chore(deps-dev): bump the npm-development group with 9 updates

[dependabot]

Bumps the npm-development group with 9 updates:

Package	From	To
@vitest/coverage-v8	4.1.7	4.1.8
@vitest/ui	4.1.7	4.1.8
eslint	10.4.0	10.4.1
eslint-config-next	16.2.6	16.2.7
knip	6.14.2	6.15.0
lint-staged	17.0.5	17.0.7
tsx	4.22.3	4.22.4
typescript-eslint	8.60.0	8.60.1
vitest	4.1.7	4.1.8

Updates @vitest/coverage-v8 from 4.1.7 to 4.1.8

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.8

   🐞 Bug Fixes

• browser:
  • Disable client cdp API when allowWrite/allowExec: false [backport to v4]  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)
  • Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by @​toxik and @​Zelys-DFKH in vitest-dev/vitest#10474 (675b4)

    View changes on GitHub

Commits

• e61f2dd chore: release v4.1.8
• e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
• See full diff in compare view

Updates @vitest/ui from 4.1.7 to 4.1.8

Release notes

Sourced from @​vitest/ui's releases.

v4.1.8

   🐞 Bug Fixes

• browser:
  • Disable client cdp API when allowWrite/allowExec: false [backport to v4]  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)
  • Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by @​toxik and @​Zelys-DFKH in vitest-dev/vitest#10474 (675b4)

    View changes on GitHub

Commits

• e61f2dd chore: release v4.1.8
• See full diff in compare view

Updates eslint from 10.4.0 to 10.4.1

Release notes

Sourced from eslint's releases.

v10.4.1

Bug Fixes

• e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930) (Francesco Trotta)
• d4ce898 fix: propagate failures from delegated commands (#20917) (Minh Vu)
• f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916) (kuldeep kumar)
• c5bc78b fix: false positive for reference in finally block (#20655) (Tanuj Kanti)
• 27538c0 fix: add missing CodePath and CodePathSegment types (#20853) (Pixel998)

Documentation

• 61b0add docs: remove deprecated rule from related rules of max-params (#20921) (Tanuj Kanti)
• 305d5b9 docs: remove deprecated rules from related rules section (#20911) (Tanuj Kanti)
• 49b0202 docs: fix display: none of ad (#20901) (Tanuj Kanti)
• 9067f94 docs: switch build to Node.js 24 (#20893) (Milos Djermanovic)
• c91b041 docs: Update README (GitHub Actions Bot)
• e349265 docs: clarify semver strings in rule deprecation objects (#20885) (Milos Djermanovic)

Chores

• b0e466b test: add data property to invalid tests cases for rules (#20924) (Tanuj Kanti)
• f78838b test: add CodePath type coverage (#20904) (Pixel998)
• 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20922) (Francesco Trotta)
• 002942c ci: declare contents:read on update-readme workflow (#20919) (Arpit Jain)
• 64bca24 chore: update ecosystem plugins (#20912) (ESLint Bot)
• 6d7c832 chore: ignore fflate updates in renovate (#20908) (Pixel998)
• b2c8638 ci: bump pnpm/action-setup from 6.0.7 to 6.0.8 (#20889) (dependabot[bot])
• a9b8d7f chore: increase maxBuffer for ecosystem tests (#20881) (sethamus)
• b702ead chore: update ecosystem update PR settings (#20884) (Pixel998)
• 507f60e chore: update ecosystem plugins (#20882) (ESLint Bot)
• 92f5c5b test: add unit test for message-count (#20878) (kuldeep kumar)
• df32108 chore: add @​eslint/markdown and typescript-eslint ecosystem tests (#20837) (sethamus)
• 327f91d chore: use includeIgnoreFile internally (#20876) (Kirk Waiblinger)
• f0dc4bd chore: pin fflate@0.8.2 (#20877) (Milos Djermanovic)
• 0f4bd25 ci: run Discord alert for ecosystem test failures (#20873) (Copilot)

Commits

• 4a3d15a 10.4.1
• 43e7e2b Build: changelog update for 10.4.1
• e557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930)
• b0e466b test: add data property to invalid tests cases for rules (#20924)
• d4ce898 fix: propagate failures from delegated commands (#20917)
• f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916)
• f78838b test: add CodePath type coverage (#20904)
• 61b0add docs: remove deprecated rule from related rules of max-params (#20921)
• 1daa4bd chore: update eslint-plugin-eslint-comments test data to latest commit (#20...
• 002942c ci: declare contents:read on update-readme workflow (#20919)
• Additional commits viewable in compare view

Updates eslint-config-next from 16.2.6 to 16.2.7

Release notes

Sourced from eslint-config-next's releases.

v16.2.7

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Backport documentation fixes for v16.2 (#93804)
• [backport] Patch playwright-core to resolve _finishedPromise on requestFailed (#93920)
• [backport] Fix dev mode hydration failure when page is served from HTTP cache (#93492)
• [backport] Fix catch-all router.query corruption with basePath + rewrites (#93917)
• [backport] Encode non-ASCII characters in cache tags at construction (#93918)
• [backport] Fix server action forwarding loop with middleware rewrites (#93919)
• [backport] Turbopack: switch from base40 to base38 hash encoding (#93932)
• [ci] Disable hanging node 24 typescript tests on 16.2 backport branch (#94164)
• [backport] Fix "type: module" in project dir when using standalone or adapters (#94050)
• [backport] Propagate adapter preferred regions (#94200)
• [16.2.x] Don't drop FormData entries (#94240)
• [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolution (#94284)

Credits

Huge thanks to @​eps1lon, @​icyJoseph, @​unstubbable, @​mischnic, @​bgw, @​timneutkens, and @​lukesandberg for helping!

Commits

• 9bd3c26 v16.2.7
• See full diff in compare view

Updates knip from 6.14.2 to 6.15.0

Release notes

Sourced from knip's releases.

Release 6.15.0

• Report exported type used only in inferred-return function body (resolve #1765) (2413408753f7abc7a9dfdba520990afd18c53ee0)
• Work that EXPORTS.md again (7e13451fab7ad85362fb63a4715ea450690aedef)
• Update npmx ecosystem snapshot (dfc401145a880f156c66eb83ea1622a99540304a)
• Link dependencies key with notes (closes #1764) (e3e66cea9e946558940bf8705129efea3f23b3ba)
• Resolve tsconfig paths when loading plugin configs (#1762) (0177c7466559e2ae99b5e1cd1e3a8043ca494edc) - thanks @​jakeleventhal!
• Avoid caching failed plugin config loads (#1768) (5e201cde9b1ba2568ead2ae790ab888c966828ae) - thanks @​jakeleventhal!
• Resolve extensionless .sass imports in SCSS compiler (#1770) (30c22835383b2355787cc2a871b22de80ff75544) - thanks @​sebacardello!
• fix(vite): detect inline module script entry points in index.html (#1772) (51f4eddc9e1b2fed1ba25e81fc596e9fb514ce01) - thanks @​lucas-spin!
• Harden vite inline module script import detection (b8abcfd2f4f5486aea08a934514bc55de86be030)
• Use RecordableHistogram for timerified function stats (d575c6905704af1b0b4620edd874fc09bc86ed28)
• Add orval plugin (resolves #1751) (4c82aa82c2a02fbda27a316389f210d11621f8cb)
• Add treatTagHintsAsErrors and --no-tag-hints (resolves #1767) (4b6a573e0c1e0daf65c76c32f7336ea71db6bb64)
• Add nano-spawn plugin (resolves #1769) (b2cad06dfd9958485537c5545c6c497fc8823ac3)
• Simplify glob cache validation and ignore-list assembly (df1a9603a5ea8ed7bad9588bf13672cedf37c90e)
• Dedupe ignore-pattern collection and dependency fixing (d49b626ad6736d7123d44568ef8c42a3e1d28aa3)
• Simplify installed-binaries collection in manifest metadata (55143941eebbc8dac12c79b77c1f65a8b61dfbef)
• Flatten control flow in ConfigurationChief (010d5709b0f9a3adc5ebe6e7169b9f5c4f29abc5)
• Inline trivial installed-binaries and types-included accessors (b5afb9f29e3474eee4bf276c1de83cb0682a5663)
• Format (eb4b178d5d90a719cdc576d644766f8f95a47876)
• Replace @​wdio/types dev dep with inline types (a3747d61ee0e594854e5da0ca6cb7597e0096b99)
• Bump dependencies (822ab3905cb7b5a216404231607a7820105930a2)
• Work AGENTS.md, etcetera (361bd4803934a01e01b08170565f8374e4e49eb2)
• Remove rootDirs workaround resolved by oxc-resolver 11.20.0 (e190a9fec22db41975cf9568a31970a05c86e66b)
• Add nuxt no-root-tsconfig fixture guarding alias resolution (e3e5bc94d5f7b6ffdbc89b18d7c8d5acbb5a9008)
• Allow extra args for release-it (f9c59952fa2c8c4c13bd42edc0935610900d1980)
• Add @​vercel as platinum sponsor (c4c06a9149c986680f0d1aa74b57a46ff1f88601)
• Overhaul & improve --trace functionailty (60df0b05f364c8d841c0f784a06bab2a3215a32f)
• Re-gen plugins.md (0f9d044d312053154498a562e3a9422a4f44afe6)

Commits

• 3f3769e Release knip@6.15.0
• 60df0b0 Overhaul & improve --trace functionailty
• e3e5bc9 Add nuxt no-root-tsconfig fixture guarding alias resolution
• e190a9f Remove rootDirs workaround resolved by oxc-resolver 11.20.0
• 822ab39 Bump dependencies
• a3747d6 Replace @​wdio/types dev dep with inline types
• eb4b178 Format
• b5afb9f Inline trivial installed-binaries and types-included accessors
• 010d570 Flatten control flow in ConfigurationChief
• 5514394 Simplify installed-binaries collection in manifest metadata
• Additional commits viewable in compare view

Updates lint-staged from 17.0.5 to 17.0.7

Release notes

Sourced from lint-staged's releases.

v17.0.7

Patch Changes

• #1806 e692e58 - Update dependency tinyexec@^1.2.4.

v17.0.6

Patch Changes

• #1803 bdf2770 - Run all tests with Deno, in addition to Node.js and Bun.

• #1796 7508272 - Fix performance regression of lint-staged v17 by going back to using git add to stage task modifications. This was changed to git update-index --again in v17 for less manual work, but unfortunately the update-index command gets slower in very large Git repos.

• #1797 7b2505a - This version of lint-staged uses the new staged publishing for npm packages feature. Releases are already published from GitHub Actions with trusted publishing, but now an additional approval with two-factor authentication is also required.

• #1802 321b0a9 - Downgrade dependency tinyexec@1.2.2 to avoid issues in version 1.2.3.

Changelog

Sourced from lint-staged's changelog.

17.0.7

Patch Changes

• #1806 e692e58 - Update dependency tinyexec@^1.2.4.

17.0.6

Patch Changes

• #1803 bdf2770 - Run all tests with Deno, in addition to Node.js and Bun.

• #1796 7508272 - Fix performance regression of lint-staged v17 by going back to using git add to stage task modifications. This was changed to git update-index --again in v17 for less manual work, but unfortunately the update-index command gets slower in very large Git repos.

• #1797 7b2505a - This version of lint-staged uses the new staged publishing for npm packages feature. Releases are already published from GitHub Actions with trusted publishing, but now an additional approval with two-factor authentication is also required.

• #1802 321b0a9 - Downgrade dependency tinyexec@1.2.2 to avoid issues in version 1.2.3.

Commits

• cd11fec Merge pull request #1807 from lint-staged/changeset-release/main
• 15a8ee0 chore(changeset): release
• 797bbd9 Merge pull request #1808 from lint-staged/add-stashing-faq
• 504e307 docs: add FAQ entry on how stashing works
• eff5cd1 Merge pull request #1806 from lint-staged/update-tinyexec
• e692e58 build(deps): update tinyexec@^1.2.4
• a2dd4ea Merge pull request #1805 from lint-staged/update-github-templates
• c928519 docs: update GitHub templates
• 094ba56 Merge pull request #1798 from lint-staged/changeset-release/main
• 88e19fe chore(changeset): release
• Additional commits viewable in compare view

Updates tsx from 4.22.3 to 4.22.4

Release notes

Sourced from tsx's releases.

v4.22.4

4.22.4 (2026-05-31)

Bug Fixes

• resolve CommonJS directory requires inside dependencies (#803) (1ce8463)

---

This release is also available on:

• npm package (@​latest dist-tag)

Commits

• 1ce8463 fix: resolve CommonJS directory requires inside dependencies (#803)
• See full diff in compare view

Updates typescript-eslint from 8.60.0 to 8.60.1

Release notes

Sourced from typescript-eslint's releases.

v8.60.1

8.60.1 (2026-06-01)

🩹 Fixes

• eslint-plugin: respect ECMAScript line terminators in ts-comment rules (#12352)
• eslint-plugin: [no-shadow] correct rule to match ESLint v10 handling (#12182)

❤️ Thank You

• lumir
• Nevette Bailey @​nevette-bailey

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.60.1 (2026-06-01)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 4f84a69 chore(release): publish 8.60.1
• 1849b53 chore: typecheck using tsgo (#12139)
• See full diff in compare view

Updates vitest from 4.1.7 to 4.1.8

Release notes

Sourced from vitest's releases.

v4.1.8

   🐞 Bug Fixes

• browser:
  • Disable client cdp API when allowWrite/allowExec: false [backport to v4]  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10450 (e4067)
  • Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4]  -  by @​toxik and @​Zelys-DFKH in vitest-dev/vitest#10474 (675b4)

    View changes on GitHub

Commits

• e61f2dd chore: release v4.1.8
• e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@eslint/plugin-kit	0.7.2	Unknown	Unknown
npm/@next/eslint-plugin-next	16.2.7	🟢 6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 27/30 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Binary-Artifacts ⚠️ 0 binaries present in source code Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@oxc-parser/binding-android-arm-eabi	0.133.0	Unknown	Unknown
npm/@oxc-parser/binding-android-arm64	0.133.0	Unknown	Unknown
npm/@oxc-parser/binding-darwin-arm64	0.133.0	Unknown	Unknown
npm/@oxc-parser/binding-darwin-x64	0.133.0	Unknown	Unknown
npm/@oxc-parser/binding-freebsd-x64	0.133.0	Unknown	Unknown
npm/@oxc-parser/binding-linux-arm-gnueabihf	0.133.0	Unknown	Unknown
npm/@oxc-parser/binding-linux-arm-musleabihf	0.133.0	Unknown	Unknown
npm/@oxc-parser/binding-linux-arm64-gnu	0.133.0	Unknown	Unknown
npm/@oxc-parser/binding-linux-arm64-musl	0.133.0	Unknown	Unknown
npm/@oxc-parser/binding-linux-ppc64-gnu	0.133.0	Unknown	Unknown
npm/@oxc-parser/binding-linux-riscv64-gnu	0.133.0	Unknown	Unknown
npm/@oxc-parser/binding-linux-riscv64-musl	0.133.0	Unknown	Unknown
npm/@oxc-parser/binding-linux-s390x-gnu	0.133.0	Unknown	Unknown
npm/@oxc-parser/binding-linux-x64-gnu	0.133.0	Unknown	Unknown
npm/@oxc-parser/binding-linux-x64-musl	0.133.0	Unknown	Unknown
npm/@oxc-parser/binding-openharmony-arm64	0.133.0	Unknown	Unknown
npm/@oxc-parser/binding-wasm32-wasi	0.133.0	Unknown	Unknown
npm/@oxc-parser/binding-win32-arm64-msvc	0.133.0	Unknown	Unknown
npm/@oxc-parser/binding-win32-ia32-msvc	0.133.0	Unknown	Unknown
npm/@oxc-parser/binding-win32-x64-msvc	0.133.0	Unknown	Unknown
npm/@oxc-project/types	0.133.0	Unknown	Unknown
npm/@oxc-resolver/binding-android-arm-eabi	11.20.0	Unknown	Unknown
npm/@oxc-resolver/binding-android-arm64	11.20.0	Unknown	Unknown
npm/@oxc-resolver/binding-darwin-arm64	11.20.0	Unknown	Unknown
npm/@oxc-resolver/binding-darwin-x64	11.20.0	Unknown	Unknown
npm/@oxc-resolver/binding-freebsd-x64	11.20.0	Unknown	Unknown
npm/@oxc-resolver/binding-linux-arm-gnueabihf	11.20.0	Unknown	Unknown
npm/@oxc-resolver/binding-linux-arm-musleabihf	11.20.0	Unknown	Unknown
npm/@oxc-resolver/binding-linux-arm64-gnu	11.20.0	Unknown	Unknown
npm/@oxc-resolver/binding-linux-arm64-musl	11.20.0	Unknown	Unknown
npm/@oxc-resolver/binding-linux-ppc64-gnu	11.20.0	Unknown	Unknown
npm/@oxc-resolver/binding-linux-riscv64-gnu	11.20.0	Unknown	Unknown
npm/@oxc-resolver/binding-linux-riscv64-musl	11.20.0	Unknown	Unknown
npm/@oxc-resolver/binding-linux-s390x-gnu	11.20.0	Unknown	Unknown
npm/@oxc-resolver/binding-linux-x64-gnu	11.20.0	Unknown	Unknown
npm/@oxc-resolver/binding-linux-x64-musl	11.20.0	Unknown	Unknown
npm/@oxc-resolver/binding-openharmony-arm64	11.20.0	Unknown	Unknown
npm/@oxc-resolver/binding-wasm32-wasi	11.20.0	Unknown	Unknown
npm/@oxc-resolver/binding-win32-arm64-msvc	11.20.0	Unknown	Unknown
npm/@oxc-resolver/binding-win32-x64-msvc	11.20.0	Unknown	Unknown
npm/@typescript-eslint/eslint-plugin	8.60.1	🟢 6.7	Details Check Score Reason Code-Review 🟢 9 Found 24/26 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/parser	8.60.1	🟢 6.7	Details Check Score Reason Code-Review 🟢 9 Found 24/26 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/project-service	8.60.1	🟢 6.7	Details Check Score Reason Code-Review 🟢 9 Found 24/26 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/scope-manager	8.60.1	🟢 6.7	Details Check Score Reason Code-Review 🟢 9 Found 24/26 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/tsconfig-utils	8.60.1	🟢 6.7	Details Check Score Reason Code-Review 🟢 9 Found 24/26 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/type-utils	8.60.1	🟢 6.7	Details Check Score Reason Code-Review 🟢 9 Found 24/26 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/types	8.60.1	🟢 6.7	Details Check Score Reason Code-Review 🟢 9 Found 24/26 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/typescript-estree	8.60.1	🟢 6.7	Details Check Score Reason Code-Review 🟢 9 Found 24/26 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/utils	8.60.1	🟢 6.7	Details Check Score Reason Code-Review 🟢 9 Found 24/26 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/visitor-keys	8.60.1	🟢 6.7	Details Check Score Reason Code-Review 🟢 9 Found 24/26 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@vitest/coverage-v8	4.1.8	Unknown	Unknown
npm/@vitest/expect	4.1.8	Unknown	Unknown
npm/@vitest/mocker	4.1.8	Unknown	Unknown
npm/@vitest/pretty-format	4.1.8	Unknown	Unknown
npm/@vitest/runner	4.1.8	Unknown	Unknown
npm/@vitest/snapshot	4.1.8	Unknown	Unknown
npm/@vitest/spy	4.1.8	Unknown	Unknown
npm/@vitest/ui	4.1.8	Unknown	Unknown
npm/@vitest/utils	4.1.8	Unknown	Unknown
npm/eslint	10.4.1	🟢 6.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 23/28 approved changesets -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/eslint-config-next	16.2.7	🟢 6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 27/30 approved changesets -- score normalized to 9 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Binary-Artifacts ⚠️ 0 binaries present in source code Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/knip	6.15.0	Unknown	Unknown
npm/lint-staged	17.0.7	Unknown	Unknown
npm/oxc-parser	0.133.0	Unknown	Unknown
npm/oxc-resolver	11.20.0	Unknown	Unknown
npm/tinyexec	1.2.4	Unknown	Unknown
npm/tsx	4.22.4	Unknown	Unknown
npm/typescript-eslint	8.60.1	🟢 6.7	Details Check Score Reason Code-Review 🟢 9 Found 24/26 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/vitest	4.1.8	Unknown	Unknown

Scanned Files

• package-lock.json