chore(deps-dev): Bump the linting group across 1 directory with 10 updates

[dependabot]

Bumps the linting group with 10 updates in the / directory:

Package	From	To
@typescript-eslint/eslint-plugin	8.48.1	8.56.0
@typescript-eslint/parser	8.48.1	8.56.0
eslint-plugin-better-tailwindcss	3.7.11	4.3.0
eslint-plugin-boundaries	5.3.0	5.4.0
eslint-plugin-jsdoc	61.4.1	62.5.5
eslint-plugin-n	17.23.1	17.24.0
eslint-plugin-perfectionist	4.15.1	5.5.0
eslint-plugin-prettier	5.5.4	5.5.5
eslint-plugin-unicorn	62.0.0	63.0.0
lefthook	2.0.8	2.1.1

Updates @typescript-eslint/eslint-plugin from 8.48.1 to 8.56.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.56.0

8.56.0 (2026-02-16)

🚀 Features

• support ESLint v10 (#12057)

🩹 Fixes

• use parser options from context.languageOptions (#12043)

❤️ Thank You

• Brad Zacher @​bradzacher
• fnx @​DMartens
• Joshua Chen

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.55.0

8.55.0 (2026-02-09)

🚀 Features

• utils: deprecate defaultOptions in favor of meta.defaultOptions (#11992)

🩹 Fixes

• eslint-plugin: [no-unused-vars] remove trailing newline when removing entire import (#11990)
• eslint-plugin: [no-useless-default-assignment] require strictNullChecks (#11966, #12000)
• eslint-plugin: [no-useless-default-assignment] report unnecessary defaults in ternary expressions (#11984)
• eslint-plugin: [no-useless-default-assignment] reduce param index to ts this handling (#11949)
• typescript-estree: forbid invalid modifier in object expression (#11931)

❤️ Thank You

• Christian Rose @​chrros95
• fisker Cheung @​fisker
• Josh Goldberg
• Maria Solano @​MariaSolOs
• Minyeong Kim @​minyeong981
• SungHyun627 @​SungHyun627
• Yukihiro Hasegawa @​y-hsgw

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

... (truncated)

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.56.0 (2026-02-16)

🚀 Features

• support ESLint v10 (#12057)

🩹 Fixes

• use parser options from context.languageOptions (#12043)

❤️ Thank You

• Brad Zacher @​bradzacher
• fnx @​DMartens
• Joshua Chen

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.55.0 (2026-02-09)

🚀 Features

• utils: deprecate defaultOptions in favor of meta.defaultOptions (#11992)

🩹 Fixes

• eslint-plugin: [no-useless-default-assignment] reduce param index to ts this handling (#11949)
• eslint-plugin: [no-useless-default-assignment] report unnecessary defaults in ternary expressions (#11984)
• eslint-plugin: [no-useless-default-assignment] require strictNullChecks (#11966, #12000)
• eslint-plugin: [no-unused-vars] remove trailing newline when removing entire import (#11990)

❤️ Thank You

• Christian Rose @​chrros95
• Josh Goldberg
• Maria Solano @​MariaSolOs
• Minyeong Kim @​minyeong981
• SungHyun627 @​SungHyun627
• Yukihiro Hasegawa @​y-hsgw

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.54.0 (2026-01-26)

🚀 Features

... (truncated)

Commits

• 8b8b68f chore(release): publish 8.56.0
• 68a074f feat: support ESLint v10 (#12057)
• c0a359d fix: use parser options from context.languageOptions (#12043)
• fedfe86 chore(release): publish 8.55.0
• 8a95834 fix(eslint-plugin): [no-useless-default-assignment] reduce param index to ts ...
• 4ba1e72 fix(eslint-plugin): [no-useless-default-assignment] report unnecessary defaul...
• a1f8617 feat(utils): deprecate defaultOptions in favor of meta.defaultOptions (#11992)
• 3f0ce54 fix(eslint-plugin): [no-useless-default-assignment] require strictNullChecks ...
• 3df0002 fix(eslint-plugin): [no-unused-vars] remove trailing newline when removing en...
• b931f8c chore: use workspace refs for workspace deps (#12018)
• Additional commits viewable in compare view

Updates @typescript-eslint/parser from 8.48.1 to 8.56.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.56.0

8.56.0 (2026-02-16)

🚀 Features

• support ESLint v10 (#12057)

🩹 Fixes

• use parser options from context.languageOptions (#12043)

❤️ Thank You

• Brad Zacher @​bradzacher
• fnx @​DMartens
• Joshua Chen

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.55.0

8.55.0 (2026-02-09)

🚀 Features

• utils: deprecate defaultOptions in favor of meta.defaultOptions (#11992)

🩹 Fixes

• eslint-plugin: [no-unused-vars] remove trailing newline when removing entire import (#11990)
• eslint-plugin: [no-useless-default-assignment] require strictNullChecks (#11966, #12000)
• eslint-plugin: [no-useless-default-assignment] report unnecessary defaults in ternary expressions (#11984)
• eslint-plugin: [no-useless-default-assignment] reduce param index to ts this handling (#11949)
• typescript-estree: forbid invalid modifier in object expression (#11931)

❤️ Thank You

• Christian Rose @​chrros95
• fisker Cheung @​fisker
• Josh Goldberg
• Maria Solano @​MariaSolOs
• Minyeong Kim @​minyeong981
• SungHyun627 @​SungHyun627
• Yukihiro Hasegawa @​y-hsgw

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.56.0 (2026-02-16)

🚀 Features

• support ESLint v10 (#12057)

❤️ Thank You

• Brad Zacher @​bradzacher
• Joshua Chen

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.55.0 (2026-02-09)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.54.0 (2026-01-26)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.53.1 (2026-01-19)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.53.0 (2026-01-12)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.52.0 (2026-01-05)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.51.0 (2025-12-29)

This was a version bump only for parser to align it with other projects, there were no code changes.

... (truncated)

Commits

• 8b8b68f chore(release): publish 8.56.0
• 68a074f feat: support ESLint v10 (#12057)
• fedfe86 chore(release): publish 8.55.0
• b931f8c chore: use workspace refs for workspace deps (#12018)
• 1f17a79 chore: migrate to pnpm (#11248)
• d423e57 chore(release): publish 8.54.0
• 9940e53 chore(release): publish 8.53.1
• 3021ede chore(release): publish 8.53.0
• 9ddd571 chore(release): publish 8.52.0
• 95c7c73 chore: update deps to latest minor/patch (#11921)
• Additional commits viewable in compare view

Updates eslint-plugin-better-tailwindcss from 3.7.11 to 4.3.0

Release notes

Sourced from eslint-plugin-better-tailwindcss's releases.

v4.3.0

compare changes

Features

• Support curried calls (#325)
• Support callee paths (#326)

Refactors

• Simplify matcher config (#324) The matcher config has been simplified from a nested tuple structure to a simple array of objects. This makes it easier to understand while also allowing better flexibility to support the new features. The old structure is still supported for now, but will be removed in the next major version.

  Check the updated configuration documentation for more information.

v4.2.0

compare changes

Features

• Add support for ESLint 10 (#323)

Performance

• Use shared worker to handle async calls (#319)

❤️ Contributors

• Stephen Zhou (@​hyoban)
• Bjorn Antonissen (@​Bjornftw)

v4.1.1

compare changes

Fixes

• Filter unrecommended rules (#317)

v4.1.0

compare changes

Features

• Experimental css linting (#314)
• Add solid classList matcher (#315)

Fixes

... (truncated)

Changelog

Sourced from eslint-plugin-better-tailwindcss's changelog.

v4.3.0

compare changes

Features

• Support curried calls (#325)
• Support callee paths (#326)

Refactors

• Simplify matcher config (#324) The matcher config has been simplified from a nested tuple structure to a simple array of objects. This makes it easier to understand while also allowing better flexibility to support the new features. The old structure is still supported for now, but will be removed in the next major version.

  Check the updated configuration documentation for more information.

v4.2.0

compare changes

Features

• Add support for ESLint 10 (#323)

Performance

• Use shared worker to handle async calls (#319)

❤️ Contributors

• Stephen Zhou (@​hyoban)
• Bjorn Antonissen (@​Bjornftw)

v4.1.1

compare changes

Fixes

• Filter unrecommended rules (#317)

v4.1.0

compare changes

Features

• Experimental css linting (#314)

... (truncated)

Commits

• 6869c5e chore(release): v4.3.0
• b58a9fc docs: clean up documentation
• 7acd2e9 docs: fix link
• aa1e137 refactor: rename pathPattern in new config (#328)
• f05399c refactor: migrate selectors (#327)
• e2e3fd8 feat: callee paths (#326)
• dcd2056 feat: support curried calls (#325)
• d5433bf refactor: simplify matcher config (#324)
• b5f58b1 chore(release): v4.2.0
• e18eaa6 chore: remove old cjs workaround
• Additional commits viewable in compare view

Updates eslint-plugin-boundaries from 5.3.0 to 5.4.0

Release notes

Sourced from eslint-plugin-boundaries's releases.

Enhance External/Local Dependency Classification for Monorepos

eslint-plugin-boundaries v5.4.0

• feat(#349): Add boundaries/flag-as-external setting to allow better control over external module identification
• feat(#420): Remove rules validation during linting runtime to improve performance. Validation is performed at configuration load time using eslint schema validation.
• chore: bump @​boundaries/elements to 1.2.0

@​boundaries/elements v1.2.0

• feat: Add rootPath and flagAsExternal options to allow better control over external module identification.

website

• feat: Add boundaries/flag-as-external setting to allow better control over external module identification
• feat: Add "Monorepo Setup" guide to the documentation, explaining how to configure the plugin in monorepo projects using boundaries/flag-as-external setting.

Fix elements selector validation

@​boundaries/eslint-plugin v5.3.1

Fixed

• fix(#415): Fix elements selector validation error when selector is an empty array

@​boundaries/elements v1.1.2

Fixed

• fix: Update HANDLEBARS_TEMPLATE_REGEX to fix vulnerability with regex denial of service (ReDoS) attacks.

chore

Changed

• chore: Bump pnpm to 10. Set pnpm security options. Detect shai-hulud dependencies in workflow
• chore: bump baseline-browser-mapping to supress warnings

Commits

• 34c0c9d Merge pull request #423 from javierbrea/release
• 03b303b chore: Resolve conflicts with master
• 4335373 feat(#420): Remove rules validation in linting runtime (#422)
• 9bd594b feat(#349): Enhance External/Local Dependency Classification (#421)
• 157710a Release v5.3.1 (#418)
• 004404f chore: Upgrade elements version
• 2ff4352 Merge branch 'master' into release
• a0fb802 chore: Check vulnerabilities in a different job
• 2c0267e fix(#415): Fix elements selector validation (#417)
• c841187 docs: Change Algolia links (#414)
• Additional commits viewable in compare view

Updates eslint-plugin-jsdoc from 61.4.1 to 62.5.5

Release notes

Sourced from eslint-plugin-jsdoc's releases.

v62.5.5

62.5.5 (2026-02-15)

Bug Fixes

• check-param-names: check arrow function properties in interfaces (TSPropertySignature); fixes #1657 (c7b132f)

v62.5.4

62.5.4 (2026-02-07)

Bug Fixes

• no-undefined-types: avoid treating infer type identifier as undefined; fixes #1654 (da44046)
• no-undefined-types: ensure template tags are defined; fixes #1655 (bfef848)

v62.5.3

62.5.3 (2026-02-06)

Bug Fixes

• default-expressions and examples configs: avoid applying deprecated rules now that ESLint warns against them; fixes #1651 (a252868)

v62.5.2

62.5.2 (2026-02-05)

Bug Fixes

• valid-types: allow numeric properties for jsdoc mode; fixes #1646 (122d283)

v62.5.1

62.5.1 (2026-02-04)

Bug Fixes

• require-template: stop treating type parameters names as unknown template names; fixes #1648 (dfc662e)
• type-formatting: update jsdoccomment and devDeps.; fixes #1647 (19f36b6)

v62.5.0

62.5.0 (2026-01-29)

Features

• check-tag-names: add Typedoc include, includeCode, and TSDoc inheritDoc/inheritdoc and label to allowable inline tags; add TSDoc and typedoc tags (925f6e3)
• require-description-complete-sentence: allow inline inheritDoc, inheritdoc, include, includeCode, label to avoid rule; fixes #1641 (c5a09c8)

... (truncated)

Commits

• c7b132f fix(check-param-names): check arrow function properties in interfaces (TSPr...
• bfef848 fix(no-undefined-types): ensure template tags are defined; fixes #1655
• da44046 fix(no-undefined-types): avoid treating infer type identifier as undefined;...
• a252868 fix(default-expressions and examples configs): avoid applying deprecated ...
• 122d283 fix(valid-types): allow numeric properties for jsdoc mode; fixes #1646
• dfc662e fix(require-template): stop treating type parameters names as unknown templ...
• 19f36b6 fix(type-formatting): update jsdoccomment and devDeps.; fixes #1647
• 925f6e3 feat(check-tag-names): add Typedoc include, includeCode, and TSDoc `inh...
• c078633 feat(valid-types): add Typedoc include, includeCode, and TSDoc `inherit...
• c5a09c8 feat(require-description-complete-sentence): allow inline inheritDoc, `in...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for eslint-plugin-jsdoc since your current version.

Updates eslint-plugin-n from 17.23.1 to 17.24.0

Release notes

Sourced from eslint-plugin-n's releases.

v17.24.0

17.24.0 (2026-02-15)

🌟 Features

• add prefer-global/crypto rule (#514) (2ea0f22)
• add prefer-global/timers rule (#515) (10b24ae)

🧹 Chores

• add v17.x to release-please (9c5e437)

v17.23.2

17.23.2 (2026-01-13)

🩹 Fixes

• avoid any type for no-top-level-await listener node (build issue) (#498) (f071703)
• file-extension-in-import: handle directory index imports (#499) (754a1a6)
• file-extension-in-import: handle files with dots in basename (#506) (600f3f2)
• no-sync: resolve full typed names for ignores (#501) (047301a)

📚 Documentation

• safely disable no-unpublished-bin npm v10+ (#487) (8af9c86)

🧹 Chores

• no-missing-import: align fixture message with latest resolver output (#500) (a3719d2)

Changelog

Sourced from eslint-plugin-n's changelog.

17.24.0 (2026-02-15)

🌟 Features

• add prefer-global/crypto rule (#514) (2ea0f22)
• add prefer-global/timers rule (#515) (10b24ae)

🧹 Chores

• add v17.x to release-please (9c5e437)

17.23.2 (2026-01-13)

🩹 Fixes

• avoid any type for no-top-level-await listener node (build issue) (#498) (f071703)
• file-extension-in-import: handle directory index imports (#499) (754a1a6)
• file-extension-in-import: handle files with dots in basename (#506) (600f3f2)
• no-sync: resolve full typed names for ignores (#501) (047301a)

📚 Documentation

• safely disable no-unpublished-bin npm v10+ (#487) (8af9c86)

🧹 Chores

• no-missing-import: align fixture message with latest resolver output (#500) (a3719d2)

Commits

• a302c0b chore(master): release 17.24.0 (#512)
• 10b24ae feat: add prefer-global/timers rule (#515)
• 2ea0f22 feat: add prefer-global/crypto rule (#514)
• 9c5e437 chore: add v17.x to release-please
• 7541d64 chore(master): release 17.23.2 (#488)
• 600f3f2 fix(file-extension-in-import): handle files with dots in basename (#506)
• 754a1a6 fix(file-extension-in-import): handle directory index imports (#499)
• 047301a fix(no-sync): resolve full typed names for ignores (#501)
• f071703 fix: avoid any type for no-top-level-await listener node (build issue) (#498)
• a3719d2 test(no-missing-import): align fixture message with latest resolver output (#...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for eslint-plugin-n since your current version.

Updates eslint-plugin-perfectionist from 4.15.1 to 5.5.0

Release notes

Sourced from eslint-plugin-perfectionist's releases.

v5.5.0

   🚀 Features

• sort-classes: Improve dependency detection algorithm  -  by @​hugop95 (8bcbc)

   🐞 Bug Fixes

• Prevent spread operator reordering in sort-sets and sort-array-includes  -  by @​azat-io (06b0f)

    View changes on GitHub

v5.4.0

   🚀 Features

• Improve dependency detection algorithm  -  by @​hugop95 (a80d8)
• sort-objects: Allow sorting by name and value  -  by @​hugop95 (2622a)

   🐞 Bug Fixes

• sort-modules:
  • Enable fallback sorting for usage mode  -  by @​hugop95 (a2b89)
  • Fix error loop due to overload signatures with sort-usages  -  by @​hugop95 (2dcdb)
  • Add support for overload signatures  -  by @​hugop95 (d760a)
  • Avoid deprecated enum members access  -  by @​azat-io (a0a7d)

   🏎 Performance

• Cache group options and improve subgroup-order coverage  -  by @​hugop95 (85807)
• Avoid accumulating spreads in hot paths  -  by @​azat-io (2c964)

    View changes on GitHub

v5.3.1

   🐞 Bug Fixes

• Align plugin configs typing with eslint  -  by @​azat-io (7c44d)

    View changes on GitHub

v5.3.0

   🚀 Features

• Fallback sort subgroup order  -  by @​Lievesley (3c8fe)
• sort-modules: Allow exported then decorated classes to be sorted  -  by @​hugop95 (53b00)

   🐞 Bug Fixes

• Use runtime-safe node type checks  -  by @​hugop95 (a0ec1)

    View changes on GitHub

... (truncated)

Changelog

Sourced from eslint-plugin-perfectionist's changelog.

v5.5.0

compare changes

🚀 Features

• sort-classes: Improve dependency detection algorithm (8bcbc88a)

🐞 Bug Fixes

• Prevent spread operator reordering in sort-sets and sort-array-includes (06b0f73e)

❤️ Contributors

• Azat S. (@​azat-io)
• Hugo (@​hugop95)

v5.4.0

compare changes

🚀 Features

• sort-objects: Allow sorting by name and value (2622a734)
• Improve dependency detection algorithm (a80d8105)

🏎 Performance Improvements

• Cache group options and improve subgroup-order coverage (858076c7)
• Avoid accumulating spreads in hot paths (2c964ae0)

🐞 Bug Fixes

• sort-modules: Enable fallback sorting for usage mode (a2b898e4)
• sort-modules: Fix error loop due to overload signatures with sort-usages (2dcdb687)
• sort-modules: Add support for overload signatures (d760ae7a)
• sort-modules: Avoid deprecated enum members access (a0a7d478)

❤️ Contributors

... (truncated)

Commits

• 53f9610 build: publish v5.5.0
• f2fff07 chore: update github actions
• f2a3560 chore: update dependencies
• 06b0f73 fix: prevent spread operator reordering in sort-sets and sort-array-includes
• 55f6169 chore: update github actions
• a7ff1c2 chore: update prettier config
• 749aeeb docs: update year in copyright
• 8bcbc88 feat(sort-classes): improve dependency detection algorithm
• d0b5dfd build: publish v5.4.0
• 9f67f57 chore: update dependencies
• Additional commits viewable in compare view

Updates eslint-plugin-prettier from 5.5.4 to 5.5.5

Release notes

Sourced from eslint-plugin-prettier's releases.

v5.5.5

Patch Changes

• #772 7264ed0 Thanks @​BPScott! - Bump prettier-linter-helpers dependency to v1.0.1

• #776 77651a3 Thanks @​aswils! - fix: bump synckit for yarn PnP ESM issue

Changelog

Sourced from eslint-plugin-prettier's changelog.

5.5.5

Patch Changes

• #772 7264ed0 Thanks @​BPScott! - Bump prettier-linter-helpers dependency to v1.0.1

• #776 77651a3 Thanks @​aswils! - fix: bump synckit for yarn PnP ESM issue

Commits

• e2c154a chore: release eslint-plugin-prettier (#773)
• 6795c1a build(deps): Bump the actions group across 1 directory with 2 updates (#774)
• 77651a3 fix: bump synckit for yarn PnP ESM issue (#776)
• 7264ed0 chore: bump prettier-linter-helpers to v1.0.1 (#772)
• e11a5b7 build(deps): Bump the actions group across 1 directory with 3 updates (#769)
• befda88 ci: enable trusted publishing (#757)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for eslint-plugin-prettier since your current version.

Updates eslint-plugin-unicorn from 62.0.0 to 63.0.0

Release notes

Sourced from eslint-plugin-unicorn's releases.

v63.0.0

New rules

• isolated-functions (#2701) 4956a6be

Improvements

• Support ESLint 10 (#2823) bd0901b1
• prefer-set-size: Add Array.from() support (#2857) e556143b
• prefer-bigint-literals: Support signed numbers and strings (#2784) a332a509
• prefer-export-from: Fix type-import being removed when using namespace import (#2771) ab4b779a
• prefer-spread: Fix: Skip TypedArray and ArrayBuffer constructor calls (

[dependabot]

Labels

The following labels could not be found: automated. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[trunk-io]

Merging to main in this repository is managed by Trunk.

• To merge this pull request, check the box to the left or comment /trunk merge below.

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
❌ Deployment failed View logs	claudepro-directory-web-prd	6e7fc17	Feb 16 2026, 06:09 PM

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)

See the Details below.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@babel/code-frame	7.29.0	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 24/29 approved changesets -- score normalized to 8 CII-Best-Practices ⚠️ 2 badge detected: InProgress License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 39 existing vulnerabilities detected
npm/@babel/runtime	7.28.6	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 24/29 approved changesets -- score normalized to 8 CII-Best-Practices ⚠️ 2 badge detected: InProgress License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 39 existing vulnerabilities detected
npm/@boundaries/elements	1.2.0	🟢 4.4	Details Check Score Reason Maintained 🟢 10 22 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 1/19 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 9 SAST tool is not run on all commits -- score normalized to 9 Vulnerabilities ⚠️ 0 13 existing vulnerabilities detected
npm/@es-joy/jsdoccomment	0.84.0	Unknown	Unknown
npm/@eslint-community/eslint-utils	4.9.1	Unknown	Unknown
npm/@eslint/css-tree	3.6.9	Unknown	Unknown
npm/@isaacs/cliui	9.0.0	Unknown	Unknown
npm/@typescript-eslint/eslint-plugin	8.56.0	Unknown	Unknown
npm/@typescript-eslint/parser	8.56.0	Unknown	Unknown
npm/@typescript-eslint/project-service	8.56.0	Unknown	Unknown
npm/@typescript-eslint/scope-manager	8.56.0	Unknown	Unknown
npm/@typescript-eslint/tsconfig-utils	8.56.0	Unknown	Unknown
npm/@typescript-eslint/type-utils	8.56.0	Unknown	Unknown
npm/@typescript-eslint/types	8.56.0	Unknown	Unknown
npm/@typescript-eslint/typescript-estree	8.56.0	Unknown	Unknown
npm/@typescript-eslint/utils	8.56.0	Unknown	Unknown
npm/@typescript-eslint/visitor-keys	8.56.0	Unknown	Unknown
npm/@valibot/to-json-schema	1.5.0	Unknown	Unknown
npm/balanced-match	4.0.2	🟢 4.7	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained ⚠️ 2 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/brace-expansion	5.0.2	🟢 5.6	Details Check Score Reason Code-Review 🟢 3 Found 8/26 approved changesets -- score normalized to 3 Maintained 🟢 5 6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/caniuse-lite	1.0.30001770	🟢 4.7	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 14 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 no SAST tool detected Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Pinned-Dependencies 🟢 10 all dependencies are pinned Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 7 3 existing vulnerabilities detected
npm/ci-info	4.4.0	🟢 3.9	Details Check Score Reason Code-Review ⚠️ 1 Found 5/30 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained 🟢 3 3 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 3 Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/comment-parser	1.4.5	Unknown	Unknown
npm/core-js-compat	3.48.0	🟢 4.1	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 20 existing vulnerabilities detected
npm/electron-to-chromium	1.5.286	Unknown	Unknown
npm/enhanced-resolve	5.19.0	🟢 6.9	Details Check Score Reason Maintained 🟢 10 8 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 3 Found 8/22 approved changesets -- score normalized to 3 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/eslint-plugin-better-tailwindcss	4.3.0	Unknown	Unknown
npm/eslint-plugin-boundaries	5.4.0	🟢 4.4	Details Check Score Reason Maintained 🟢 10 22 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 1/19 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 9 SAST tool is not run on all commits -- score normalized to 9 Vulnerabilities ⚠️ 0 13 existing vulnerabilities detected
npm/eslint-plugin-jsdoc	62.5.5	🟢 4.7	Details Check Score Reason Code-Review ⚠️ 1 Found 3/21 approved changesets -- score normalized to 1 Maintained 🟢 10 30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected License 🟢 9 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Packaging 🟢 10 packaging workflow detected Vulnerabilities 🟢 5 5 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/eslint-plugin-n	17.24.0	Unknown	Unknown
npm/eslint-plugin-perfectionist	5.5.0	Unknown	Unknown
npm/eslint-plugin-prettier	5.5.5	🟢 5.4	Details Check Score Reason Maintained 🟢 7 7 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 3 Found 5/16 approved changesets -- score normalized to 3 License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 4 6 existing vulnerabilities detected
npm/eslint-plugin-unicorn	63.0.0	🟢 5.6	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Code-Review 🟢 6 Found 19/30 approved changesets -- score normalized to 6 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/eslint-visitor-keys	5.0.0	Unknown	Unknown
npm/espree	11.1.0	Unknown	Unknown
npm/esquery	1.7.0	🟢 4.5	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 5 Found 8/14 approved changesets -- score normalized to 5 Maintained ⚠️ 2 2 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 2 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 9 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/get-tsconfig	4.13.6	Unknown	Unknown
npm/jackspeak	4.2.3	🟢 5	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 11 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 1/23 approved changesets -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/jsdoc-type-pratt-parser	7.1.1	Unknown	Unknown
npm/lefthook	2.1.1	🟢 5.6	Details Check Score Reason Code-Review 🟢 3 Found 11/30 approved changesets -- score normalized to 3 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits
npm/lefthook-darwin-arm64	2.1.1	🟢 5.6	Details Check Score Reason Code-Review 🟢 3 Found 11/30 approved changesets -- score normalized to 3 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits
npm/lefthook-darwin-x64	2.1.1	🟢 5.6	Details Check Score Reason Code-Review 🟢 3 Found 11/30 approved changesets -- score normalized to 3 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits
npm/lefthook-freebsd-arm64	2.1.1	🟢 5.6	Details Check Score Reason Code-Review 🟢 3 Found 11/30 approved changesets -- score normalized to 3 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits
npm/lefthook-freebsd-x64	2.1.1	🟢 5.6	Details Check Score Reason Code-Review 🟢 3 Found 11/30 approved changesets -- score normalized to 3 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits
npm/lefthook-linux-arm64	2.1.1	🟢 5.6	Details Check Score Reason Code-Review 🟢 3 Found 11/30 approved changesets -- score normalized to 3 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits
npm/lefthook-linux-x64	2.1.1	🟢 5.6	Details Check Score Reason Code-Review 🟢 3 Found 11/30 approved changesets -- score normalized to 3 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits
npm/lefthook-openbsd-arm64	2.1.1	🟢 5.6	Details Check Score Reason Code-Review 🟢 3 Found 11/30 approved changesets -- score normalized to 3 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits
npm/lefthook-openbsd-x64	2.1.1	🟢 5.6	Details Check Score Reason Code-Review 🟢 3 Found 11/30 approved changesets -- score normalized to 3 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits
npm/lefthook-windows-arm64	2.1.1	🟢 5.6	Details Check Score Reason Code-Review 🟢 3 Found 11/30 approved changesets -- score normalized to 3 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits
npm/lefthook-windows-x64	2.1.1	🟢 5.6	Details Check Score Reason Code-Review 🟢 3 Found 11/30 approved changesets -- score normalized to 3 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits
npm/minimatch	10.2.0	🟢 5.3	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 1 Found 4/28 approved changesets -- score normalized to 1 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 7 8 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 7 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/prettier-linter-helpers	1.0.1	🟢 5.2	Details Check Score Reason Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained 🟢 6 8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 0 Found 0/11 approved changesets -- score normalized to 0 Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/semver	7.7.4	🟢 6.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 5 5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 8 SAST tool detected but not run on all commits
npm/synckit	0.11.12	Unknown	Unknown
npm/ts-api-utils	2.4.0	Unknown	Unknown
npm/update-browserslist-db	1.2.3	🟢 4.2	Details Check Score Reason Maintained 🟢 10 17 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 1 Found 4/25 approved changesets -- score normalized to 1 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 10 existing vulnerabilities detected
npm/valibot	1.2.0	Unknown	Unknown

Scanned Files

• pnpm-lock.yaml

[netlify]

❌ Deploy Preview for heyclaude failed.

Name	Link
🔨 Latest commit	6e7fc17
🔍 Latest deploy log	https://app.netlify.com/projects/heyclaude/deploys/69935d25064a99000820311f