Skip to content

Bump the npm group with 8 updates#2113

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-41dc16154a
Jan 30, 2026
Merged

Bump the npm group with 8 updates#2113
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-41dc16154a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jan 30, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm group with 8 updates:

Package From To
typescript-eslint 8.53.1 8.54.0
@typescript-eslint/eslint-plugin 8.53.1 8.54.0
@typescript-eslint/parser 8.53.1 8.54.0
@typescript-eslint/type-utils 8.53.1 8.54.0
@typescript-eslint/utils 8.53.1 8.54.0
@typescript-eslint/visitor-keys 8.53.1 8.54.0
baseline-browser-mapping 2.9.18 2.9.19
electron-to-chromium 1.5.278 1.5.279

Updates typescript-eslint from 8.53.1 to 8.54.0

Release notes

Sourced from typescript-eslint's releases.

v8.54.0

8.54.0 (2026-01-26)

🚀 Features

  • eslint-plugin-internal: add prefer-tsutils-methods rule (#11974, #11625)
  • scope-manager: support ScopeManager#addGlobals (#11914)
  • typescript-estree: add shortcut methods to ParserServicesWithTypeInformation (#11965, #11955)

🩹 Fixes

  • eslint-plugin: [no-unused-private-class-members] private destructured class member is defined but used (#11785)
  • eslint-plugin: [no-unnecessary-type-assertion] check both base constraint and actual type for non-null assertions (#11967, #11559)
  • scope-manager: fix catch clause scopes def.name (#11982)
  • scope-manager: prevent misidentification of "use strict" directives (#11995)
  • utils: handle missing FlatESLint and LegacyESLint (#11958)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.54.0 (2026-01-26)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

Updates @typescript-eslint/eslint-plugin from 8.53.1 to 8.54.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.54.0

8.54.0 (2026-01-26)

🚀 Features

  • eslint-plugin-internal: add prefer-tsutils-methods rule (#11974, #11625)
  • scope-manager: support ScopeManager#addGlobals (#11914)
  • typescript-estree: add shortcut methods to ParserServicesWithTypeInformation (#11965, #11955)

🩹 Fixes

  • eslint-plugin: [no-unused-private-class-members] private destructured class member is defined but used (#11785)
  • eslint-plugin: [no-unnecessary-type-assertion] check both base constraint and actual type for non-null assertions (#11967, #11559)
  • scope-manager: fix catch clause scopes def.name (#11982)
  • scope-manager: prevent misidentification of "use strict" directives (#11995)
  • utils: handle missing FlatESLint and LegacyESLint (#11958)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.54.0 (2026-01-26)

🚀 Features

  • eslint-plugin-internal: add prefer-tsutils-methods rule (#11974, #11625)
  • typescript-estree: add shortcut methods to ParserServicesWithTypeInformation (#11965, #11955)

🩹 Fixes

  • eslint-plugin: [no-unnecessary-type-assertion] check both base constraint and actual type for non-null assertions (#11967, #11559)
  • deps: update dependency prettier to v3.8.0 (#11991)
  • scope-manager: fix catch clause scopes def.name (#11982)
  • eslint-plugin: [no-unused-private-class-members] private destructured class member is defined but used (#11785)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Commits
  • d423e57 chore(release): publish 8.54.0
  • 80e33ff feat(eslint-plugin-internal): add prefer-tsutils-methods rule (#11974)
  • ec4f73a feat(typescript-estree): add shortcut methods to ParserServicesWithTypeInform...
  • d32f909 test(eslint-plugin): skip rules tests in windows ci (#11988)
  • 17fa993 test(eslint-plugin): improve vitest performance with isolate: false (#11754)
  • 1c66ab4 fix(eslint-plugin): [no-unnecessary-type-assertion] check both base constrain...
  • aaa7ca2 fix(deps): update dependency prettier to v3.8.0 (#11991)
  • d50aa18 fix(scope-manager): fix catch clause scopes def.name (#11982)
  • 4c0b379 fix(eslint-plugin): [no-unused-private-class-members] private destructured cl...
  • See full diff in compare view

Updates @typescript-eslint/parser from 8.53.1 to 8.54.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.54.0

8.54.0 (2026-01-26)

🚀 Features

  • eslint-plugin-internal: add prefer-tsutils-methods rule (#11974, #11625)
  • scope-manager: support ScopeManager#addGlobals (#11914)
  • typescript-estree: add shortcut methods to ParserServicesWithTypeInformation (#11965, #11955)

🩹 Fixes

  • eslint-plugin: [no-unused-private-class-members] private destructured class member is defined but used (#11785)
  • eslint-plugin: [no-unnecessary-type-assertion] check both base constraint and actual type for non-null assertions (#11967, #11559)
  • scope-manager: fix catch clause scopes def.name (#11982)
  • scope-manager: prevent misidentification of "use strict" directives (#11995)
  • utils: handle missing FlatESLint and LegacyESLint (#11958)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.54.0 (2026-01-26)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

Updates @typescript-eslint/type-utils from 8.53.1 to 8.54.0

Release notes

Sourced from @​typescript-eslint/type-utils's releases.

v8.54.0

8.54.0 (2026-01-26)

🚀 Features

  • eslint-plugin-internal: add prefer-tsutils-methods rule (#11974, #11625)
  • scope-manager: support ScopeManager#addGlobals (#11914)
  • typescript-estree: add shortcut methods to ParserServicesWithTypeInformation (#11965, #11955)

🩹 Fixes

  • eslint-plugin: [no-unused-private-class-members] private destructured class member is defined but used (#11785)
  • eslint-plugin: [no-unnecessary-type-assertion] check both base constraint and actual type for non-null assertions (#11967, #11559)
  • scope-manager: fix catch clause scopes def.name (#11982)
  • scope-manager: prevent misidentification of "use strict" directives (#11995)
  • utils: handle missing FlatESLint and LegacyESLint (#11958)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/type-utils's changelog.

8.54.0 (2026-01-26)

🚀 Features

  • eslint-plugin-internal: add prefer-tsutils-methods rule (#11974, #11625)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Commits

Updates @typescript-eslint/utils from 8.53.1 to 8.54.0

Release notes

Sourced from @​typescript-eslint/utils's releases.

v8.54.0

8.54.0 (2026-01-26)

🚀 Features

  • eslint-plugin-internal: add prefer-tsutils-methods rule (#11974, #11625)
  • scope-manager: support ScopeManager#addGlobals (#11914)
  • typescript-estree: add shortcut methods to ParserServicesWithTypeInformation (#11965, #11955)

🩹 Fixes

  • eslint-plugin: [no-unused-private-class-members] private destructured class member is defined but used (#11785)
  • eslint-plugin: [no-unnecessary-type-assertion] check both base constraint and actual type for non-null assertions (#11967, #11559)
  • scope-manager: fix catch clause scopes def.name (#11982)
  • scope-manager: prevent misidentification of "use strict" directives (#11995)
  • utils: handle missing FlatESLint and LegacyESLint (#11958)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/utils's changelog.

8.54.0 (2026-01-26)

🩹 Fixes

  • utils: handle missing FlatESLint and LegacyESLint (#11958)

❤️ Thank You

  • Francesco Trotta
  • Josh Goldberg

You can read about our versioning strategy and releases on our website.

Commits

Updates @typescript-eslint/visitor-keys from 8.53.1 to 8.54.0

Release notes

Sourced from @​typescript-eslint/visitor-keys's releases.

v8.54.0

8.54.0 (2026-01-26)

🚀 Features

  • eslint-plugin-internal: add prefer-tsutils-methods rule (#11974, #11625)
  • scope-manager: support ScopeManager#addGlobals (#11914)
  • typescript-estree: add shortcut methods to ParserServicesWithTypeInformation (#11965, #11955)

🩹 Fixes

  • eslint-plugin: [no-unused-private-class-members] private destructured class member is defined but used (#11785)
  • eslint-plugin: [no-unnecessary-type-assertion] check both base constraint and actual type for non-null assertions (#11967, #11559)
  • scope-manager: fix catch clause scopes def.name (#11982)
  • scope-manager: prevent misidentification of "use strict" directives (#11995)
  • utils: handle missing FlatESLint and LegacyESLint (#11958)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/visitor-keys's changelog.

8.54.0 (2026-01-26)

This was a version bump only for visitor-keys to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

Updates baseline-browser-mapping from 2.9.18 to 2.9.19

Release notes

Sourced from baseline-browser-mapping's releases.

v2.9.3 - remove process.loadEnvFile()

What's Changed

Full Changelog: web-platform-dx/baseline-browser-mapping@v2.9.2...v2.9.3

Commits

Updates electron-to-chromium from 1.5.278 to 1.5.279

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the npm group with 8 updates
1fd53dd 
Bumps the npm group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.53.1` | `8.54.0` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.53.1` | `8.54.0` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.53.1` | `8.54.0` |
| [@typescript-eslint/type-utils](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/type-utils) | `8.53.1` | `8.54.0` |
| [@typescript-eslint/utils](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/utils) | `8.53.1` | `8.54.0` |
| [@typescript-eslint/visitor-keys](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/visitor-keys) | `8.53.1` | `8.54.0` |
| [baseline-browser-mapping](https://github.com/web-platform-dx/baseline-browser-mapping) | `2.9.18` | `2.9.19` |
| [electron-to-chromium](https://github.com/kilian/electron-to-chromium) | `1.5.278` | `1.5.279` |


Updates `typescript-eslint` from 8.53.1 to 8.54.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.54.0/packages/typescript-eslint)

Updates `@typescript-eslint/eslint-plugin` from 8.53.1 to 8.54.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.54.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.53.1 to 8.54.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.54.0/packages/parser)

Updates `@typescript-eslint/type-utils` from 8.53.1 to 8.54.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/type-utils/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.54.0/packages/type-utils)

Updates `@typescript-eslint/utils` from 8.53.1 to 8.54.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/utils/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.54.0/packages/utils)

Updates `@typescript-eslint/visitor-keys` from 8.53.1 to 8.54.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/visitor-keys/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.54.0/packages/visitor-keys)

Updates `baseline-browser-mapping` from 2.9.18 to 2.9.19
- [Release notes](https://github.com/web-platform-dx/baseline-browser-mapping/releases)
- [Commits](web-platform-dx/baseline-browser-mapping@v2.9.18...v2.9.19)

Updates `electron-to-chromium` from 1.5.278 to 1.5.279
- [Changelog](https://github.com/Kilian/electron-to-chromium/blob/master/CHANGELOG.md)
- [Commits](Kilian/electron-to-chromium@v1.5.278...v1.5.279)

---
updated-dependencies:
- dependency-name: typescript-eslint
  dependency-version: 8.54.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.54.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.54.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/type-utils"
  dependency-version: 8.54.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/utils"
  dependency-version: 8.54.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/visitor-keys"
  dependency-version: 8.54.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: baseline-browser-mapping
  dependency-version: 2.9.19
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: electron-to-chromium
  dependency-version: 1.5.279
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 30, 2026
@github-actions github-actions Bot enabled auto-merge (squash) January 30, 2026 01:52
@github-actions

github-actions Bot commented Jan 30, 2026

Copy link
Copy Markdown
Contributor

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

License Issues

pnpm-lock.yaml

PackageVersionLicenseIssue Type
@types/node25.1.0NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@types/node 25.1.0 🟢 7
Details
CheckScoreReason
Code-Review🟢 9Found 26/28 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
npm/@typescript-eslint/eslint-plugin 8.54.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 16/19 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 041 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/parser 8.54.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 16/19 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 041 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/project-service 8.54.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 16/19 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 041 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/scope-manager 8.54.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 16/19 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 041 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/tsconfig-utils 8.54.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 16/19 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 041 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/type-utils 8.54.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 16/19 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 041 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/types 8.54.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 16/19 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 041 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/typescript-estree 8.54.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 16/19 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 041 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/utils 8.54.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 16/19 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 041 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/visitor-keys 8.54.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 16/19 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 041 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/baseline-browser-mapping 2.9.19 UnknownUnknown
npm/electron-to-chromium 1.5.279 UnknownUnknown
npm/typescript-eslint 8.54.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 16/19 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 041 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • pnpm-lock.yaml

@github-actions github-actions Bot merged commit 0967f4c into main Jan 30, 2026
5 checks passed
@github-actions github-actions Bot deleted the dependabot/npm_and_yarn/npm-41dc16154a branch January 30, 2026 01:52
@github-actions github-actions Bot mentioned this pull request Feb 22, 2026
Closed
@my-pull-request-auto-merge my-pull-request-auto-merge Bot mentioned this pull request Feb 22, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

@poad poad

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@poad