Bump the npm group with 6 updates by dependabot[bot] · Pull Request #2120 · poad/appstore-connect-jwt-generator-cli

dependabot · 2026-02-09T01:53:38Z

Bumps the npm group with 6 updates:

Package	From	To
@types/node	`25.2.0`	`25.2.1`
eslint-plugin-jest	`29.12.1`	`29.12.2`
caniuse-lite	`1.0.30001767`	`1.0.30001769`
esbuild	`0.27.2`	`0.27.3`
get-tsconfig	`4.13.1`	`4.13.6`
magicast	`0.5.1`	`0.5.2`

Updates @types/node from 25.2.0 to 25.2.1

Commits

See full diff in compare view

Updates eslint-plugin-jest from 29.12.1 to 29.12.2

Release notes

Sourced from eslint-plugin-jest's releases.

v29.12.2

29.12.2 (2026-02-03)

Bug Fixes

add optional peer dependency on TypeScript (#1926) (82e3b04)

Changelog

Sourced from eslint-plugin-jest's changelog.

29.12.2 (2026-02-03)

Bug Fixes

add optional peer dependency on TypeScript (#1926) (82e3b04)

Commits

4acda62 chore(release): 29.12.2 [skip ci]
82e3b04 fix: add optional peer dependency on TypeScript (#1926)
10501cf chore(deps): update workflows (#1922)
d3958b0 chore(deps): lock file maintenance (#1925)
410f511 chore(deps): lock file maintenance (#1924)
b2e6d5e chore(deps): lock file maintenance (#1923)
5e2cffb chore: update eslint-plugin-eslint-comments (#1921)
5f3a010 chore(deps): lock file maintenance (#1920)
5a9bf66 chore(deps): lock file maintenance (#1919)
See full diff in compare view

Updates caniuse-lite from 1.0.30001767 to 1.0.30001769

Commits

fc9cfa6 Update caniuse-db 1.0.30001769
2885f43 Update caniuse-db 1.0.30001768
See full diff in compare view

Updates esbuild from 0.27.2 to 0.27.3

Release notes

Sourced from esbuild's releases.

v0.27.3
Preserve URL fragments in data URLs (#4370)

Consider the following HTML, CSS, and SVG:
index.html:
<!DOCTYPE html>
<html>
  <head><link rel="stylesheet" href="icons.css"></head>
  <body><div class="triangle"></div></body>
</html>
icons.css:
.triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
  clip-path: url(./triangle.svg#x);
}
triangle.svg:
<svg xmlns="http://www.w3.org/2000/svg">
  <defs>
    <clipPath id="x">
      <path d="M0 0H10V10Z"/>
    </clipPath>
  </defs>
</svg>
The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:
/* icons.css */
.triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
  clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
}

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.27.3
Preserve URL fragments in data URLs (#4370)

Consider the following HTML, CSS, and SVG:
index.html:
<!DOCTYPE html>
<html>
  <head><link rel="stylesheet" href="icons.css"></head>
  <body><div class="triangle"></div></body>
</html>
icons.css:
.triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
  clip-path: url(./triangle.svg#x);
}
triangle.svg:
<svg xmlns="http://www.w3.org/2000/svg">
  <defs>
    <clipPath id="x">
      <path d="M0 0H10V10Z"/>
    </clipPath>
  </defs>
</svg>
The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:
/* icons.css */
.triangle {
  width: 10px;
  height: 10px;
  background: currentColor;
  clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
}

... (truncated)

Commits

9129e00 publish 0.27.3 to npm
e20e411 small fix to release notes
0dc0f2d fix #4322: parse and print CSS @scope rules
55fe391 update firefox css gradient support
2c35297 update gradient lowering transform
9209e44 Update Go to 1.25.7 (#4388)
e8d861b close #4374: compat table for the using feature
19b8887 no longer need williamkapke/node-compat-table
7e44218 the kangax/compat-table repo moved to a new url
23b9338 run make update-compat-table
Additional commits viewable in compare view

Updates get-tsconfig from 4.13.1 to 4.13.6

Release notes

Sourced from get-tsconfig's releases.

v4.13.6

4.13.6 (2026-02-06)

Bug Fixes

parse-tsconfig: don't add outDir to exclude when exclude is specified (#89) (0fb1515)

v4.13.5

4.13.5 (2026-02-06)

Bug Fixes

paths-matcher: restore baseUrl fallback when paths is defined (4b1f443)

v4.13.4

4.13.4 (2026-02-06)

Bug Fixes

parse-tsconfig: add implied options for composite (f66fe4f)

parse-tsconfig: add resolveJsonModule for nodenext (302bf82)

parse-tsconfig: add support for module node18 and node20 (91ee298)

parse-tsconfig: imply allowJs when checkJs is true (0d47cda)

parse-tsconfig: normalize enum values to lowercase (5161aa9)

parse-tsconfig: normalize lib values to lowercase (ac0a43e)

parse-tsconfig: normalize watchOptions enum values to lowercase (93be14d)

parse-tsconfig: only imply useDefineForClassFields when target >= ES2022 (d5bd715)

parse-tsconfig: treat es3 as unset for useDefineForClassFields (4967924)

paths-matcher: don't fallback to baseUrl when paths is defined (ce98dff), closes #65

v4.13.3

4.13.3 (2026-02-05)

Bug Fixes

parse-tsconfig: resolve watchOptions.excludeFiles to absolute paths (#106) (4adcbc6)

v4.13.2

4.13.2 (2026-02-05)

Bug Fixes

paths-matcher: allow absolute paths from ${configDir} resolution (#105) (4b3c4b6)

Commits

0fb1515 fix(parse-tsconfig): don't add outDir to exclude when exclude is specified (#89)
4b1f443 fix(paths-matcher): restore baseUrl fallback when paths is defined
4967924 fix(parse-tsconfig): treat es3 as unset for useDefineForClassFields
ce98dff fix(paths-matcher): don't fallback to baseUrl when paths is defined
93be14d fix(parse-tsconfig): normalize watchOptions enum values to lowercase
5161aa9 fix(parse-tsconfig): normalize enum values to lowercase
0d47cda fix(parse-tsconfig): imply allowJs when checkJs is true
91ee298 fix(parse-tsconfig): add support for module node18 and node20
d5bd715 fix(parse-tsconfig): only imply useDefineForClassFields when target >= ES2022
302bf82 fix(parse-tsconfig): add resolveJsonModule for nodenext
Additional commits viewable in compare view

Updates magicast from 0.5.1 to 0.5.2

Release notes

Sourced from magicast's releases.

v0.5.2

🚀 Features

Add magicast/core export - by @Isumhal in unjs/magicast#147 (a56f4)

View changes on GitHub

Commits

12917c0 chore: release v0.5.2
410883b chore: update deps
a56f4ef feat: add magicast/core export (#147)
35da7d9 chore: add pkg-pr-new workflow (#142)
bc39eb8 chore(deps): update all non-major dependencies (#117)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the npm group with 6 updates: | Package | From | To | | --- | --- | --- | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.2.0` | `25.2.1` | | [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) | `29.12.1` | `29.12.2` | | [caniuse-lite](https://github.com/browserslist/caniuse-lite) | `1.0.30001767` | `1.0.30001769` | | [esbuild](https://github.com/evanw/esbuild) | `0.27.2` | `0.27.3` | | [get-tsconfig](https://github.com/privatenumber/get-tsconfig) | `4.13.1` | `4.13.6` | | [magicast](https://github.com/unjs/magicast) | `0.5.1` | `0.5.2` | Updates `@types/node` from 25.2.0 to 25.2.1 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `eslint-plugin-jest` from 29.12.1 to 29.12.2 - [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases) - [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md) - [Commits](jest-community/eslint-plugin-jest@v29.12.1...v29.12.2) Updates `caniuse-lite` from 1.0.30001767 to 1.0.30001769 - [Commits](browserslist/caniuse-lite@1.0.30001767...1.0.30001769) Updates `esbuild` from 0.27.2 to 0.27.3 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](evanw/esbuild@v0.27.2...v0.27.3) Updates `get-tsconfig` from 4.13.1 to 4.13.6 - [Release notes](https://github.com/privatenumber/get-tsconfig/releases) - [Commits](privatenumber/get-tsconfig@v4.13.1...v4.13.6) Updates `magicast` from 0.5.1 to 0.5.2 - [Release notes](https://github.com/unjs/magicast/releases) - [Changelog](https://github.com/unjs/magicast/blob/main/CHANGELOG.md) - [Commits](unjs/magicast@v0.5.1...v0.5.2) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.2.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm - dependency-name: eslint-plugin-jest dependency-version: 29.12.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm - dependency-name: caniuse-lite dependency-version: 1.0.30001769 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm - dependency-name: esbuild dependency-version: 0.27.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm - dependency-name: get-tsconfig dependency-version: 4.13.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm - dependency-name: magicast dependency-version: 0.5.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: npm ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-02-09T01:53:52Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/@esbuild/aix-ppc64

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/android-arm

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/android-arm64

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/android-x64

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/darwin-arm64

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/darwin-x64

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/freebsd-arm64

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/freebsd-x64

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/linux-arm

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/linux-arm64

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/linux-ia32

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/linux-loong64

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/linux-mips64el

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/linux-ppc64

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/linux-riscv64

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/linux-s390x

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/linux-x64

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/netbsd-arm64

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/netbsd-x64

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/openbsd-arm64

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/openbsd-x64

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/openharmony-arm64

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/sunos-x64

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/win32-arm64

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/win32-ia32

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@esbuild/win32-x64

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/@types/node

25.2.1

🟢 6.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 7	Found 23/29 approved changesets -- score normalized to 7
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Fuzzing	⚠️ 0	project is not fuzzed

npm/@types/node

25.2.2

🟢 6.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 7	Found 23/29 approved changesets -- score normalized to 7
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 9	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Fuzzing	⚠️ 0	project is not fuzzed

npm/caniuse-lite

1.0.30001769

🟢 4.8

Details

Check	Score	Reason
Maintained	🟢 10	13 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
SAST	⚠️ 0	no SAST tool detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 10	all dependencies are pinned
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

npm/esbuild

0.27.3

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	🟢 10	30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/eslint-plugin-jest

29.12.2

🟢 5.2

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 10	30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

npm/get-tsconfig

4.13.6

Unknown

npm/magicast

0.5.2

Unknown

npm/semver

7.7.4

🟢 6.6

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 5	5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 8	SAST tool detected but not run on all commits

Scanned Files

pnpm-lock.yaml

dependabot Bot assigned poad Feb 9, 2026

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 9, 2026

github-actions Bot approved these changes Feb 9, 2026

View reviewed changes

github-actions Bot enabled auto-merge (squash) February 9, 2026 01:53

github-actions Bot merged commit 6964c59 into main Feb 9, 2026
5 checks passed

github-actions Bot deleted the dependabot/npm_and_yarn/npm-628f2eef13 branch February 9, 2026 01:54

github-actions Bot mentioned this pull request Feb 22, 2026

Release v1.1.2 #2129

Closed

my-pull-request-auto-merge Bot mentioned this pull request Feb 22, 2026

Release v1.1.2 #2130

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm group with 6 updates#2120

Bump the npm group with 6 updates#2120
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-628f2eef13

dependabot Bot commented on behalf of github Feb 9, 2026

Uh oh!

github-actions Bot commented Feb 9, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Feb 9, 2026

v29.12.2

29.12.2 (2026-02-03)

Bug Fixes

29.12.2 (2026-02-03)

Bug Fixes

v0.27.3

0.27.3

v4.13.6

4.13.6 (2026-02-06)

Bug Fixes

v4.13.5

4.13.5 (2026-02-06)

Bug Fixes

v4.13.4

4.13.4 (2026-02-06)

Bug Fixes

v4.13.3

4.13.3 (2026-02-05)

Bug Fixes

v4.13.2

4.13.2 (2026-02-05)

Bug Fixes

v0.5.2

🚀 Features

View changes on GitHub

Uh oh!

github-actions Bot commented Feb 9, 2026

Dependency Review

OpenSSF Scorecard

Scanned Files

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant