Bump the npm group with 17 updates

[dependabot]

Bumps the npm group with 17 updates:

Package	From	To
@types/node	25.0.9	25.0.10
@vitest/coverage-v8	4.0.17	4.0.18
prettier	3.8.0	3.8.1
vitest	4.0.17	4.0.18
@typescript-eslint/types	8.53.0	8.53.1
@vitest/expect	4.0.17	4.0.18
@vitest/mocker	4.0.17	4.0.18
@vitest/pretty-format	4.0.17	4.0.18
@vitest/runner	4.0.17	4.0.18
@vitest/snapshot	4.0.17	4.0.18
@vitest/spy	4.0.17	4.0.18
@vitest/utils	4.0.17	4.0.18
baseline-browser-mapping	2.9.17	2.9.18
caniuse-lite	1.0.30001765	1.0.30001766
electron-to-chromium	1.5.267	1.5.278
lodash	4.17.21	4.17.23
rollup	4.55.3	4.56.0

Updates @types/node from 25.0.9 to 25.0.10

Commits

• See full diff in compare view

Updates @vitest/coverage-v8 from 4.0.17 to 4.0.18

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.0.18

   🚀 Experimental Features

• experimental: Add onModuleRunner hook to worker.init  -  by @​sheremet-va in vitest-dev/vitest#9286 (ea837)

   🐞 Bug Fixes

• Use meta.url in createRequire  -  by @​sheremet-va in vitest-dev/vitest#9441 (e0572)
• browser: Hide injected data-testid attributes  -  by @​sheremet-va in vitest-dev/vitest#9503 (f8989)
• ui: Process artifact attachments when generating HTML reporter  -  by @​macarie in vitest-dev/vitest#9472 (22543)

    View changes on GitHub

Commits

• 4d3e3c6 chore: release v4.0.18
• See full diff in compare view

Updates prettier from 3.8.0 to 3.8.1

Release notes

Sourced from prettier's releases.

3.8.1

• Include available printers in plugin type declarations (#18706 by @​porada)

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.1

diff

Include available printers in plugin type declarations (#18706 by @​porada)

// Input
import * as prettierPluginEstree from "prettier/plugins/estree";
// Prettier 3.8.0
// Property 'printers' does not exist on type 'typeof import("prettier/plugins/estree")'. ts(2339)
prettierPluginEstree.printers.estree; //=> any
// Prettier 3.8.1
prettierPluginEstree.printers.estree; //=> Printer
prettierPluginEstree.printers["estree-json"]; //=> Printer

Commits

• 90983f4 Release 3.8.1
• 57f702f Include available printers in plugin type declarations (#18706)
• bece827 Revert change in release script
• 82a4ab2 Bump Prettier dependency to 3.8.0
• 5213ee4 Clean changelog_unreleased
• f95ad0f Comment out finished steps
• b2034e8 Fix release script
• 5824b15 Release 3.8.0
• 0433601 Add blog post for v3.8.0 (#18639)
• c45fef1 Fix LWC attribute with --embedded-language-formatting off (#18383)
• See full diff in compare view

Updates vitest from 4.0.17 to 4.0.18

Release notes

Sourced from vitest's releases.

v4.0.18

   🚀 Experimental Features

• experimental: Add onModuleRunner hook to worker.init  -  by @​sheremet-va in vitest-dev/vitest#9286 (ea837)

   🐞 Bug Fixes

• Use meta.url in createRequire  -  by @​sheremet-va in vitest-dev/vitest#9441 (e0572)
• browser: Hide injected data-testid attributes  -  by @​sheremet-va in vitest-dev/vitest#9503 (f8989)
• ui: Process artifact attachments when generating HTML reporter  -  by @​macarie in vitest-dev/vitest#9472 (22543)

    View changes on GitHub

Commits

• 4d3e3c6 chore: release v4.0.18
• ea837de feat(experimental): add onModuleRunner hook to worker.init (#9286)
• e057281 fix: use meta.url in createRequire (#9441)
• See full diff in compare view

Updates @typescript-eslint/types from 8.53.0 to 8.53.1

Release notes

Sourced from @​typescript-eslint/types's releases.

v8.53.1

8.53.1 (2026-01-19)

🩹 Fixes

• eslint-plugin: [consistent-indexed-object-style] skip fixer if interface is a default export (#11951)
• utils: make RuleCreator root defaultOptions optional (#11956)

❤️ Thank You

• Cameron
• Yukihiro Hasegawa @​y-hsgw

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/types's changelog.

8.53.1 (2026-01-19)

This was a version bump only for types to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

• 9940e53 chore(release): publish 8.53.1
• See full diff in compare view

Updates @vitest/expect from 4.0.17 to 4.0.18

Release notes

Sourced from @​vitest/expect's releases.

v4.0.18

   🚀 Experimental Features

• experimental: Add onModuleRunner hook to worker.init  -  by @​sheremet-va in vitest-dev/vitest#9286 (ea837)

   🐞 Bug Fixes

• Use meta.url in createRequire  -  by @​sheremet-va in vitest-dev/vitest#9441 (e0572)
• browser: Hide injected data-testid attributes  -  by @​sheremet-va in vitest-dev/vitest#9503 (f8989)
• ui: Process artifact attachments when generating HTML reporter  -  by @​macarie in vitest-dev/vitest#9472 (22543)

    View changes on GitHub

Commits

• 4d3e3c6 chore: release v4.0.18
• See full diff in compare view

Updates @vitest/mocker from 4.0.17 to 4.0.18

Release notes

Sourced from @​vitest/mocker's releases.

v4.0.18

   🚀 Experimental Features

• experimental: Add onModuleRunner hook to worker.init  -  by @​sheremet-va in vitest-dev/vitest#9286 (ea837)

   🐞 Bug Fixes

• Use meta.url in createRequire  -  by @​sheremet-va in vitest-dev/vitest#9441 (e0572)
• browser: Hide injected data-testid attributes  -  by @​sheremet-va in vitest-dev/vitest#9503 (f8989)
• ui: Process artifact attachments when generating HTML reporter  -  by @​macarie in vitest-dev/vitest#9472 (22543)

    View changes on GitHub

Commits

• 4d3e3c6 chore: release v4.0.18
• See full diff in compare view

Updates @vitest/pretty-format from 4.0.17 to 4.0.18

Release notes

Sourced from @​vitest/pretty-format's releases.

v4.0.18

   🚀 Experimental Features

• experimental: Add onModuleRunner hook to worker.init  -  by @​sheremet-va in vitest-dev/vitest#9286 (ea837)

   🐞 Bug Fixes

• Use meta.url in createRequire  -  by @​sheremet-va in vitest-dev/vitest#9441 (e0572)
• browser: Hide injected data-testid attributes  -  by @​sheremet-va in vitest-dev/vitest#9503 (f8989)
• ui: Process artifact attachments when generating HTML reporter  -  by @​macarie in vitest-dev/vitest#9472 (22543)

    View changes on GitHub

Commits

• 4d3e3c6 chore: release v4.0.18
• f89899c fix(browser): hide injected data-testid attributes (#9503)
• See full diff in compare view

Updates @vitest/runner from 4.0.17 to 4.0.18

Release notes

Sourced from @​vitest/runner's releases.

v4.0.18

   🚀 Experimental Features

• experimental: Add onModuleRunner hook to worker.init  -  by @​sheremet-va in vitest-dev/vitest#9286 (ea837)

   🐞 Bug Fixes

• Use meta.url in createRequire  -  by @​sheremet-va in vitest-dev/vitest#9441 (e0572)
• browser: Hide injected data-testid attributes  -  by @​sheremet-va in vitest-dev/vitest#9503 (f8989)
• ui: Process artifact attachments when generating HTML reporter  -  by @​macarie in vitest-dev/vitest#9472 (22543)

    View changes on GitHub

Commits

• 4d3e3c6 chore: release v4.0.18
• See full diff in compare view

Updates @vitest/snapshot from 4.0.17 to 4.0.18

Release notes

Sourced from @​vitest/snapshot's releases.

v4.0.18

   🚀 Experimental Features

• experimental: Add onModuleRunner hook to worker.init  -  by @​sheremet-va in vitest-dev/vitest#9286 (ea837)

   🐞 Bug Fixes

• Use meta.url in createRequire  -  by @​sheremet-va in vitest-dev/vitest#9441 (e0572)
• browser: Hide injected data-testid attributes  -  by @​sheremet-va in vitest-dev/vitest#9503 (f8989)
• ui: Process artifact attachments when generating HTML reporter  -  by @​macarie in vitest-dev/vitest#9472 (22543)

    View changes on GitHub

Commits

• 4d3e3c6 chore: release v4.0.18
• See full diff in compare view

Updates @vitest/spy from 4.0.17 to 4.0.18

Release notes

Sourced from @​vitest/spy's releases.

v4.0.18

   🚀 Experimental Features

• experimental: Add onModuleRunner hook to worker.init  -  by @​sheremet-va in vitest-dev/vitest#9286 (ea837)

   🐞 Bug Fixes

• Use meta.url in createRequire  -  by @​sheremet-va in vitest-dev/vitest#9441 (e0572)
• browser: Hide injected data-testid attributes  -  by @​sheremet-va in vitest-dev/vitest#9503 (f8989)
• ui: Process artifact attachments when generating HTML reporter  -  by @​macarie in vitest-dev/vitest#9472 (22543)

    View changes on GitHub

Commits

• 4d3e3c6 chore: release v4.0.18
• See full diff in compare view

Updates @vitest/utils from 4.0.17 to 4.0.18

Release notes

Sourced from @​vitest/utils's releases.

v4.0.18

   🚀 Experimental Features

• experimental: Add onModuleRunner hook to worker.init  -  by @​sheremet-va in vitest-dev/vitest#9286 (ea837)

   🐞 Bug Fixes

• Use meta.url in createRequire  -  by @​sheremet-va in vitest-dev/vitest#9441 (e0572)
• browser: Hide injected data-testid attributes  -  by @​sheremet-va in vitest-dev/vitest#9503 (f8989)
• ui: Process artifact attachments when generating HTML reporter  -  by @​macarie in vitest-dev/vitest#9472 (22543)

    View changes on GitHub

Commits

• 4d3e3c6 chore: release v4.0.18
• See full diff in compare view

Updates baseline-browser-mapping from 2.9.17 to 2.9.18

Release notes

Sourced from baseline-browser-mapping's releases.

v2.9.3 - remove process.loadEnvFile()

What's Changed

• Remove process.loadEnfFile() from main script by @​tonypconway in web-platform-dx/baseline-browser-mapping#112

Full Changelog: web-platform-dx/baseline-browser-mapping@v2.9.2...v2.9.3

Commits

• 945eca4 Patch to 2.9.18 because browser or feature data changed
• ea6e7ca Browser or feature data changed
• 586487b Updating static site
• See full diff in compare view

Updates caniuse-lite from 1.0.30001765 to 1.0.30001766

Commits

• db00262 Update caniuse-db 1.0.30001766
• See full diff in compare view

Updates electron-to-chromium from 1.5.267 to 1.5.278

Commits

• a5cfe64 1.5.278
• 7f472f7 generate new version
• aa21e89 1.5.277
• f2d6792 generate new version
• 26ea54d 1.5.276
• 31ac131 generate new version
• 347f658 1.5.275
• 01d3c6f generate new version
• 28a30a1 1.5.274
• 35b7878 generate new version
• Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

• dec55b7 Bump main to v4.17.23 (#6088)
• 19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
• b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
• edadd45 Prevent prototype pollution on baseUnset function
• 4879a7a doc: fix autoLink function, conversion of source links (#6056)
• 9648f69 chore: remove yarn.lock file (#6053)
• dfa407d ci: remove legacy configuration files (#6052)
• 156e196 feat: add renovate setup (#6039)
• 933e106 ci: add pipeline for Bun (#6023)
• 072a807 docs: update links related to Open JS Foundation (#5968)
• Additional commits viewable in compare view

Updates rollup from 4.55.3 to 4.56.0

Release notes

Sourced from rollup's releases.

v4.56.0

4.56.0

2026-01-22

Features

• Track object property inclusions of dynamic namespace members (#6230)

Bug Fixes

• Handle methods that access dynamically imported namespace members via this (#6230)

Pull Requests

• #6230: Refine namespace handling (@​lukastaegert)

Changelog

Sourced from rollup's changelog.

4.56.0

2026-01-22

Features

• Track object property inclusions of dynamic namespace members (#6230)

Bug Fixes

• Handle methods that access dynamically imported namespace members via this (#6230)

Pull Requests

• #6230: Refine namespace handling (@​lukastaegert)

Commits

• 1cbac18 4.56.0
• 3506af2 Update audit resolver exclusions
• 18ccab2 Refine namespace handling (#6230)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 27 package(s) with unknown licenses.

See the Details below.

License Issues

pnpm-lock.yaml

Package	Version	License	Issue Type
@rollup/rollup-android-arm-eabi	4.56.0	Null	Unknown License
@rollup/rollup-android-arm64	4.56.0	Null	Unknown License
@rollup/rollup-darwin-arm64	4.56.0	Null	Unknown License
@rollup/rollup-darwin-x64	4.56.0	Null	Unknown License
@rollup/rollup-freebsd-arm64	4.56.0	Null	Unknown License
@rollup/rollup-freebsd-x64	4.56.0	Null	Unknown License
@rollup/rollup-linux-arm-gnueabihf	4.56.0	Null	Unknown License
@rollup/rollup-linux-arm-musleabihf	4.56.0	Null	Unknown License
@rollup/rollup-linux-arm64-gnu	4.56.0	Null	Unknown License
@rollup/rollup-linux-arm64-musl	4.56.0	Null	Unknown License
@rollup/rollup-linux-loong64-gnu	4.56.0	Null	Unknown License
@rollup/rollup-linux-loong64-musl	4.56.0	Null	Unknown License
@rollup/rollup-linux-ppc64-gnu	4.56.0	Null	Unknown License
@rollup/rollup-linux-ppc64-musl	4.56.0	Null	Unknown License
@rollup/rollup-linux-riscv64-gnu	4.56.0	Null	Unknown License
@rollup/rollup-linux-riscv64-musl	4.56.0	Null	Unknown License
@rollup/rollup-linux-s390x-gnu	4.56.0	Null	Unknown License
@rollup/rollup-linux-x64-gnu	4.56.0	Null	Unknown License
@rollup/rollup-linux-x64-musl	4.56.0	Null	Unknown License
@rollup/rollup-openbsd-x64	4.56.0	Null	Unknown License
@rollup/rollup-openharmony-arm64	4.56.0	Null	Unknown License
@rollup/rollup-win32-arm64-msvc	4.56.0	Null	Unknown License
@rollup/rollup-win32-ia32-msvc	4.56.0	Null	Unknown License
@rollup/rollup-win32-x64-gnu	4.56.0	Null	Unknown License
@rollup/rollup-win32-x64-msvc	4.56.0	Null	Unknown License
lodash	4.17.23	Null	Unknown License
rollup	4.56.0	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@rollup/rollup-android-arm-eabi	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-android-arm64	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-darwin-arm64	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-darwin-x64	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-freebsd-arm64	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-freebsd-x64	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-linux-arm-gnueabihf	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-linux-arm-musleabihf	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-linux-arm64-gnu	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-linux-arm64-musl	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-linux-loong64-gnu	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-linux-loong64-musl	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-linux-ppc64-gnu	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-linux-ppc64-musl	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-linux-riscv64-gnu	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-linux-riscv64-musl	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-linux-s390x-gnu	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-linux-x64-gnu	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-linux-x64-musl	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-openbsd-x64	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-openharmony-arm64	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-win32-arm64-msvc	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-win32-ia32-msvc	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-win32-x64-gnu	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@rollup/rollup-win32-x64-msvc	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/@vitest/coverage-v8	4.0.18	Unknown	Unknown
npm/@vitest/expect	4.0.18	Unknown	Unknown
npm/@vitest/mocker	4.0.18	Unknown	Unknown
npm/@vitest/pretty-format	4.0.18	Unknown	Unknown
npm/@vitest/runner	4.0.18	Unknown	Unknown
npm/@vitest/snapshot	4.0.18	Unknown	Unknown
npm/@vitest/spy	4.0.18	Unknown	Unknown
npm/@vitest/utils	4.0.18	Unknown	Unknown
npm/baseline-browser-mapping	2.9.18	Unknown	Unknown
npm/caniuse-lite	1.0.30001766	🟢 4.9	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 13 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 SAST ⚠️ 0 no SAST tool detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 9 1 existing vulnerabilities detected
npm/electron-to-chromium	1.5.278	Unknown	Unknown
npm/lodash	4.17.23	🟢 6.8	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 7 15 out of 21 merged PRs checked by a CI test -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 6 Found 20/30 approved changesets -- score normalized to 6 Contributors 🟢 10 project has 88 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 9 license file detected Maintained 🟢 10 21 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 SAST 🟢 8 SAST tool detected but not run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 77 existing vulnerabilities detected
npm/prettier	3.8.1	🟢 6.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 1/23 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/rollup	4.56.0	🟢 6.1	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 6 4 existing vulnerabilities detected
npm/vitest	4.0.18	Unknown	Unknown

Scanned Files

• pnpm-lock.yaml