Bump the npm group with 11 updates

[dependabot]

Bumps the npm group with 11 updates:

Package	From	To
@types/node	24.6.2	24.7.0
typescript-eslint	8.45.0	8.46.0
@typescript-eslint/eslint-plugin	8.45.0	8.46.0
@typescript-eslint/parser	8.45.0	8.46.0
@typescript-eslint/type-utils	8.45.0	8.46.0
@typescript-eslint/utils	8.45.0	8.46.0
@typescript-eslint/visitor-keys	8.45.0	8.46.0
baseline-browser-mapping	2.8.12	2.8.14
caniuse-lite	1.0.30001748	1.0.30001749
electron-to-chromium	1.5.231	1.5.233
undici-types	7.13.0	7.14.0

Updates @types/node from 24.6.2 to 24.7.0

Commits

• See full diff in compare view

Updates typescript-eslint from 8.45.0 to 8.46.0

Release notes

Sourced from typescript-eslint's releases.

v8.46.0

8.46.0 (2025-10-06)

🚀 Features

• eslint-plugin: [no-unsafe-member-access] add allowOptionalChaining option (#11659)
• eslint-plugin-internal: [no-dynamic-tests] new internal Lint rule to ban dynamic syntax in generating tests (#11323)
• rule-schema-to-typescript-types: clean up and make public (#11633)
• typescript-eslint: export util types (#10848, #10849)
• typescript-estree: mention file specifics in project service allowDefaultProject error (#11635)
• typescript-estree: private identifiers can only appear on LHS of in expressions (#9232)

🩹 Fixes

• eslint-plugin: [no-floating-promises] remove excess parentheses in suggestions (#11487)
• eslint-plugin: [unbound-method] improve wording around this: void and binding (#11634)
• eslint-plugin: [no-deprecated] ignore deprecated export imports (#11603)
• eslint-plugin: removed error type previously deprecated (#11674)
• eslint-plugin: [prefer-readonly-parameter-types] ignore tagged primitives (#11660)
• rule-tester: deprecate TestCaseError#type and LintMessage#nodeType (#11628)
• typescript-estree: forbid abstract modifier in object methods (#11656)
• typescript-estree: forbid abstract method and accessor to have implementation (#11657)

❤️ Thank You

• fisker Cheung @​fisker
• Josh Goldberg ✨
• Joshua Chen
• Kirk Waiblinger @​kirkwaiblinger
• Mark de Dios @​peanutenthusiast
• Mister-Hope @​Mister-Hope
• Richard Torres @​richardtorres314
• Victor Genaev @​mainframev
• Younsang Na @​nayounsang

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.46.0 (2025-10-06)

🚀 Features

• typescript-eslint: export util types (#10848, #10849)

❤️ Thank You

• Mister-Hope @​Mister-Hope

You can read about our versioning strategy and releases on our website.

Commits

• aec785e chore(release): publish 8.46.0
• 5c1a159 feat(typescript-eslint): export util types (close #10848) (#10849)
• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.45.0 to 8.46.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.46.0

8.46.0 (2025-10-06)

🚀 Features

• eslint-plugin: [no-unsafe-member-access] add allowOptionalChaining option (#11659)
• eslint-plugin-internal: [no-dynamic-tests] new internal Lint rule to ban dynamic syntax in generating tests (#11323)
• rule-schema-to-typescript-types: clean up and make public (#11633)
• typescript-eslint: export util types (#10848, #10849)
• typescript-estree: mention file specifics in project service allowDefaultProject error (#11635)
• typescript-estree: private identifiers can only appear on LHS of in expressions (#9232)

🩹 Fixes

• eslint-plugin: [no-floating-promises] remove excess parentheses in suggestions (#11487)
• eslint-plugin: [unbound-method] improve wording around this: void and binding (#11634)
• eslint-plugin: [no-deprecated] ignore deprecated export imports (#11603)
• eslint-plugin: removed error type previously deprecated (#11674)
• eslint-plugin: [prefer-readonly-parameter-types] ignore tagged primitives (#11660)
• rule-tester: deprecate TestCaseError#type and LintMessage#nodeType (#11628)
• typescript-estree: forbid abstract modifier in object methods (#11656)
• typescript-estree: forbid abstract method and accessor to have implementation (#11657)

❤️ Thank You

• fisker Cheung @​fisker
• Josh Goldberg ✨
• Joshua Chen
• Kirk Waiblinger @​kirkwaiblinger
• Mark de Dios @​peanutenthusiast
• Mister-Hope @​Mister-Hope
• Richard Torres @​richardtorres314
• Victor Genaev @​mainframev
• Younsang Na @​nayounsang

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.46.0 (2025-10-06)

🚀 Features

• eslint-plugin: [no-unsafe-member-access] add allowOptionalChaining option (#11659)
• rule-schema-to-typescript-types: clean up and make public (#11633)

🩹 Fixes

• eslint-plugin: [prefer-readonly-parameter-types] ignore tagged primitives (#11660)
• typescript-estree: forbid abstract method and accessor to have implementation (#11657)
• eslint-plugin: removed error type previously deprecated (#11674)
• eslint-plugin: [no-deprecated] ignore deprecated export imports (#11603)
• eslint-plugin: [unbound-method] improve wording around this: void and binding (#11634)
• rule-tester: deprecate TestCaseError#type and LintMessage#nodeType (#11628)
• eslint-plugin: [no-floating-promises] remove excess parentheses in suggestions (#11487)

❤️ Thank You

• fisker Cheung @​fisker
• Josh Goldberg ✨
• Kirk Waiblinger @​kirkwaiblinger
• Mark de Dios @​peanutenthusiast
• Richard Torres @​richardtorres314
• Victor Genaev @​mainframev

You can read about our versioning strategy and releases on our website.

Commits

• aec785e chore(release): publish 8.46.0
• a974191 fix(eslint-plugin): [prefer-readonly-parameter-types] ignore tagged primitive...
• 02e0278 fix(typescript-estree): forbid abstract method and accessor to have implement...
• f083798 feat(eslint-plugin): [no-unsafe-member-access] add allowOptionalChaining opti...
• a62f625 fix(eslint-plugin): removed error type previously deprecated (#11674)
• 7f5fed7 chore: remove unused batchedSingleLineTests test utility (#11675)
• f8412ce fix(eslint-plugin): [no-deprecated] ignore deprecated export imports (#11603)
• 8de997e feat(eslint-plugin): [no-unused-vars] support explicit resource management wi...
• 740a63f feat(rule-schema-to-typescript-types): clean up and make public (#11633)
• 692d4ee docs(eslint-plugin): [prefer-for-of] mention DOM elements and lib: dom.iterab...
• Additional commits viewable in compare view

Updates @typescript-eslint/parser from 8.45.0 to 8.46.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.46.0

8.46.0 (2025-10-06)

🚀 Features

• eslint-plugin: [no-unsafe-member-access] add allowOptionalChaining option (#11659)
• eslint-plugin-internal: [no-dynamic-tests] new internal Lint rule to ban dynamic syntax in generating tests (#11323)
• rule-schema-to-typescript-types: clean up and make public (#11633)
• typescript-eslint: export util types (#10848, #10849)
• typescript-estree: mention file specifics in project service allowDefaultProject error (#11635)
• typescript-estree: private identifiers can only appear on LHS of in expressions (#9232)

🩹 Fixes

• eslint-plugin: [no-floating-promises] remove excess parentheses in suggestions (#11487)
• eslint-plugin: [unbound-method] improve wording around this: void and binding (#11634)
• eslint-plugin: [no-deprecated] ignore deprecated export imports (#11603)
• eslint-plugin: removed error type previously deprecated (#11674)
• eslint-plugin: [prefer-readonly-parameter-types] ignore tagged primitives (#11660)
• rule-tester: deprecate TestCaseError#type and LintMessage#nodeType (#11628)
• typescript-estree: forbid abstract modifier in object methods (#11656)
• typescript-estree: forbid abstract method and accessor to have implementation (#11657)

❤️ Thank You

• fisker Cheung @​fisker
• Josh Goldberg ✨
• Joshua Chen
• Kirk Waiblinger @​kirkwaiblinger
• Mark de Dios @​peanutenthusiast
• Mister-Hope @​Mister-Hope
• Richard Torres @​richardtorres314
• Victor Genaev @​mainframev
• Younsang Na @​nayounsang

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.46.0 (2025-10-06)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

• aec785e chore(release): publish 8.46.0
• See full diff in compare view

Updates @typescript-eslint/type-utils from 8.45.0 to 8.46.0

Release notes

Sourced from @​typescript-eslint/type-utils's releases.

v8.46.0

8.46.0 (2025-10-06)

🚀 Features

• eslint-plugin: [no-unsafe-member-access] add allowOptionalChaining option (#11659)
• eslint-plugin-internal: [no-dynamic-tests] new internal Lint rule to ban dynamic syntax in generating tests (#11323)
• rule-schema-to-typescript-types: clean up and make public (#11633)
• typescript-eslint: export util types (#10848, #10849)
• typescript-estree: mention file specifics in project service allowDefaultProject error (#11635)
• typescript-estree: private identifiers can only appear on LHS of in expressions (#9232)

🩹 Fixes

• eslint-plugin: [no-floating-promises] remove excess parentheses in suggestions (#11487)
• eslint-plugin: [unbound-method] improve wording around this: void and binding (#11634)
• eslint-plugin: [no-deprecated] ignore deprecated export imports (#11603)
• eslint-plugin: removed error type previously deprecated (#11674)
• eslint-plugin: [prefer-readonly-parameter-types] ignore tagged primitives (#11660)
• rule-tester: deprecate TestCaseError#type and LintMessage#nodeType (#11628)
• typescript-estree: forbid abstract modifier in object methods (#11656)
• typescript-estree: forbid abstract method and accessor to have implementation (#11657)

❤️ Thank You

• fisker Cheung @​fisker
• Josh Goldberg ✨
• Joshua Chen
• Kirk Waiblinger @​kirkwaiblinger
• Mark de Dios @​peanutenthusiast
• Mister-Hope @​Mister-Hope
• Richard Torres @​richardtorres314
• Victor Genaev @​mainframev
• Younsang Na @​nayounsang

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/type-utils's changelog.

8.46.0 (2025-10-06)

🩹 Fixes

• eslint-plugin: [prefer-readonly-parameter-types] ignore tagged primitives (#11660)

❤️ Thank You

• Josh Goldberg ✨

You can read about our versioning strategy and releases on our website.

Commits

• aec785e chore(release): publish 8.46.0
• a974191 fix(eslint-plugin): [prefer-readonly-parameter-types] ignore tagged primitive...
• See full diff in compare view

Updates @typescript-eslint/utils from 8.45.0 to 8.46.0

Release notes

Sourced from @​typescript-eslint/utils's releases.

v8.46.0

8.46.0 (2025-10-06)

🚀 Features

• eslint-plugin: [no-unsafe-member-access] add allowOptionalChaining option (#11659)
• eslint-plugin-internal: [no-dynamic-tests] new internal Lint rule to ban dynamic syntax in generating tests (#11323)
• rule-schema-to-typescript-types: clean up and make public (#11633)
• typescript-eslint: export util types (#10848, #10849)
• typescript-estree: mention file specifics in project service allowDefaultProject error (#11635)
• typescript-estree: private identifiers can only appear on LHS of in expressions (#9232)

🩹 Fixes

• eslint-plugin: [no-floating-promises] remove excess parentheses in suggestions (#11487)
• eslint-plugin: [unbound-method] improve wording around this: void and binding (#11634)
• eslint-plugin: [no-deprecated] ignore deprecated export imports (#11603)
• eslint-plugin: removed error type previously deprecated (#11674)
• eslint-plugin: [prefer-readonly-parameter-types] ignore tagged primitives (#11660)
• rule-tester: deprecate TestCaseError#type and LintMessage#nodeType (#11628)
• typescript-estree: forbid abstract modifier in object methods (#11656)
• typescript-estree: forbid abstract method and accessor to have implementation (#11657)

❤️ Thank You

• fisker Cheung @​fisker
• Josh Goldberg ✨
• Joshua Chen
• Kirk Waiblinger @​kirkwaiblinger
• Mark de Dios @​peanutenthusiast
• Mister-Hope @​Mister-Hope
• Richard Torres @​richardtorres314
• Victor Genaev @​mainframev
• Younsang Na @​nayounsang

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/utils's changelog.

8.46.0 (2025-10-06)

🩹 Fixes

• rule-tester: deprecate TestCaseError#type and LintMessage#nodeType (#11628)

❤️ Thank You

• Mark de Dios @​peanutenthusiast

You can read about our versioning strategy and releases on our website.

Commits

• aec785e chore(release): publish 8.46.0
• e2d549e fix(rule-tester): deprecate TestCaseError#type and LintMessage#nodeType (#11628)
• db09a7d Revert "feat(eslint-plugin): expose rule name via RuleModule interface" (#11663)
• See full diff in compare view

Updates @typescript-eslint/visitor-keys from 8.45.0 to 8.46.0

Release notes

Sourced from @​typescript-eslint/visitor-keys's releases.

v8.46.0

8.46.0 (2025-10-06)

🚀 Features

• eslint-plugin: [no-unsafe-member-access] add allowOptionalChaining option (#11659)
• eslint-plugin-internal: [no-dynamic-tests] new internal Lint rule to ban dynamic syntax in generating tests (#11323)
• rule-schema-to-typescript-types: clean up and make public (#11633)
• typescript-eslint: export util types (#10848, #10849)
• typescript-estree: mention file specifics in project service allowDefaultProject error (#11635)
• typescript-estree: private identifiers can only appear on LHS of in expressions (#9232)

🩹 Fixes

• eslint-plugin: [no-floating-promises] remove excess parentheses in suggestions (#11487)
• eslint-plugin: [unbound-method] improve wording around this: void and binding (#11634)
• eslint-plugin: [no-deprecated] ignore deprecated export imports (#11603)
• eslint-plugin: removed error type previously deprecated (#11674)
• eslint-plugin: [prefer-readonly-parameter-types] ignore tagged primitives (#11660)
• rule-tester: deprecate TestCaseError#type and LintMessage#nodeType (#11628)
• typescript-estree: forbid abstract modifier in object methods (#11656)
• typescript-estree: forbid abstract method and accessor to have implementation (#11657)

❤️ Thank You

• fisker Cheung @​fisker
• Josh Goldberg ✨
• Joshua Chen
• Kirk Waiblinger @​kirkwaiblinger
• Mark de Dios @​peanutenthusiast
• Mister-Hope @​Mister-Hope
• Richard Torres @​richardtorres314
• Victor Genaev @​mainframev
• Younsang Na @​nayounsang

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/visitor-keys's changelog.

8.46.0 (2025-10-06)

This was a version bump only for visitor-keys to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

• aec785e chore(release): publish 8.46.0
• See full diff in compare view

Updates baseline-browser-mapping from 2.8.12 to 2.8.14

Commits

• ebb884c Patch to 2.8.14 because browser or feature data changed
• f3f088e Browser or feature data changed
• 7fd38bb Updating static site
• de21b85 Patch to 2.8.13 because browser or feature data changed
• bb4ba09 Browser or feature data changed
• d361d74 Updating static site
• See full diff in compare view

Updates caniuse-lite from 1.0.30001748 to 1.0.30001749

Commits

• 9015873 Update caniuse-db 1.0.30001749
• See full diff in compare view

Updates electron-to-chromium from 1.5.231 to 1.5.233

Commits

• 5db88d2 1.5.233
• 09b4d09 generate new version
• 5ebb5f3 1.5.232
• d7ebb04 generate new version
• See full diff in compare view

Updates undici-types from 7.13.0 to 7.14.0

Release notes

Sourced from undici-types's releases.

v7.14.0

What's Changed

• Fix flaky snapshot-testing by @​mcollina in nodejs/undici#4367
• Actually flush the file in lib/mock/snapshot-recorder.js by @​mcollina in nodejs/undici#4378
• docs: clarify Node.js version support in LTS table by @​mcollina in nodejs/undici#4375
• cache: fix excessive caching and some other lack of caching by @​fredericDelaporte in nodejs/undici#4335
• feat(websocket): add handshake response info to undici:websocket:open diagnostic event by @​tawseefnabi in nodejs/undici#4396
• feat: add install() function to type definitions by @​jsaguet in nodejs/undici#4384
• build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @​dependabot[bot] in nodejs/undici#4380
• build(deps): bump cronometro from 4.0.3 to 5.3.0 in /benchmarks by @​dependabot[bot] in nodejs/undici#4171
• build(deps): bump step-security/harden-runner from 2.12.0 to 2.13.0 by @​dependabot[bot] in nodejs/undici#4379
• fix: h2 CI by @​metcoder95 in nodejs/undici#4395
• feat: EventSource can be configured with reconnectionTime by @​Uzlopak in nodejs/undici#4260
• build(deps-dev): bump tsd from 0.32.0 to 0.33.0 by @​dependabot[bot] in nodejs/undici#4404
• eventsource: deflake reconnectionTime tests by @​Uzlopak in nodejs/undici#4406
• cache: change normaliseHeaders to normalizeHeaders by @​Uzlopak in nodejs/undici#4408
• build(deps-dev): bump jest from 29.7.0 to 30.0.5 by @​dependabot[bot] in nodejs/undici#4387
• build(deps-dev): bump cross-env from 7.0.3 to 10.0.0 by @​dependabot[bot] in nodejs/undici#4386
• cache-control: no-cache: use quoted-string form by @​alxndrsn in nodejs/undici#4177
• test: fix snapshot testing flaky test by @​Uzlopak in nodejs/undici#4410
• fix formdata constructor args mark optional by @​tsctx in nodejs/undici#4411
• Update WPT by @​github-actions[bot] in nodejs/undici#4358
• Update Cache Tests by @​github-actions[bot] in nodejs/undici#4096
• chore: improve imports and requires by @​Uzlopak in nodejs/undici#4418
• refactor: snapshot-recorder by @​Uzlopak in nodejs/undici#4413
• Update WPT by @​github-actions[bot] in nodejs/undici#4416
• fix: better set a finalizer on cloned response by @​tsctx in nodejs/undici#4419

New Contributors

• @​tawseefnabi made their first contribution in nodejs/undici#4396
• @​jsaguet made their first contribution in nodejs/undici#4384

Full Changelog: nodejs/undici@v7.13.0...v7.14.0

Commits

• dfa2d15 Bumped v7.14.0 (#4420)
• 23423ed fix: better set a finalizer on cloned response (#4419)
• 3abbea5 chore: update WPT (#4416)
• 5453139 refactor: snapshot-recorder (#4413)
• 16e7812 chore: improve imports and requires (#4418)
• c9bdd3d chore: update cache tests (#4096)
• 7db221a chore: update WPT (#4358)
• c399fdf fix formdata constructor args mark optional (#4411)
• c1442a4 test: fix snapshot testing flaky test (#4410)
• c6cc3c1 cache-control: no-cache: use quoted-string form (#4177)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@types/node	^24.7.0	🟢 6.7	Details Check Score Reason Code-Review 🟢 6 Found 18/30 approved changesets -- score normalized to 6 Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/typescript-eslint	^8.46.0	🟢 5.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 7/10 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 33 existing vulnerabilities detected
npm/@typescript-eslint/eslint-plugin	8.46.0	🟢 5.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 7/10 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 33 existing vulnerabilities detected
npm/@typescript-eslint/parser	8.46.0	🟢 5.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 7/10 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 33 existing vulnerabilities detected
npm/@typescript-eslint/project-service	8.46.0	🟢 5.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 7/10 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 33 existing vulnerabilities detected
npm/@typescript-eslint/scope-manager	8.46.0	🟢 5.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 7/10 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 33 existing vulnerabilities detected
npm/@typescript-eslint/tsconfig-utils	8.46.0	🟢 5.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 7/10 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 33 existing vulnerabilities detected
npm/@typescript-eslint/type-utils	8.46.0	🟢 5.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 7/10 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 33 existing vulnerabilities detected
npm/@typescript-eslint/types	8.46.0	🟢 5.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 7/10 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 33 existing vulnerabilities detected
npm/@typescript-eslint/typescript-estree	8.46.0	🟢 5.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 7/10 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 33 existing vulnerabilities detected
npm/@typescript-eslint/utils	8.46.0	🟢 5.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 7/10 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 33 existing vulnerabilities detected
npm/@typescript-eslint/visitor-keys	8.46.0	🟢 5.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 7/10 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 33 existing vulnerabilities detected
npm/baseline-browser-mapping	2.8.14	Unknown	Unknown
npm/caniuse-lite	1.0.30001749	🟢 5	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 25 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/electron-to-chromium	1.5.233	Unknown	Unknown
npm/semver	7.7.3	🟢 6.8	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 7 4 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 7 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 8 SAST tool detected but not run on all commits
npm/typescript-eslint	8.46.0	🟢 5.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 7/10 approved changesets -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 33 existing vulnerabilities detected

Scanned Files

• package.json
• pnpm-lock.yaml