Skip to content

Bump the npm group across 2 directories with 7 updates#680

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-c91170b24e
Sep 22, 2025
Merged

Bump the npm group across 2 directories with 7 updates#680
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-c91170b24e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Sep 22, 2025

Copy link
Copy Markdown
Contributor

Bumps the npm group with 7 updates in the / directory:

Package From To
@aws-sdk/client-cloudformation 3.891.0 3.893.0
@eslint/js 9.35.0 9.36.0
@stylistic/eslint-plugin 5.3.1 5.4.0
@types/node 24.5.1 24.5.2
eslint 9.35.0 9.36.0
pnpm 10.17.0 10.17.1
ts-jest 29.4.3 29.4.4

Bumps the npm group with 1 update in the /test directory: @types/node.

Updates @aws-sdk/client-cloudformation from 3.891.0 to 3.893.0

Release notes

Sourced from @​aws-sdk/client-cloudformation's releases.

v3.893.0

3.893.0(2025-09-19)

Chores
Documentation Changes
  • client-sqs: Update invalid character handling documentation for SQS SendMessage API (4ff9d676)
New Features
  • clients: update client endpoints as of 2025-09-19 (3726908c)
  • client-bedrock-agentcore-control: Add tagging and VPC support to AgentCore Runtime, Code Interpreter, and Browser resources. Add support for configuring request headers in Runtime. Fix AgentCore Runtime shape names. (9ab54a28)
  • client-config-service: Add UNKNOWN state to RemediationExecutionState and add IN_PROGRESS/EXITED/UNKNOWN states to RemediationExecutionStepState. (9b89d935)
  • client-connect: This release adds a persistent connection field to UserPhoneConfig that maintains agent's softphone media connection for faster call connections. (59e863ba)
  • client-license-manager-user-subscriptions: Added support for cross-account Active Directories. (22e49d10)
  • client-medialive: Add MinBitrate for QVBR mode under H264/H265/AV1 output codec. Add GopBReference, GopNumBFrames, SubGopLength fields under H265 output codec. (25f22be2)
Tests
  • rekognitionstreaming: remove outdated endpoint tests (#7362) (10b3d03f)

For list of updated packages, view updated-packages.md in assets-3.893.0.zip

v3.892.0

3.892.0(2025-09-18)

Chores
  • scripts: validate no Uint8Array with type parameters are generated by compiler (#7355) (a40013fa)
New Features
  • client-budgets: Added BillingViewHealthStatus Exception which is thrown when a Budget is created or updated with a Billing View that is not in the HEALTHY status (e3e7974e)
  • client-ec2: Allowed AMIs adds support for four new parameters - marketplaceProductCodes, deprecationTimeCondition, creationDateCondition and imageNames (442403cd)
  • client-chime-sdk-messaging: Amazon Chime SDK Messaging GetMessagingSessionEndpoint API now returns dual-stack WebSocket endpoints supporting IPv4/IPv6. (eb921320)
  • client-bedrock: Release includes an increase to the maximum policy build document size, an update to DeleteAutomatedReasoningPolicyBuildWorkflow to add ResourceInUseException, and corrections to UpdateAutomatedReasoningPolicyTestCaseRequest. (b9c1896e)
Tests

... (truncated)

Changelog

Sourced from @​aws-sdk/client-cloudformation's changelog.

3.893.0 (2025-09-19)

Note: Version bump only for package @​aws-sdk/client-cloudformation

Commits

Updates @eslint/js from 9.35.0 to 9.36.0

Release notes

Sourced from @​eslint/js's releases.

v9.36.0

Features

  • 47afcf6 feat: correct preserve-caught-error edge cases (#20109) (Francesco Trotta)

Bug Fixes

  • 75b74d8 fix: add missing rule option types (#20127) (ntnyq)
  • 1c0d850 fix: update eslint-all.js to use Object.freeze for rules object (#20116) (루밀LuMir)
  • 7d61b7f fix: add missing scope types to Scope.type (#20110) (Pixel998)
  • 7a670c3 fix: correct rule option typings in rules.d.ts (#20084) (Pixel998)

Documentation

  • b73ab12 docs: update examples to use defineConfig (#20131) (sethamus)
  • 31d9392 docs: fix typos (#20118) (Pixel998)
  • c7f861b docs: Update README (GitHub Actions Bot)
  • 6b0c08b docs: Update README (GitHub Actions Bot)
  • 91f97c5 docs: Update README (GitHub Actions Bot)

Chores

  • 12411e8 chore: upgrade @​eslint/js@​9.36.0 (#20139) (Milos Djermanovic)
  • 488cba6 chore: package.json update for @​eslint/js release (Jenkins)
  • bac82a2 ci: simplify renovate configuration (#19907) (唯然)
  • c00bb37 ci: bump actions/labeler from 5 to 6 (#20090) (dependabot[bot])
  • fee751d refactor: use defaultOptions in rules (#20121) (Pixel998)
  • 1ace67d chore: update example to use defineConfig (#20111) (루밀LuMir)
  • 4821963 test: add missing loc information to error objects in rule tests (#20112) (루밀LuMir)
  • b42c42e chore: disallow use of deprecated type property in core rule tests (#20094) (Milos Djermanovic)
  • 7bb498d test: remove deprecated type property from core rule tests (#20093) (Pixel998)
  • e10cf2a ci: bump actions/setup-node from 4 to 5 (#20089) (dependabot[bot])
  • 5cb0ce4 refactor: use meta.defaultOptions in preserve-caught-error (#20080) (Pixel998)
  • f9f7cb5 chore: package.json update for eslint-config-eslint release (Jenkins)
  • 81764b2 chore: update eslint peer dependency in eslint-config-eslint (#20079) (Milos Djermanovic)
Changelog

Sourced from @​eslint/js's changelog.

v9.36.0 - September 19, 2025

  • 12411e8 chore: upgrade @​eslint/js@​9.36.0 (#20139) (Milos Djermanovic)
  • 488cba6 chore: package.json update for @​eslint/js release (Jenkins)
  • b73ab12 docs: update examples to use defineConfig (#20131) (sethamus)
  • 47afcf6 feat: correct preserve-caught-error edge cases (#20109) (Francesco Trotta)
  • 75b74d8 fix: add missing rule option types (#20127) (ntnyq)
  • bac82a2 ci: simplify renovate configuration (#19907) (唯然)
  • 1c0d850 fix: update eslint-all.js to use Object.freeze for rules object (#20116) (루밀LuMir)
  • c00bb37 ci: bump actions/labeler from 5 to 6 (#20090) (dependabot[bot])
  • fee751d refactor: use defaultOptions in rules (#20121) (Pixel998)
  • 31d9392 docs: fix typos (#20118) (Pixel998)
  • 7d61b7f fix: add missing scope types to Scope.type (#20110) (Pixel998)
  • 1ace67d chore: update example to use defineConfig (#20111) (루밀LuMir)
  • 4821963 test: add missing loc information to error objects in rule tests (#20112) (루밀LuMir)
  • c7f861b docs: Update README (GitHub Actions Bot)
  • 6b0c08b docs: Update README (GitHub Actions Bot)
  • 7a670c3 fix: correct rule option typings in rules.d.ts (#20084) (Pixel998)
  • b42c42e chore: disallow use of deprecated type property in core rule tests (#20094) (Milos Djermanovic)
  • 7bb498d test: remove deprecated type property from core rule tests (#20093) (Pixel998)
  • 91f97c5 docs: Update README (GitHub Actions Bot)
  • e10cf2a ci: bump actions/setup-node from 4 to 5 (#20089) (dependabot[bot])
  • 5cb0ce4 refactor: use meta.defaultOptions in preserve-caught-error (#20080) (Pixel998)
  • f9f7cb5 chore: package.json update for eslint-config-eslint release (Jenkins)
  • 81764b2 chore: update eslint peer dependency in eslint-config-eslint (#20079) (Milos Djermanovic)
Commits
  • 488cba6 chore: package.json update for @​eslint/js release
  • 1c0d850 fix: update eslint-all.js to use Object.freeze for rules object (#20116)
  • See full diff in compare view

Updates @stylistic/eslint-plugin from 5.3.1 to 5.4.0

Release notes

Sourced from @​stylistic/eslint-plugin's releases.

v5.4.0

5.4.0 (2025-09-19)

Features

  • generator-star-spacing: introduce shorthand to override property function shorthands (#980) (62d7a17)
  • introduce experimental mechanism (#894) (87f09ee)
  • object-curly-spacing: introduce overrides (#898) (2a422b7)

Bug Fixes

  • correctly display the deprecation warning (#967) (094aa48)
  • multiline-comment-style: correctly handle ignored comments (#969) (cad56b2)
  • quote-props: only check ES3 reserved words for keywords option (#964) (bc4810f)
  • update deps (#983) (86596f9)

Documentation

  • indent: introduce assignmentOperator (#974) (8a096a8)
  • max-len: clarify that ignorePattern needs to be a string (#981) (d38b703)

Build Related

  • deps: bump actions/setup-node from 4 to 5 (#976) (2983f00)
Changelog

Sourced from @​stylistic/eslint-plugin's changelog.

5.4.0 (2025-09-19)

Features

  • generator-star-spacing: introduce shorthand to override property function shorthands (#980) (62d7a17)
  • introduce experimental mechanism (#894) (87f09ee)
  • object-curly-spacing: introduce overrides (#898) (2a422b7)

Bug Fixes

  • correctly display the deprecation warning (#967) (094aa48)
  • multiline-comment-style: correctly handle ignored comments (#969) (cad56b2)
  • quote-props: only check ES3 reserved words for keywords option (#964) (bc4810f)
  • update deps (#983) (86596f9)

Documentation

  • indent: introduce assignmentOperator (#974) (8a096a8)
  • max-len: clarify that ignorePattern needs to be a string (#981) (d38b703)

Build Related

  • deps: bump actions/setup-node from 4 to 5 (#976) (2983f00)
Commits
  • 04da3bb chore: release v5.4.0 (main) (#973)
  • 86596f9 fix: update deps (#983)
  • d38b703 docs(max-len): clarify that ignorePattern needs to be a string (#981)
  • 62d7a17 feat(generator-star-spacing): introduce shorthand to override property func...
  • 2a422b7 feat(object-curly-spacing): introduce overrides (#898)
  • 87f09ee feat: introduce experimental mechanism (#894)
  • 8a096a8 docs(indent): introduce assignmentOperator (#974)
  • 094aa48 fix: correctly display the deprecation warning (#967)
  • cad56b2 fix(multiline-comment-style): correctly handle ignored comments (#969)
  • bc4810f fix(quote-props): only check ES3 reserved words for keywords option (#964)
  • See full diff in compare view

Updates @types/node from 24.5.1 to 24.5.2

Commits

Updates eslint from 9.35.0 to 9.36.0

Release notes

Sourced from eslint's releases.

v9.36.0

Features

  • 47afcf6 feat: correct preserve-caught-error edge cases (#20109) (Francesco Trotta)

Bug Fixes

  • 75b74d8 fix: add missing rule option types (#20127) (ntnyq)
  • 1c0d850 fix: update eslint-all.js to use Object.freeze for rules object (#20116) (루밀LuMir)
  • 7d61b7f fix: add missing scope types to Scope.type (#20110) (Pixel998)
  • 7a670c3 fix: correct rule option typings in rules.d.ts (#20084) (Pixel998)

Documentation

  • b73ab12 docs: update examples to use defineConfig (#20131) (sethamus)
  • 31d9392 docs: fix typos (#20118) (Pixel998)
  • c7f861b docs: Update README (GitHub Actions Bot)
  • 6b0c08b docs: Update README (GitHub Actions Bot)
  • 91f97c5 docs: Update README (GitHub Actions Bot)

Chores

  • 12411e8 chore: upgrade @​eslint/js@​9.36.0 (#20139) (Milos Djermanovic)
  • 488cba6 chore: package.json update for @​eslint/js release (Jenkins)
  • bac82a2 ci: simplify renovate configuration (#19907) (唯然)
  • c00bb37 ci: bump actions/labeler from 5 to 6 (#20090) (dependabot[bot])
  • fee751d refactor: use defaultOptions in rules (#20121) (Pixel998)
  • 1ace67d chore: update example to use defineConfig (#20111) (루밀LuMir)
  • 4821963 test: add missing loc information to error objects in rule tests (#20112) (루밀LuMir)
  • b42c42e chore: disallow use of deprecated type property in core rule tests (#20094) (Milos Djermanovic)
  • 7bb498d test: remove deprecated type property from core rule tests (#20093) (Pixel998)
  • e10cf2a ci: bump actions/setup-node from 4 to 5 (#20089) (dependabot[bot])
  • 5cb0ce4 refactor: use meta.defaultOptions in preserve-caught-error (#20080) (Pixel998)
  • f9f7cb5 chore: package.json update for eslint-config-eslint release (Jenkins)
  • 81764b2 chore: update eslint peer dependency in eslint-config-eslint (#20079) (Milos Djermanovic)
Changelog

Sourced from eslint's changelog.

v9.36.0 - September 19, 2025

  • 12411e8 chore: upgrade @​eslint/js@​9.36.0 (#20139) (Milos Djermanovic)
  • 488cba6 chore: package.json update for @​eslint/js release (Jenkins)
  • b73ab12 docs: update examples to use defineConfig (#20131) (sethamus)
  • 47afcf6 feat: correct preserve-caught-error edge cases (#20109) (Francesco Trotta)
  • 75b74d8 fix: add missing rule option types (#20127) (ntnyq)
  • bac82a2 ci: simplify renovate configuration (#19907) (唯然)
  • 1c0d850 fix: update eslint-all.js to use Object.freeze for rules object (#20116) (루밀LuMir)
  • c00bb37 ci: bump actions/labeler from 5 to 6 (#20090) (dependabot[bot])
  • fee751d refactor: use defaultOptions in rules (#20121) (Pixel998)
  • 31d9392 docs: fix typos (#20118) (Pixel998)
  • 7d61b7f fix: add missing scope types to Scope.type (#20110) (Pixel998)
  • 1ace67d chore: update example to use defineConfig (#20111) (루밀LuMir)
  • 4821963 test: add missing loc information to error objects in rule tests (#20112) (루밀LuMir)
  • c7f861b docs: Update README (GitHub Actions Bot)
  • 6b0c08b docs: Update README (GitHub Actions Bot)
  • 7a670c3 fix: correct rule option typings in rules.d.ts (#20084) (Pixel998)
  • b42c42e chore: disallow use of deprecated type property in core rule tests (#20094) (Milos Djermanovic)
  • 7bb498d test: remove deprecated type property from core rule tests (#20093) (Pixel998)
  • 91f97c5 docs: Update README (GitHub Actions Bot)
  • e10cf2a ci: bump actions/setup-node from 4 to 5 (#20089) (dependabot[bot])
  • 5cb0ce4 refactor: use meta.defaultOptions in preserve-caught-error (#20080) (Pixel998)
  • f9f7cb5 chore: package.json update for eslint-config-eslint release (Jenkins)
  • 81764b2 chore: update eslint peer dependency in eslint-config-eslint (#20079) (Milos Djermanovic)
Commits

Updates pnpm from 10.17.0 to 10.17.1

Release notes

Sourced from pnpm's releases.

pnpm 10.17.1

Patch Changes

  • When a version specifier cannot be resolved because the versions don't satisfy the minimumReleaseAge setting, print this information out in the error message #9974.
  • Fix state.json creation path when executing pnpm patch in a workspace project #9733.
  • When minimumReleaseAge is set and the latest tag is not mature enough, prefer a non-deprecated version as the new latest #9987.

Platinum Sponsors

Gold Sponsors

... (truncated)

Changelog

Sourced from pnpm's changelog.

10.17.1

Patch Changes

  • When a version specifier cannot be resolved because the versions don't satisfy the minimumReleaseAge setting, print this information out in the error message #9974.
  • Fix state.json creation path when executing pnpm patch in a workspace project #9733.
  • When minimumReleaseAge is set and the latest tag is not mature enough, prefer a non-deprecated version as the new latest #9987.
Commits

Updates ts-jest from 29.4.3 to 29.4.4

Release notes

Sourced from ts-jest's releases.

v29.4.4

Please refer to CHANGELOG.md for details.

Changelog

Sourced from ts-jest's changelog.

29.4.4 (2025-09-19)

Bug Fixes

Commits
  • 89a4f9f chore(release): 29.4.4
  • 25cb706 Revert "fix: introduce transpilation option to replace isolatedModules op...
  • 8a7e4c2 build(deps): Update dependency ts-jest to ^29.4.3
  • 51a5a92 build(deps): Update dependency @​types/node to v20.19.17
  • See full diff in compare view

Updates @types/node from 24.5.1 to 24.5.2

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the npm group across 2 directories with 7 updates
9c0593d 
Bumps the npm group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@aws-sdk/client-cloudformation](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-cloudformation) | `3.891.0` | `3.893.0` |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.35.0` | `9.36.0` |
| [@stylistic/eslint-plugin](https://github.com/eslint-stylistic/eslint-stylistic/tree/HEAD/packages/eslint-plugin) | `5.3.1` | `5.4.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.5.1` | `24.5.2` |
| [eslint](https://github.com/eslint/eslint) | `9.35.0` | `9.36.0` |
| [pnpm](https://github.com/pnpm/pnpm/tree/HEAD/pnpm) | `10.17.0` | `10.17.1` |
| [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.4.3` | `29.4.4` |

Bumps the npm group with 1 update in the /test directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node).


Updates `@aws-sdk/client-cloudformation` from 3.891.0 to 3.893.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-cloudformation/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.893.0/clients/client-cloudformation)

Updates `@eslint/js` from 9.35.0 to 9.36.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.36.0/packages/js)

Updates `@stylistic/eslint-plugin` from 5.3.1 to 5.4.0
- [Release notes](https://github.com/eslint-stylistic/eslint-stylistic/releases)
- [Changelog](https://github.com/eslint-stylistic/eslint-stylistic/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint-stylistic/eslint-stylistic/commits/v5.4.0/packages/eslint-plugin)

Updates `@types/node` from 24.5.1 to 24.5.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint` from 9.35.0 to 9.36.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](eslint/eslint@v9.35.0...v9.36.0)

Updates `pnpm` from 10.17.0 to 10.17.1
- [Release notes](https://github.com/pnpm/pnpm/releases)
- [Changelog](https://github.com/pnpm/pnpm/blob/main/pnpm/CHANGELOG.md)
- [Commits](https://github.com/pnpm/pnpm/commits/v10.17.1/pnpm)

Updates `ts-jest` from 29.4.3 to 29.4.4
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](kulshekhar/ts-jest@v29.4.3...v29.4.4)

Updates `@types/node` from 24.5.1 to 24.5.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@aws-sdk/client-cloudformation"
  dependency-version: 3.893.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@eslint/js"
  dependency-version: 9.36.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@stylistic/eslint-plugin"
  dependency-version: 5.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@types/node"
  dependency-version: 24.5.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: eslint
  dependency-version: 9.36.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: pnpm
  dependency-version: 10.17.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: ts-jest
  dependency-version: 29.4.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@types/node"
  dependency-version: 24.5.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Sep 22, 2025
@github-actions github-actions Bot enabled auto-merge (squash) September 22, 2025 21:32
@github-actions

github-actions Bot commented Sep 22, 2025

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@aws-sdk/client-cloudformation ^3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@eslint/js ^9.36.0 🟢 6.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 7Found 23/30 approved changesets -- score normalized to 7
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
npm/@stylistic/eslint-plugin ^5.4.0 UnknownUnknown
npm/eslint ^9.36.0 🟢 6.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 7Found 23/30 approved changesets -- score normalized to 7
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
npm/pnpm ^10.17.1 🟢 6
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Code-Review🟢 5Found 16/30 approved changesets -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Maintained🟢 1030 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Binary-Artifacts🟢 10no binaries found in the repo
SAST🟢 9SAST tool detected but not run on all commits
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 0123 existing vulnerabilities detected
npm/ts-jest ^29.4.4 🟢 6.3
Details
CheckScoreReason
Code-Review⚠️ -1Found no human activity in the last 30 changesets
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 73 existing vulnerabilities detected
npm/@aws-sdk/client-cloudformation 3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/client-sso 3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/core 3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/credential-provider-env 3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/credential-provider-http 3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/credential-provider-ini 3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/credential-provider-node 3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/credential-provider-process 3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/credential-provider-sso 3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/credential-provider-web-identity 3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/middleware-host-header 3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/middleware-logger 3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/middleware-recursion-detection 3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/middleware-user-agent 3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/nested-clients 3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/region-config-resolver 3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/token-providers 3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/types 3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/util-endpoints 3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/util-locate-window 3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/util-user-agent-browser 3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/util-user-agent-node 3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@aws-sdk/xml-builder 3.893.0 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 2Found 8/30 approved changesets -- score normalized to 2
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
Binary-Artifacts🟢 8binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
npm/@eslint/js 9.36.0 🟢 6.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 7Found 23/30 approved changesets -- score normalized to 7
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
npm/@stylistic/eslint-plugin 5.4.0 UnknownUnknown
npm/eslint 9.36.0 🟢 6.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 7Found 23/30 approved changesets -- score normalized to 7
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
npm/pnpm 10.17.1 🟢 6
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Code-Review🟢 5Found 16/30 approved changesets -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Maintained🟢 1030 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Binary-Artifacts🟢 10no binaries found in the repo
SAST🟢 9SAST tool detected but not run on all commits
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 0123 existing vulnerabilities detected
npm/ts-jest 29.4.4 🟢 6.3
Details
CheckScoreReason
Code-Review⚠️ -1Found no human activity in the last 30 changesets
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 73 existing vulnerabilities detected
npm/@types/node ^24.5.2 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 6Found 19/29 approved changesets -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed

Scanned Files

  • package.json
  • pnpm-lock.yaml
  • test/package.json

@github-actions github-actions Bot merged commit 4ab5997 into main Sep 22, 2025
4 checks passed
@github-actions github-actions Bot deleted the dependabot/npm_and_yarn/npm-c91170b24e branch September 22, 2025 21:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants