Bump the npm group across 2 directories with 6 updates

[dependabot]

Bumps the npm group with 6 updates in the / directory:

Package	From	To
@aws-sdk/client-cloudformation	3.1021.0	3.1024.0
@types/node	25.5.0	25.5.2
eslint	10.1.0	10.2.0
ts-jest	29.4.6	29.4.9
aws-cdk-lib	2.246.0	2.248.0
aws-cdk	2.1115.1	2.1117.0

Bumps the npm group with 3 updates in the /test directory: @types/node, aws-cdk-lib and aws-cdk.

Updates @aws-sdk/client-cloudformation from 3.1021.0 to 3.1024.0

Release notes

Sourced from @​aws-sdk/client-cloudformation's releases.

v3.1024.0

3.1024.0(2026-04-03)

Documentation Changes

• client-organizations: Updates close Account quota for member accounts in an Organization. (4bc933f4)
• client-bedrock-agentcore-control: Documentation Update for Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets. (96ae995b)

New Features

• client-bedrock-agent: Added strict parameter to ToolSpecification to allow users to enforce strict JSON schema adherence for tool input schemas. (2d57cd61)
• client-medialive: AWS Elemental MediaLive released a new features that allows customers to use HLG 2020 as a color space for AV1 video codec. (b9ff368c)
• client-imagebuilder: Updated pagination token validation for ListContainerRecipes API to support maximum size of 65K characters (0d392c90)
• client-cloudwatch-logs: Added queryDuration, bytesScanned, and userIdentity fields to the QueryInfo response object returned by DescribeQueries. Customers can now view detailed query cost information including who ran the query, how long it took, and the volume of data scanned. (c4b9df8e)
• client-payment-cryptography: Adds optional support to retrieve previously generated import and export tokens to simplify import and export functions (76274743)
• client-bedrock: Amazon Bedrock Guardrails enforcement configuration APIs now support selective guarding controls for system prompts as well as user and assistant messages, along with SDK support for Amazon Bedrock resource policy APIs. (4aa232cc)
• client-lightsail: Add support for tagging of Alarm resource type (ad9e0d71)

---

For list of updated packages, view updated-packages.md in assets-3.1024.0.zip

v3.1023.0

3.1023.0(2026-04-02)

Documentation Changes

• client-geo-places: This release updates API reference documentation for Amazon Location Service Places APIs to reflect regional restrictions for Grab Maps users in ReverseGeocode, Suggest, SearchText, and GetPlace operations (f60237d7)

New Features

• clients: update client endpoints as of 2026-04-02 (b5ffded0)
• client-gamelift: Amazon GameLift Servers now includes a ComputeName field in game session API responses, making it easier to identify which compute is hosting a game session without cross-referencing IP addresses. (9eb2723f)
• client-connect: Include CUSTOMER to evaluation target and participant role. Support Korean, Japanese and Simplified Chinese in evaluation forms. (69be1448)
• client-bedrock-data-automation: Data Automation Library is a BDA capability that lets you create reusable entity resources to improve extraction accuracy. Libraries support Custom Vocabulary entities that enhance speech recognition for audio and video content with domain-specific terminology shared across projects (b7560ab1)
• client-pricing: This release increases the MaxResults parameter of the GetAttributeValues API from 100 to 10000. (f3944601)
• client-cloudwatch: CloudWatch now supports OTel enrichment to make vended metrics for supported AWS resources queryable via PromQL with resource ARN and tag labels, and PromQL alarms for metrics ingested via the OTLP endpoint with multi-contributor evaluation. (c34638a1)
• client-bedrock-agentcore-control: Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets. (3bf4e650)
• client-bedrock-runtime: Relax ToolUseId pattern to allow dots and colons (2837c477)
• client-appstream: Amazon WorkSpaces Applications now supports drain mode for instances in multi-session fleets. This capability allows administrators to instruct individual fleet instances to stop accepting new user sessions while allowing existing sessions to continue uninterrupted. (3644b4c1)
• client-cloudwatch-logs: We are pleased to announce that our logs transformation csv processor now has a destination field, allowing you to specify under which parent node parsed columns be placed under. (d3d6f2bb)
• client-deadline: AWS Deadline Cloud now supports configurable scheduling on each queue. The scheduling configuration controls how workers are distributed across jobs. (522c454c)

---

For list of updated packages, view updated-packages.md in assets-3.1023.0.zip

v3.1022.0

... (truncated)

Changelog

Sourced from @​aws-sdk/client-cloudformation's changelog.

3.1024.0 (2026-04-03)

Note: Version bump only for package @​aws-sdk/client-cloudformation

3.1023.0 (2026-04-02)

Note: Version bump only for package @​aws-sdk/client-cloudformation

3.1022.0 (2026-04-01)

Note: Version bump only for package @​aws-sdk/client-cloudformation

Commits

• 99bf9fc Publish v3.1024.0
• 34e7b07 Publish v3.1023.0
• e7e636a Publish v3.1022.0
• See full diff in compare view

Updates @types/node from 25.5.0 to 25.5.2

Commits

• See full diff in compare view

Updates eslint from 10.1.0 to 10.2.0

Release notes

Sourced from eslint's releases.

v10.2.0

Features

• 586ec2f feat: Add meta.languages support to rules (#20571) (Copilot)
• 14207de feat: add Temporal to no-obj-calls (#20675) (Pixel998)
• bbb2c93 feat: add Temporal to ES2026 globals (#20672) (Pixel998)

Bug Fixes

• 542cb3e fix: update first-party dependencies (#20714) (Francesco Trotta)

Documentation

• a2af743 docs: add language to configuration objects (#20712) (Francesco Trotta)
• 845f23f docs: Update README (GitHub Actions Bot)
• 5fbcf59 docs: remove sourceType from ts playground link (#20477) (Tanuj Kanti)
• 8702a47 docs: Update README (GitHub Actions Bot)
• ddeaded docs: Update README (GitHub Actions Bot)
• 2b44966 docs: add Major Releases section to Manage Releases (#20269) (Milos Djermanovic)
• eab65c7 docs: update eslint versions in examples (#20664) (루밀LuMir)
• 3e4a299 docs: update ESM Dependencies policies with note for own-usage packages (#20660) (Milos Djermanovic)

Chores

• 8120e30 refactor: extract no unmodified loop condition (#20679) (kuldeep kumar)
• 46e8469 chore: update dependency markdownlint-cli2 to ^0.22.0 (#20697) (renovate[bot])
• 01ed3aa test: add unit tests for unicode utilities (#20622) (Manish chaudhary)
• 811f493 ci: remove --legacy-peer-deps from types integration tests (#20667) (Milos Djermanovic)
• 6b86fcf chore: update dependency npm-run-all2 to v8 (#20663) (renovate[bot])
• 632c4f8 chore: add prettier update commit to .git-blame-ignore-revs (#20662) (루밀LuMir)
• b0b0f21 chore: update dependency eslint-plugin-regexp to ^3.1.0 (#20659) (Milos Djermanovic)
• 228a2dd chore: update dependency eslint-plugin-eslint-plugin to ^7.3.2 (#20661) (Milos Djermanovic)
• 3ab4d7e test: Add tests for eslintrc-style keys (#20645) (kuldeep kumar)

Commits

• 000128c 10.2.0
• 1988fad Build: changelog update for 10.2.0
• 542cb3e fix: update first-party dependencies (#20714)
• a2af743 docs: add language to configuration objects (#20712)
• 845f23f docs: Update README
• 5fbcf59 docs: remove sourceType from ts playground link (#20477)
• 8702a47 docs: Update README
• ddeaded docs: Update README
• 8120e30 refactor: extract no unmodified loop condition (#20679)
• 46e8469 chore: update dependency markdownlint-cli2 to ^0.22.0 (#20697)
• Additional commits viewable in compare view

Updates ts-jest from 29.4.6 to 29.4.9

Release notes

Sourced from ts-jest's releases.

v29.4.9

Please refer to CHANGELOG.md for details.

v29.4.8

No release notes provided.

v29.4.7

Please refer to CHANGELOG.md for details.

Changelog

Sourced from ts-jest's changelog.

29.4.7 (2026-04-01)

Features

• support TypeScript v6 (eda517d)

Commits

• bac2e77 chore(release): bump version to 29.4.9
• f8a9cc9 fix: use correct registry for npm OIDC trusted publishing
• e2eec26 fix: npm permissions
• 263f2ac chore: remove npm auth token
• 5df0e45 OIDC
• f82c144 Merge pull request #5250 from kulshekhar/copilot/bump-patch-version
• e6ec5ae Update CHANGELOG.md
• 62c3199 Update CHANGELOG.md
• 052e751 Bump patch version to 29.4.7
• f79e77b Merge pull request #5249 from ext/feature/ts6-peer
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for ts-jest since your current version.

Updates aws-cdk-lib from 2.246.0 to 2.248.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.248.0

Bug Fixes

• eks: downgrade isolated subnet validation from error to warning (#37500) (470856c), closes #37491

---

Alpha modules (2.248.0-alpha.0)

v2.247.0

⚠ BREAKING CHANGES

• ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

aws-bedrockagentcore: AWS::BedrockAgentCore::OnlineEvaluationConfig: ExecutionStatus attribute removed. aws-appstream: AWS::AppStream::ImageBuilder: Name property is now immutable. aws-eks: AWS::EKS::Capability: EKS_CAPABILITY_ACK_S3_LOGS vended log type removed.

Features

• update L1 CloudFormation resource definitions (#37410) (bd2c318)
• apigatewayv2: add role support for lambda authorizers (#35706) (2fb2f16), closes #35696
• batch: skip unregister job definition on update (#36011) (2fb2240)
• elasticloadbalancingv2: jwt verification for application load balancer (#36099) (aacd28a), closes #36096

Bug Fixes

• bump brace-expansion from 5.0.3 to 5.0.5 to address CVE-2026-33750 (#37379) (69cf4c9)
• prevent prototype pollution in 2 APIs (#37453) (1016537)
• aws-cdk-lib: condensed stack trace hides namespaced package name (#37413) (cb8e7fb)

---

Alpha modules (2.247.0-alpha.0)

Features

• mediapackagev2-alpha: new L2 construct (#37279) (7debfb9)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.248.0-alpha.0 (2026-04-02)

2.247.0-alpha.0 (2026-04-02)

Features

• mediapackagev2-alpha: new L2 construct (#37279) (7debfb9)

2.246.0-alpha.0 (2026-03-31)

2.245.0-alpha.0 (2026-03-27)

Features

• s3tables-alpha: add support for partition spec, sort order, and table properties (#36811) (2696cd1)
• s3tables-alpha: add metrics configuration support for TableBucket (#37275) (e8786f5)
• s3tables-alpha: implement ITaggableV2 on TableBucket and Table L2 constructs (#37277) (69c8944), closes #33054

2.244.0-alpha.0 (2026-03-19)

Bug Fixes

• kinesisanalytics-flink-alpha: mark deprecated flink runtimes as deprecated (#37155) (0a89447)

2.243.0-alpha.0 (2026-03-11)

2.242.0-alpha.0 (2026-03-10)

Features

• mixins-preview: allow passing resource objects into properties in CFN Property mixins (#37148) (f238629)
• mixins-preview: generate EventBridge pattern for all events (#37081) (f30e836)
• mixins-preview: support custom merge strategies via IMergeStrategy (#37170) (0dec011)

2.241.0-alpha.0 (2026-03-02)

Features

• mixins-preview: add recordFields and outputFormat to Vended Logs Mixin (#37042) (dd94c31)
• mixins-preview: cross account delivery destinations (#36827) (a759eb6)

... (truncated)

Commits

• 78536e6 Merge branch 'main' into merge-back/2.247.0
• 470856c fix(eks): downgrade isolated subnet validation from error to warning (#37500)
• 7b6c66f chore: update analytics metadata blueprints
• 6fc7add chore: yarn upgrade dependencies requiring intervention (#36806)
• bd2c318 feat: update L1 CloudFormation resource definitions (#37410)
• 2fb2f16 feat(apigatewayv2): add role support for lambda authorizers (#35706)
• aacd28a feat(elasticloadbalancingv2): jwt verification for application load balancer ...
• 1016537 fix: prevent prototype pollution in 2 APIs (#37453)
• 2fb2240 feat(batch): skip unregister job definition on update (#36011)
• 372571a Merge branch 'main' into merge-back/2.246.0
• Additional commits viewable in compare view

Updates aws-cdk from 2.1115.1 to 2.1117.0

Release notes

Sourced from aws-cdk's releases.

aws-cdk@v2.1117.0

2.1117.0 (2026-04-03)

Features

• deps: upgrade aws-cdk-lib (#1304) (03daeb6)

aws-cdk@v2.1116.0

2.1116.0 (2026-04-01)

Features

• cli: add publish-assets command for asset publishing without deployment (#1020) (7c079da)
• deps: upgrade aws-cdk-lib (#1297) (4da5e25)
• display CloudFormation Guard Hook failures (#1198) (ae062a9)

Bug Fixes

• security changes in nested stacks are not shown for cdk diff --security-only (#1295) (8f7e1aa)

Commits

• 03daeb6 feat(deps): upgrade aws-cdk-lib (#1304)
• ae062a9 feat: display CloudFormation Guard Hook failures (#1198)
• 7c079da feat(cli): add publish-assets command for asset publishing without deployment...
• 26ab95a chore: replace unnecessary dev deps with native alternatives (#1299)
• 4da5e25 feat(deps): upgrade aws-cdk-lib (#1297)
• 8f7e1aa fix: security changes in nested stacks are not shown for `cdk diff --security...
• See full diff in compare view

Updates @types/node from 25.5.0 to 25.5.2

Commits

• See full diff in compare view

Updates aws-cdk-lib from 2.246.0 to 2.248.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.248.0

Bug Fixes

• eks: downgrade isolated subnet validation from error to warning (#37500) (470856c), closes #37491

---

Alpha modules (2.248.0-alpha.0)

v2.247.0

⚠ BREAKING CHANGES

• ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

aws-bedrockagentcore: AWS::BedrockAgentCore::OnlineEvaluationConfig: ExecutionStatus attribute removed. aws-appstream: AWS::AppStream::ImageBuilder: Name property is now immutable. aws-eks: AWS::EKS::Capability: EKS_CAPABILITY_ACK_S3_LOGS vended log type removed.

Features

• update L1 CloudFormation resource definitions (#37410) (bd2c318)
• apigatewayv2: add role support for lambda authorizers (#35706) (2fb2f16), closes #35696
• batch: skip unregister job definition on update (#36011) (2fb2240)
• elasticloadbalancingv2: jwt verification for application load balancer (#36099) (aacd28a), closes #36096

Bug Fixes

• bump brace-expansion from 5.0.3 to 5.0.5 to address CVE-2026-33750 (#37379) (69cf4c9)
• prevent prototype pollution in 2 APIs (#37453) (1016537)
• aws-cdk-lib: condensed stack trace hides namespaced package name (#37413) (cb8e7fb)

---

Alpha modules (2.247.0-alpha.0)

Features

• mediapackagev2-alpha: new L2 construct (#37279) (7debfb9)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.248.0-alpha.0 (2026-04-02)

2.247.0-alpha.0 (2026-04-02)

Features

• mediapackagev2-alpha: new L2 construct (#37279) (7debfb9)

2.246.0-alpha.0 (2026-03-31)

2.245.0-alpha.0 (2026-03-27)

Features

• s3tables-alpha: add support for partition spec, sort order, and table properties (#36811) (2696cd1)
• s3tables-alpha: add metrics configuration support for TableBucket (#37275) (e8786f5)
• s3tables-alpha: implement ITaggableV2 on TableBucket and Table L2 constructs (#37277) (69c8944), closes #33054

2.244.0-alpha.0 (2026-03-19)

Bug Fixes

• kinesisanalytics-flink-alpha: mark deprecated flink runtimes as deprecated (#37155) (0a89447)

2.243.0-alpha.0 (2026-03-11)

2.242.0-alpha.0 (2026-03-10)

Features

• mixins-preview: allow passing resource objects into properties in CFN Property mixins (#37148) (f238629)
• mixins-preview: generate EventBridge pattern for all events (#37081) (f30e836)
• mixins-preview: support custom merge strategies via IMergeStrategy (#37170) (0dec011)

2.241.0-alpha.0 (2026-03-02)

Features

• mixins-preview: add recordFields and outputFormat to Vended Logs Mixin (#37042) (dd94c31)
• mixins-preview: cross account delivery destinations (#36827) (a759eb6)

... (truncated)

Commits

• 78536e6 Merge branch 'main' into merge-back/2.247.0
• 470856c fix(eks): downgrade isolated subnet validation from error to warning (#37500)
• 7b6c66f chore: update analytics metadata blueprints
• 6fc7add chore: yarn upgrade dependencies requiring intervention (#36806)
• bd2c318 feat: update L1 CloudFormation resource definitions (#37410)
• 2fb2f16 feat(apigatewayv2): add role support for lambda authorizers (#35706)
• aacd28a feat(elasticloadbalancingv2): jwt verification for application load balancer ...
• 1016537 fix: prevent prototype pollution in 2 APIs (#37453)
• 2fb2240 feat(batch): skip unregister job definition on update (#36011)
• 372571a Merge branch 'main' into merge-back/2.246.0
• Additional commits viewable in compare view

Updates aws-cdk from 2.1115.1 to 2.1117.0

Release notes

Sourced from aws-cdk's releases.

aws-cdk@v2.1117.0

2.1117.0 (2026-04-03)

Features

• deps: upgrade aws-cdk-lib (#1304) (03daeb6)

aws-cdk@v2.1116.0

2.1116.0 (2026-04-01)

Features

• cli: add publish-assets command for asset publishing without deployment (#1020) (7c079da)
• deps: upgrade aws-cdk-lib (#1297) (4da5e25)
• display CloudFormation Guard Hook failures (#1198) (ae062a9)

Bug Fixes

• security changes in nested stacks are not shown for cdk diff --security-only (#1295) (8f7e1aa)

Commits

• 03daeb6 feat(deps): upgrade aws-cdk-lib (#1304)
• ae062a9 feat: display CloudFormation Guard Hook failures (#1198)
• 7c079da feat(cli): add publish-assets command for asset publishing without deployment...
• 26ab95a chore: replace unnecessary dev deps with native alternatives (#1299)
• 4da5e25 feat(deps): upgrade aws-cdk-lib (#1297)
• 8f7e1aa fix: security changes in nested stacks are not shown for `cdk diff --security...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA bd338f1.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

test/package.json

Package	Version	License	Issue Type
aws-cdk-lib	^2.248.0	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@aws-cdk/asset-awscli-v1	2.2.273	Unknown	Unknown
npm/@aws-cdk/cloud-assembly-schema	53.13.0	Unknown	Unknown
npm/@aws-sdk/client-cloudformation	3.1024.0	🟢 5.5	Details Check Score Reason Code-Review ⚠️ 2 Found 8/30 approved changesets -- score normalized to 2 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/@eslint/config-array	0.23.4	Unknown	Unknown
npm/@eslint/config-helpers	0.5.4	Unknown	Unknown
npm/@eslint/core	1.2.0	Unknown	Unknown
npm/@eslint/object-schema	3.0.4	Unknown	Unknown
npm/@eslint/plugin-kit	0.7.0	Unknown	Unknown
npm/@types/node	25.5.2	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 8 Found 26/29 approved changesets -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/aws-cdk	2.1117.0	Unknown	Unknown
npm/aws-cdk-lib	2.248.0	🟢 5.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected License 🟢 10 license file detected Pinned-Dependencies ⚠️ -1 internal error: internal error: invalid Dockerfile Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Binary-Artifacts ⚠️ 0 binaries present in source code SAST 🟢 9 SAST tool detected but not run on all commits Fuzzing 🟢 10 project is fuzzed
npm/baseline-browser-mapping	2.10.15	Unknown	Unknown
npm/caniuse-lite	1.0.30001785	🟢 4.5	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 no SAST tool detected Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
npm/eslint	10.2.0	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 18/22 approved changesets -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 9 SAST tool detected but not run on all commits
npm/path-expression-matcher	1.2.1	Unknown	Unknown
npm/ts-jest	29.4.9	🟢 5.7	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 1 Found 1/7 approved changesets -- score normalized to 1 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 10 SAST tool is run on all commits
npm/@types/node	^25.5.2	Unknown	Unknown
npm/aws-cdk	^2.1117.0	Unknown	Unknown
npm/aws-cdk-lib	^2.248.0	Unknown	Unknown

Scanned Files

• pnpm-lock.yaml
• test/package.json