6

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	🟢 5	Found 11/21 approved changesets -- score normalized to 5
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	🟢 5	5 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/vue-i18n

^11.2.7

Unknown

npm/vue-tsc

^3.2.1

Unknown

npm/vite-tsconfig-paths

^6.0.3

🟢 4.4

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/29 approved changesets -- score normalized to 1
Maintained	🟢 10	21 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	31 existing vulnerabilities detected

npm/@types/node

^25.0.3

🟢 7

Details

Check	Score	Reason
Code-Review	🟢 9	Found 28/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Fuzzing	⚠️ 0	project is not fuzzed

npm/lucide-vue-next

^0.562.0

⚠️ 2.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 7	Found 22/30 approved changesets -- score normalized to 7
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 9	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	35 existing vulnerabilities detected

npm/vue

^3.5.26

🟢 5.6

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	🟢 5	Found 11/21 approved changesets -- score normalized to 5
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	🟢 5	5 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/vue-tsc

^3.2.1

Unknown

npm/@biomejs/biome

^2.3.10

Unknown

npm/@types/node

^25.0.3

🟢 7

Details

Check	Score	Reason
Code-Review	🟢 9	Found 28/30 approved changesets -- score normalized to 9
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Fuzzing	⚠️ 0	project is not fuzzed

npm/oxlint

^1.35.0

Unknown

npm/vite-tsconfig-paths

^6.0.3

🟢 4.4

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/29 approved changesets -- score normalized to 1
Maintained	🟢 10	21 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	31 existing vulnerabilities detected

npm/@biomejs/biome

2.3.10

Unknown

npm/@biomejs/cli-darwin-arm64

2.3.10

Unknown

npm/@biomejs/cli-darwin-x64

2.3.10

Unknown

npm/@biomejs/cli-linux-arm64

2.3.10

Unknown

npm/@biomejs/cli-linux-arm64-musl

2.3.10

Unknown

npm/@biomejs/cli-linux-x64

2.3.10

Unknown

npm/@biomejs/cli-linux-x64-musl

2.3.10

Unknown

npm/@biomejs/cli-win32-arm64

2.3.10

Unknown

npm/@biomejs/cli-win32-x64

2.3.10

Unknown

npm/@intlify/core-base

11.2.7

Unknown

npm/@intlify/message-compiler

11.2.7

Unknown

npm/@intlify/shared

11.2.7

Unknown

npm/@oxlint/darwin-arm64

1.35.0

Unknown

npm/@oxlint/darwin-x64

1.35.0

Unknown

npm/@oxlint/linux-arm64-gnu

1.35.0

Unknown

npm/@oxlint/linux-arm64-musl

1.35.0

Unknown

npm/@oxlint/linux-x64-gnu

1.35.0

Unknown

npm/@oxlint/linux-x64-musl

1.35.0

Unknown

npm/@oxlint/win32-arm64

1.35.0

Unknown

npm/@oxlint/win32-x64

1.35.0

Unknown

npm/@volar/language-core

2.4.27

Unknown

npm/@volar/source-map

2.4.27

Unknown

npm/@volar/typescript

2.4.27

Unknown

npm/@vue/compiler-core

3.5.26

🟢 5.6

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	🟢 5	Found 11/21 approved changesets -- score normalized to 5
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	🟢 5	5 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@vue/compiler-dom

3.5.26

🟢 5.6

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	🟢 5	Found 11/21 approved changesets -- score normalized to 5
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	🟢 5	5 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@vue/compiler-sfc

3.5.26

🟢 5.6

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	🟢 5	Found 11/21 approved changesets -- score normalized to 5
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	🟢 5	5 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@vue/compiler-ssr

3.5.26

🟢 5.6

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	🟢 5	Found 11/21 approved changesets -- score normalized to 5
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	🟢 5	5 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@vue/language-core

3.2.1

Unknown

npm/@vue/reactivity

3.5.26

🟢 5.6

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	🟢 5	Found 11/21 approved changesets -- score normalized to 5
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	🟢 5	5 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@vue/runtime-core

3.5.26

🟢 5.6

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	🟢 5	Found 11/21 approved changesets -- score normalized to 5
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	🟢 5	5 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@vue/runtime-dom

3.5.26

🟢 5.6

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	🟢 5	Found 11/21 approved changesets -- score normalized to 5
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	🟢 5	5 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@vue/server-renderer

3.5.26

🟢 5.6

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	🟢 5	Found 11/21 approved changesets -- score normalized to 5
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	🟢 5	5 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@vue/shared

3.5.26

🟢 5.6

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	🟢 5	Found 11/21 approved changesets -- score normalized to 5
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	🟢 5	5 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/entities

7.0.0

🟢 6.7

Details

Check	Score	Reason
Code-Review	⚠️ -1	Found no human activity in the last 30 changesets
Maintained	🟢 10	30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Packaging	⚠️ -1	packaging workflow not detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Vulnerabilities	🟢 9	1 existing vulnerabilities detected
SAST	🟢 10	SAST tool is run on all commits

npm/libphonenumber-js

1.12.33

⚠️ 2.7

Details

Check	Score	Reason
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	11 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
SAST	⚠️ 0	no SAST tool detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	29 existing vulnerabilities detected

npm/lucide-vue-next

0.562.0

⚠️ 2.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 7	Found 22/30 approved changesets -- score normalized to 7
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	⚠️ 0	dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 9	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	35 existing vulnerabilities detected

npm/oxlint

1.35.0

Unknown

npm/vite-tsconfig-paths

6.0.3

🟢 4.4

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/29 approved changesets -- score normalized to 1
Maintained	🟢 10	21 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	31 existing vulnerabilities detected

npm/vue

3.5.26

🟢 5.6

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	🟢 5	Found 11/21 approved changesets -- score normalized to 5
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	🟢 3	branch protection is not maximal on development and all release branches
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	🟢 10	packaging workflow detected
Vulnerabilities	🟢 5	5 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/vue-i18n

11.2.7

Unknown

npm/vue-tsc

3.2.1

Unknown

Scanned Files

client/apps/marketing/package.json
client/apps/webapp/package.json
client/config/package.json
client/packages/ui/package.json
package.json
pnpm-lock.yaml

Bumps the all-npm group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.3.9` | `2.3.10` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.10.4` | `25.0.3` | | [oxlint](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint) | `1.33.0` | `1.34.0` | | [vite-tsconfig-paths](https://github.com/aleclarson/vite-tsconfig-paths) | `6.0.2` | `6.0.3` | | [lucide-vue-next](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-vue-next) | `0.561.0` | `0.562.0` | | [vue](https://github.com/vuejs/core) | `3.5.25` | `3.5.26` | | [libphonenumber-js](https://gitlab.com/catamphetamine/libphonenumber-js) | `1.12.31` | `1.12.33` | | [vue-i18n](https://github.com/intlify/vue-i18n/tree/HEAD/packages/vue-i18n) | `11.2.2` | `11.2.7` | | [vue-tsc](https://github.com/vuejs/language-tools/tree/HEAD/packages/tsc) | `3.1.8` | `3.2.0` | Updates `@biomejs/biome` from 2.3.9 to 2.3.10 - [Release notes](https://github.com/biomejs/biome/releases) - [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md) - [Commits](https://github.com/biomejs/biome/commits/@biomejs/[email protected]/packages/@biomejs/biome) Updates `@types/node` from 24.10.4 to 25.0.3 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `oxlint` from 1.33.0 to 1.34.0 - [Release notes](https://github.com/oxc-project/oxc/releases) - [Changelog](https://github.com/oxc-project/oxc/blob/main/npm/oxlint/CHANGELOG.md) - [Commits](https://github.com/oxc-project/oxc/commits/oxlint_v1.34.0/npm/oxlint) Updates `vite-tsconfig-paths` from 6.0.2 to 6.0.3 - [Release notes](https://github.com/aleclarson/vite-tsconfig-paths/releases) - [Commits](aleclarson/vite-tsconfig-paths@v6.0.2...v6.0.3) Updates `lucide-vue-next` from 0.561.0 to 0.562.0 - [Release notes](https://github.com/lucide-icons/lucide/releases) - [Commits](https://github.com/lucide-icons/lucide/commits/0.562.0/packages/lucide-vue-next) Updates `vue` from 3.5.25 to 3.5.26 - [Release notes](https://github.com/vuejs/core/releases) - [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md) - [Commits](vuejs/core@v3.5.25...v3.5.26) Updates `libphonenumber-js` from 1.12.31 to 1.12.33 - [Changelog](https://gitlab.com/catamphetamine/libphonenumber-js/blob/master/CHANGELOG.md) - [Commits](https://gitlab.com/catamphetamine/libphonenumber-js/compare/v1.12.31...v1.12.33) Updates `vue-i18n` from 11.2.2 to 11.2.7 - [Release notes](https://github.com/intlify/vue-i18n/releases) - [Changelog](https://github.com/intlify/vue-i18n/blob/master/CHANGELOG.md) - [Commits](https://github.com/intlify/vue-i18n/commits/v11.2.7/packages/vue-i18n) Updates `vue-tsc` from 3.1.8 to 3.2.0 - [Release notes](https://github.com/vuejs/language-tools/releases) - [Changelog](https://github.com/vuejs/language-tools/blob/master/CHANGELOG.md) - [Commits](https://github.com/vuejs/language-tools/commits/v3.2.0/packages/tsc) --- updated-dependencies: - dependency-name: "@biomejs/biome" dependency-version: 2.3.10 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-npm - dependency-name: "@types/node" dependency-version: 25.0.3 dependency-type: direct:development update-type: version-update:semver-major dependency-group: all-npm - dependency-name: oxlint dependency-version: 1.34.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-npm - dependency-name: vite-tsconfig-paths dependency-version: 6.0.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-npm - dependency-name: lucide-vue-next dependency-version: 0.562.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-npm - dependency-name: vue dependency-version: 3.5.26 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-npm - dependency-name: libphonenumber-js dependency-version: 1.12.33 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-npm - dependency-name: vue-i18n dependency-version: 11.2.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-npm - dependency-name: vue-tsc dependency-version: 3.2.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-npm ... Signed-off-by: dependabot[bot] <[email protected]>

sonarqubecloud · 2025-12-23T15:25:06Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 21, 2025

dependabot bot requested a review from yacosta738 as a code owner December 21, 2025 23:01

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 21, 2025

github-actions bot added area:frontend:web Changes in frontend web app (client/apps/webapp/**) area:frontend:landing Changes in landing page (client/apps/marketing/**) labels Dec 21, 2025

dependabot bot force-pushed the dependabot/npm_and_yarn/all-npm-ee3afca1b2 branch 4 times, most recently from dd26e94 to 604059c Compare December 22, 2025 20:29

dependabot bot force-pushed the dependabot/npm_and_yarn/all-npm-ee3afca1b2 branch from 604059c to 011b4af Compare December 23, 2025 15:24

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

chore(deps): bump the all-npm group across 1 directory with 9 updates #448

chore(deps): bump the all-npm group across 1 directory with 9 updates #448

Uh oh!

dependabot bot commented on behalf of github Dec 21, 2025 •

edited

Loading

Invalid

Invalid

Uh oh!

cloudflare-workers-and-pages bot commented Dec 21, 2025 •

edited

Loading

Uh oh!

coderabbitai bot commented Dec 21, 2025

Review skipped

Uh oh!

github-actions bot commented Dec 21, 2025 •

edited

Loading

Uh oh!

sonarqubecloud bot commented Dec 23, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

chore(deps): bump the all-npm group across 1 directory with 9 updates #448

Are you sure you want to change the base?

chore(deps): bump the all-npm group across 1 directory with 9 updates #448

Uh oh!

Conversation

dependabot bot commented on behalf of github Dec 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Biome CLI v2.3.10

2.3.10

Patch Changes

Invalid

What's Changed

New Contributors

2.3.10

Patch Changes

Invalid

oxlint v1.27.0 && oxfmt v0.12.0

Oxlint v1.27.0

🚀 Features

🐛 Bug Fixes

⚡ Performance

📚 Documentation

Oxfmt v0.12.0

[1.34.0] - 2025-12-19

🚀 Features

🐛 Bug Fixes

[1.30.0] - 2025-11-24

🚀 Features

[1.29.0] - 2025-11-17

🚀 Features

[1.26.0] - 2025-11-05

🚀 Features

🐛 Bug Fixes

📚 Documentation

[1.25.0] - 2025-10-30

🚀 Features

[1.24.0] - 2025-10-22

🐛 Bug Fixes

Version 0.562.0

What's Changed

New Contributors

v3.5.26

3.5.26 (2025-12-18)

Bug Fixes

Performance Improvements

1.12.33 / 18.12.2025

1.12.32 / 5.12.2025

v11.2.7

v11.2.6

v11.2.5

v11.2.4

v11.2.3

What's Changed

⚡ Improvement Features

v3.2.0

vscode

language-service

component-meta

typescript-plugin

language-core

component-type-helpers

workspace

3.2.0 (2025-12-20)

vscode

language-service

component-meta

typescript-plugin

language-core

component-type-helpers

Uh oh!

cloudflare-workers-and-pages bot commented Dec 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Deploying cvix with Cloudflare Pages

Uh oh!

coderabbitai bot commented Dec 21, 2025

Review skipped

Uh oh!

github-actions bot commented Dec 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

dependabot bot commented on behalf of github Dec 21, 2025 •

edited

Loading

cloudflare-workers-and-pages bot commented Dec 21, 2025 •

edited

Loading

github-actions bot commented Dec 21, 2025 •

edited

Loading