Bump the development-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the development-dependencies group with 6 updates in the /backend directory:

Package	From	To
@eslint/js	9.16.0	9.18.0
@types/express	4.17.21	5.0.0
eslint	9.16.0	9.18.0
globals	15.13.0	15.14.0
typescript	5.7.2	5.7.3
typescript-eslint	8.17.0	8.21.0

Updates @eslint/js from 9.16.0 to 9.18.0

Release notes

Sourced from @​eslint/js's releases.

v9.18.0

Features

• e84e6e2 feat: Report allowed methods for no-console rule (#19306) (Anna Bocharova)
• 8efc2d0 feat: unflag TypeScript config files (#19266) (Francesco Trotta)
• 87a9352 feat: check imports and class names in no-shadow-restricted-names (#19272) (Milos Djermanovic)

Bug Fixes

• da768d4 fix: correct overrideConfigFile type (#19289) (Francesco Trotta)

Documentation

• d9c23c5 docs: replace var with const in rule examples (#19325) (Tanuj Kanti)
• 8e1a898 docs: add tabs to cli code blocks (#18784) (Jay)
• f3aeefb docs: rewrite using let and const in rule examples (#19320) (PoloSpark)
• 0b680b3 docs: Update README (GitHub Actions Bot)
• 98c86a9 docs: Edit this page button link to different branches (#19228) (Tanuj Kanti)
• 6947901 docs: remove hardcoded edit link (#19323) (Milos Djermanovic)
• 03f2f44 docs: rewrite var with const in rules examples (#19317) (Thiago)
• 26c3003 docs: Clarify dangers of eslint:all (#19318) (Nicholas C. Zakas)
• c038257 docs: add eqeqeq in related rules to no-eq-null (#19310) (루밀LuMir)
• 89c8fc5 docs: rewrite examples with var using let and const (#19315) (Amaresh S M)
• db574c4 docs: add missing backticks to no-void (#19313) (루밀LuMir)
• 8d943c3 docs: add missing backticks to default-case-last (#19311) (루밀LuMir)
• 36ef8bb docs: rewrite examples with var using let and const (#19298) (Amaresh S M)
• 1610c9e docs: add missing backticks to no-else-return (#19309) (루밀LuMir)
• df409d8 docs: Update README (GitHub Actions Bot)
• 2e84213 docs: Fix Horizontal Scroll Overflow in Rule Description on Mobile View (#19304) (Amaresh S M)
• 6e7361b docs: replace var with let and const in rule example (#19302) (Tanuj Kanti)
• 069af5e docs: rewrite var using const in rule examples (#19303) (Kim GyeonWon)
• 064e35d docs: remove 'I hope to' comments from scope-manager-interface (#19300) (Josh Goldberg ✨)
• 8e00305 docs: replace var with const in rule examples (#19299) (Tanuj Kanti)
• a559009 docs: Add warning about extending core rules (#19295) (Nicholas C. Zakas)
• 0bfdf6c docs: Update README (GitHub Actions Bot)
• ce0b9ff docs: add navigation link for code explorer (#19285) (Tanuj Kanti)
• e255cc9 docs: add bluesky icon to footer (#19290) (Tanuj Kanti)
• 5d64851 docs: remove outdated info about environments (#19296) (Francesco Trotta)
• eec01f0 docs: switch rule examples config format to languageOptions (#19277) (Milos Djermanovic)
• b36ca0a docs: Fixing Focus Order by Rearranging Element Sequence (#19241) (Amaresh S M)
• d122c8a docs: add missing backticks to sort-imports (#19282) (루밀LuMir)
• 0367a70 docs: update custom parser docs (#19288) (Francesco Trotta)
• 8c07ebb docs: add border-radius to hX:target selector styles (#19270) (루밀LuMir)
• eff7c57 docs: add limitation section in no-loop-func (#19287) (Tanuj Kanti)
• 5db226f docs: add missing backticks in various parts of the documentation (#19269) (루밀LuMir)
• 789edbb docs: Update README (GitHub Actions Bot)
• 613c06a docs: mark rules that are frozen with ❄️ (#19231) (Amaresh S M)
• 43172ec docs: Update README (GitHub Actions Bot)
• ac8b3c4 docs: fix description of overrideConfigFile option (#19262) (Milos Djermanovic)
• bbb9b46 docs: Update README (GitHub Actions Bot)
• 995b492 docs: fix inconsistent divider in rule categories box (#19249) (Tanuj Kanti)
• f76d05d docs: Refactor search result handling with better event listener cleanup (#19252) (Amaresh S M)
• c5f3d7d docs: Update README (GitHub Actions Bot)

... (truncated)

Changelog

Sourced from @​eslint/js's changelog.

v9.18.0 - January 10, 2025

• c52be85 chore: upgrade to @eslint/js@9.18.0 (#19330) (Francesco Trotta)
• 362099c chore: package.json update for @​eslint/js release (Jenkins)
• 9486141 deps: upgrade @eslint/core and @eslint/plugin-kit (#19329) (Francesco Trotta)
• d9c23c5 docs: replace var with const in rule examples (#19325) (Tanuj Kanti)
• 8e1a898 docs: add tabs to cli code blocks (#18784) (Jay)
• f3aeefb docs: rewrite using let and const in rule examples (#19320) (PoloSpark)
• 0b680b3 docs: Update README (GitHub Actions Bot)
• 98c86a9 docs: Edit this page button link to different branches (#19228) (Tanuj Kanti)
• 6947901 docs: remove hardcoded edit link (#19323) (Milos Djermanovic)
• 03f2f44 docs: rewrite var with const in rules examples (#19317) (Thiago)
• 26c3003 docs: Clarify dangers of eslint:all (#19318) (Nicholas C. Zakas)
• c038257 docs: add eqeqeq in related rules to no-eq-null (#19310) (루밀LuMir)
• 89c8fc5 docs: rewrite examples with var using let and const (#19315) (Amaresh S M)
• 495aa49 chore: extract package name from package.json for public interface (#19314) (루밀LuMir)
• db574c4 docs: add missing backticks to no-void (#19313) (루밀LuMir)
• 8d943c3 docs: add missing backticks to default-case-last (#19311) (루밀LuMir)
• 36ef8bb docs: rewrite examples with var using let and const (#19298) (Amaresh S M)
• 1610c9e docs: add missing backticks to no-else-return (#19309) (루밀LuMir)
• df409d8 docs: Update README (GitHub Actions Bot)
• e84e6e2 feat: Report allowed methods for no-console rule (#19306) (Anna Bocharova)
• 2e84213 docs: Fix Horizontal Scroll Overflow in Rule Description on Mobile View (#19304) (Amaresh S M)
• 6e7361b docs: replace var with let and const in rule example (#19302) (Tanuj Kanti)
• 069af5e docs: rewrite var using const in rule examples (#19303) (Kim GyeonWon)
• 064e35d docs: remove 'I hope to' comments from scope-manager-interface (#19300) (Josh Goldberg ✨)
• 8e00305 docs: replace var with const in rule examples (#19299) (Tanuj Kanti)
• a559009 docs: Add warning about extending core rules (#19295) (Nicholas C. Zakas)
• 0bfdf6c docs: Update README (GitHub Actions Bot)
• ce0b9ff docs: add navigation link for code explorer (#19285) (Tanuj Kanti)
• e255cc9 docs: add bluesky icon to footer (#19290) (Tanuj Kanti)
• 5d64851 docs: remove outdated info about environments (#19296) (Francesco Trotta)
• eec01f0 docs: switch rule examples config format to languageOptions (#19277) (Milos Djermanovic)
• b36ca0a docs: Fixing Focus Order by Rearranging Element Sequence (#19241) (Amaresh S M)
• d122c8a docs: add missing backticks to sort-imports (#19282) (루밀LuMir)
• 0367a70 docs: update custom parser docs (#19288) (Francesco Trotta)
• da768d4 fix: correct overrideConfigFile type (#19289) (Francesco Trotta)
• 8c07ebb docs: add border-radius to hX:target selector styles (#19270) (루밀LuMir)
• eff7c57 docs: add limitation section in no-loop-func (#19287) (Tanuj Kanti)
• 8efc2d0 feat: unflag TypeScript config files (#19266) (Francesco Trotta)
• 87a9352 feat: check imports and class names in no-shadow-restricted-names (#19272) (Milos Djermanovic)
• 5db226f docs: add missing backticks in various parts of the documentation (#19269) (루밀LuMir)
• 789edbb docs: Update README (GitHub Actions Bot)
• 613c06a docs: mark rules that are frozen with ❄️ (#19231) (Amaresh S M)
• 43172ec docs: Update README (GitHub Actions Bot)
• ac8b3c4 docs: fix description of overrideConfigFile option (#19262) (Milos Djermanovic)
• 6fe0e72 chore: update dependency @​eslint/json to ^0.9.0 (#19263) (renovate[bot])
• bbb9b46 docs: Update README (GitHub Actions Bot)
• 995b492 docs: fix inconsistent divider in rule categories box (#19249) (Tanuj Kanti)
• f76d05d docs: Refactor search result handling with better event listener cleanup (#19252) (Amaresh S M)

... (truncated)

Commits

• 362099c chore: package.json update for @​eslint/js release
• 495aa49 chore: extract package name from package.json for public interface (#19314)
• 84c5787 chore: package.json update for @​eslint/js release
• See full diff in compare view

Updates @types/express from 4.17.21 to 5.0.0

Commits

• See full diff in compare view

Updates eslint from 9.16.0 to 9.18.0

Release notes

Sourced from eslint's releases.

v9.18.0

Features

• e84e6e2 feat: Report allowed methods for no-console rule (#19306) (Anna Bocharova)
• 8efc2d0 feat: unflag TypeScript config files (#19266) (Francesco Trotta)
• 87a9352 feat: check imports and class names in no-shadow-restricted-names (#19272) (Milos Djermanovic)

Bug Fixes

• da768d4 fix: correct overrideConfigFile type (#19289) (Francesco Trotta)

Documentation

• d9c23c5 docs: replace var with const in rule examples (#19325) (Tanuj Kanti)
• 8e1a898 docs: add tabs to cli code blocks (#18784) (Jay)
• f3aeefb docs: rewrite using let and const in rule examples (#19320) (PoloSpark)
• 0b680b3 docs: Update README (GitHub Actions Bot)
• 98c86a9 docs: Edit this page button link to different branches (#19228) (Tanuj Kanti)
• 6947901 docs: remove hardcoded edit link (#19323) (Milos Djermanovic)
• 03f2f44 docs: rewrite var with const in rules examples (#19317) (Thiago)
• 26c3003 docs: Clarify dangers of eslint:all (#19318) (Nicholas C. Zakas)
• c038257 docs: add eqeqeq in related rules to no-eq-null (#19310) (루밀LuMir)
• 89c8fc5 docs: rewrite examples with var using let and const (#19315) (Amaresh S M)
• db574c4 docs: add missing backticks to no-void (#19313) (루밀LuMir)
• 8d943c3 docs: add missing backticks to default-case-last (#19311) (루밀LuMir)
• 36ef8bb docs: rewrite examples with var using let and const (#19298) (Amaresh S M)
• 1610c9e docs: add missing backticks to no-else-return (#19309) (루밀LuMir)
• df409d8 docs: Update README (GitHub Actions Bot)
• 2e84213 docs: Fix Horizontal Scroll Overflow in Rule Description on Mobile View (#19304) (Amaresh S M)
• 6e7361b docs: replace var with let and const in rule example (#19302) (Tanuj Kanti)
• 069af5e docs: rewrite var using const in rule examples (#19303) (Kim GyeonWon)
• 064e35d docs: remove 'I hope to' comments from scope-manager-interface (#19300) (Josh Goldberg ✨)
• 8e00305 docs: replace var with const in rule examples (#19299) (Tanuj Kanti)
• a559009 docs: Add warning about extending core rules (#19295) (Nicholas C. Zakas)
• 0bfdf6c docs: Update README (GitHub Actions Bot)
• ce0b9ff docs: add navigation link for code explorer (#19285) (Tanuj Kanti)
• e255cc9 docs: add bluesky icon to footer (#19290) (Tanuj Kanti)
• 5d64851 docs: remove outdated info about environments (#19296) (Francesco Trotta)
• eec01f0 docs: switch rule examples config format to languageOptions (#19277) (Milos Djermanovic)
• b36ca0a docs: Fixing Focus Order by Rearranging Element Sequence (#19241) (Amaresh S M)
• d122c8a docs: add missing backticks to sort-imports (#19282) (루밀LuMir)
• 0367a70 docs: update custom parser docs (#19288) (Francesco Trotta)
• 8c07ebb docs: add border-radius to hX:target selector styles (#19270) (루밀LuMir)
• eff7c57 docs: add limitation section in no-loop-func (#19287) (Tanuj Kanti)
• 5db226f docs: add missing backticks in various parts of the documentation (#19269) (루밀LuMir)
• 789edbb docs: Update README (GitHub Actions Bot)
• 613c06a docs: mark rules that are frozen with ❄️ (#19231) (Amaresh S M)
• 43172ec docs: Update README (GitHub Actions Bot)
• ac8b3c4 docs: fix description of overrideConfigFile option (#19262) (Milos Djermanovic)
• bbb9b46 docs: Update README (GitHub Actions Bot)
• 995b492 docs: fix inconsistent divider in rule categories box (#19249) (Tanuj Kanti)
• f76d05d docs: Refactor search result handling with better event listener cleanup (#19252) (Amaresh S M)
• c5f3d7d docs: Update README (GitHub Actions Bot)

... (truncated)

Changelog

Sourced from eslint's changelog.

v9.18.0 - January 10, 2025

• c52be85 chore: upgrade to @eslint/js@9.18.0 (#19330) (Francesco Trotta)
• 362099c chore: package.json update for @​eslint/js release (Jenkins)
• 9486141 deps: upgrade @eslint/core and @eslint/plugin-kit (#19329) (Francesco Trotta)
• d9c23c5 docs: replace var with const in rule examples (#19325) (Tanuj Kanti)
• 8e1a898 docs: add tabs to cli code blocks (#18784) (Jay)
• f3aeefb docs: rewrite using let and const in rule examples (#19320) (PoloSpark)
• 0b680b3 docs: Update README (GitHub Actions Bot)
• 98c86a9 docs: Edit this page button link to different branches (#19228) (Tanuj Kanti)
• 6947901 docs: remove hardcoded edit link (#19323) (Milos Djermanovic)
• 03f2f44 docs: rewrite var with const in rules examples (#19317) (Thiago)
• 26c3003 docs: Clarify dangers of eslint:all (#19318) (Nicholas C. Zakas)
• c038257 docs: add eqeqeq in related rules to no-eq-null (#19310) (루밀LuMir)
• 89c8fc5 docs: rewrite examples with var using let and const (#19315) (Amaresh S M)
• 495aa49 chore: extract package name from package.json for public interface (#19314) (루밀LuMir)
• db574c4 docs: add missing backticks to no-void (#19313) (루밀LuMir)
• 8d943c3 docs: add missing backticks to default-case-last (#19311) (루밀LuMir)
• 36ef8bb docs: rewrite examples with var using let and const (#19298) (Amaresh S M)
• 1610c9e docs: add missing backticks to no-else-return (#19309) (루밀LuMir)
• df409d8 docs: Update README (GitHub Actions Bot)
• e84e6e2 feat: Report allowed methods for no-console rule (#19306) (Anna Bocharova)
• 2e84213 docs: Fix Horizontal Scroll Overflow in Rule Description on Mobile View (#19304) (Amaresh S M)
• 6e7361b docs: replace var with let and const in rule example (#19302) (Tanuj Kanti)
• 069af5e docs: rewrite var using const in rule examples (#19303) (Kim GyeonWon)
• 064e35d docs: remove 'I hope to' comments from scope-manager-interface (#19300) (Josh Goldberg ✨)
• 8e00305 docs: replace var with const in rule examples (#19299) (Tanuj Kanti)
• a559009 docs: Add warning about extending core rules (#19295) (Nicholas C. Zakas)
• 0bfdf6c docs: Update README (GitHub Actions Bot)
• ce0b9ff docs: add navigation link for code explorer (#19285) (Tanuj Kanti)
• e255cc9 docs: add bluesky icon to footer (#19290) (Tanuj Kanti)
• 5d64851 docs: remove outdated info about environments (#19296) (Francesco Trotta)
• eec01f0 docs: switch rule examples config format to languageOptions (#19277) (Milos Djermanovic)
• b36ca0a docs: Fixing Focus Order by Rearranging Element Sequence (#19241) (Amaresh S M)
• d122c8a docs: add missing backticks to sort-imports (#19282) (루밀LuMir)
• 0367a70 docs: update custom parser docs (#19288) (Francesco Trotta)
• da768d4 fix: correct overrideConfigFile type (#19289) (Francesco Trotta)
• 8c07ebb docs: add border-radius to hX:target selector styles (#19270) (루밀LuMir)
• eff7c57 docs: add limitation section in no-loop-func (#19287) (Tanuj Kanti)
• 8efc2d0 feat: unflag TypeScript config files (#19266) (Francesco Trotta)
• 87a9352 feat: check imports and class names in no-shadow-restricted-names (#19272) (Milos Djermanovic)
• 5db226f docs: add missing backticks in various parts of the documentation (#19269) (루밀LuMir)
• 789edbb docs: Update README (GitHub Actions Bot)
• 613c06a docs: mark rules that are frozen with ❄️ (#19231) (Amaresh S M)
• 43172ec docs: Update README (GitHub Actions Bot)
• ac8b3c4 docs: fix description of overrideConfigFile option (#19262) (Milos Djermanovic)
• 6fe0e72 chore: update dependency @​eslint/json to ^0.9.0 (#19263) (renovate[bot])
• bbb9b46 docs: Update README (GitHub Actions Bot)
• 995b492 docs: fix inconsistent divider in rule categories box (#19249) (Tanuj Kanti)
• f76d05d docs: Refactor search result handling with better event listener cleanup (#19252) (Amaresh S M)

... (truncated)

Commits

• 1c87b41 9.18.0
• 4df3132 Build: changelog update for 9.18.0
• c52be85 chore: upgrade to @eslint/js@9.18.0 (#19330)
• 362099c chore: package.json update for @​eslint/js release
• 9486141 deps: upgrade @eslint/core and @eslint/plugin-kit (#19329)
• d9c23c5 docs: replace var with const in rule examples (#19325)
• 8e1a898 docs: add tabs to cli code blocks (#18784)
• f3aeefb docs: rewrite using let and const in rule examples (#19320)
• 0b680b3 docs: Update README
• 98c86a9 docs: Edit this page button link to different branches (#19228)
• Additional commits viewable in compare view

Updates globals from 15.13.0 to 15.14.0

Release notes

Sourced from globals's releases.

v15.14.0

• Add vitest globals (#274) 06a5723

sindresorhus/globals@v15.13.0...v15.14.0

Commits

• 48c7b51 15.14.0
• 06a5723 Add vitest globals (#274)
• See full diff in compare view

Updates typescript from 5.7.2 to 5.7.3

Release notes

Sourced from typescript's releases.

TypeScript 5.7.3

For release notes, check out the release announcement.

• fixed issues query for Typescript 5.7.0 (Beta).
• fixed issues query for Typescript 5.7.1 (RC).
• fixed issues query for Typescript 5.7.2 (Stable).
• fixed issues query for Typescript 5.7.3 (Stable).

Downloads are available on npm

Commits

• a5e123d Update LKG
• 8bc0204 🤖 Pick PR #60828 (Fix CodeQL configuration, releases) into release-5.7 (#60923)
• 7aa63df 🤖 Pick PR #60393 (Don't try to add an implicit undefi...) into release-5.7 (#...
• 9df7c36 Bump version to 5.7.3 and LKG
• e167412 🤖 Pick PR #60794 (Harden sanitizeLog against incorr...) into release-5.7 (#...
• 9ba364c Fix coverage build on release-5.7 (#60792)
• 4b7441a 🤖 Pick PR #60680 (Mark the inherited any-based index ...) into release-5.7 (#...
• e844dc3 Cherry-pick #60402, #60440, #60616 into release-5.7 (#60777)
• 21b02a1 🤖 Pick PR #60749 (Do not require import attribute on ...) into release-5.7 (#...
• b82fd16 🤖 Pick PR #60576 (Avoid incorrectly reusing assertion...) into release-5.7 (#...
• Additional commits viewable in compare view

Updates typescript-eslint from 8.17.0 to 8.21.0

Release notes

Sourced from typescript-eslint's releases.

v8.21.0

8.21.0 (2025-01-20)

🚀 Features

• ast-spec: support import attributes in TSImportType (#10640)

🩹 Fixes

• eslint-plugin: [no-unnecessary-type-arguments] handle type args on jsx (#10630)
• eslint-plugin: check JSX spread elements for misused spread usage (#10653)
• eslint-plugin: [no-for-in-array] report on any type which may be an array or array-like (#10535)
• eslint-plugin: [no-base-to-string] don't crash for recursive array or tuple types (#10633)
• eslint-plugin: [no-duplicate-enum-values] handle template literal (#10675)
• eslint-plugin-internal: [debug-namespace] on windows (#10661)
• rule-tester: handle window root path (#10654)
• scope-manager: add a reference for JSX closing element if it exists (#10614)

❤️ Thank You

• Arya Emami @​aryaemami59
• Ronen Amiel
• YeonJuan @​yeonjuan

You can read about our versioning strategy and releases on our website.

v8.20.0

8.20.0 (2025-01-13)

🚀 Features

• standardize debug namespaces to file paths (#10599)
• eslint-plugin: [no-misused-spread] add new rule (#10551)
• eslint-plugin: [no-deprecated] add allow options (#10585)
• eslint-plugin: [consistent-type-assertions] add arrayLiteralTypeAssertions options (#10565)

🩹 Fixes

• eslint-plugin: [no-shadow] ignore ordering of type declarations (#10593)
• eslint-plugin: [no-unnecessary-condition] don't flag optional chaining for union types with an unconstrained type parameters (#10602)

❤️ Thank You

• Josh Goldberg ✨
• Ronen Amiel
• YeonJuan @​yeonjuan

You can read about our versioning strategy and releases on our website.

v8.19.1

... (truncated)

Changelog

Sourced from typescript-eslint's changelog.

8.21.0 (2025-01-20)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.20.0 (2025-01-13)

🚀 Features

• eslint-plugin: [no-misused-spread] add new rule (#10551)

❤️ Thank You

• Josh Goldberg ✨

You can read about our versioning strategy and releases on our website.

8.19.1 (2025-01-06)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@eslint/core	0.10.0	Unknown	Unknown
npm/@eslint/js	9.18.0	🟢 6.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 9 SAST tool detected but not run on all commits
npm/@eslint/plugin-kit	0.2.5	Unknown	Unknown
npm/@types/express	5.0.0	🟢 7	Details Check Score Reason Code-Review 🟢 9 Found 27/30 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/@types/express-serve-static-core	5.0.5	🟢 7	Details Check Score Reason Code-Review 🟢 9 Found 27/30 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/@types/qs	6.9.18	🟢 7	Details Check Score Reason Code-Review 🟢 9 Found 27/30 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/@typescript-eslint/eslint-plugin	8.21.0	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 20/24 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 23 existing vulnerabilities detected
npm/@typescript-eslint/parser	8.21.0	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 20/24 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 23 existing vulnerabilities detected
npm/@typescript-eslint/scope-manager	8.21.0	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 20/24 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 23 existing vulnerabilities detected
npm/@typescript-eslint/type-utils	8.21.0	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 20/24 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 23 existing vulnerabilities detected
npm/@typescript-eslint/types	8.21.0	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 20/24 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 23 existing vulnerabilities detected
npm/@typescript-eslint/typescript-estree	8.21.0	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 20/24 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 23 existing vulnerabilities detected
npm/@typescript-eslint/utils	8.21.0	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 20/24 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 23 existing vulnerabilities detected
npm/@typescript-eslint/visitor-keys	8.21.0	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 20/24 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 23 existing vulnerabilities detected
npm/cross-spawn	7.0.6	🟢 3.8	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 2 Found 8/29 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 13 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 44 existing vulnerabilities detected
npm/eslint	9.18.0	🟢 6.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 9 SAST tool detected but not run on all commits
npm/fast-glob	3.3.3	🟢 4.9	Details Check Score Reason Code-Review ⚠️ 0 Found 1/13 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST 🟢 9 SAST tool detected but not run on all commits
npm/fastq	1.18.0	🟢 4.6	Details Check Score Reason Maintained ⚠️ 2 2 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 2 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected Code-Review 🟢 4 Found 12/28 approved changesets -- score normalized to 4 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/globals	15.14.0	🟢 5.1	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Maintained 🟢 7 7 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 7 Code-Review 🟢 4 Found 11/24 approved changesets -- score normalized to 4 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/ts-api-utils	2.0.0	Unknown	Unknown
npm/typescript	5.7.3	🟢 8.7	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 project has 36 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/typescript-eslint	8.21.0	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 20/24 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 23 existing vulnerabilities detected
npm/@eslint/js	^9.18.0	🟢 6.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 9 SAST tool detected but not run on all commits
npm/@types/express	^5.0.0	🟢 7	Details Check Score Reason Code-Review 🟢 9 Found 27/30 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/eslint	9.18	🟢 6.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 7 Found 23/30 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 9 SAST tool detected but not run on all commits
npm/globals	^15.14.0	🟢 5.1	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Maintained 🟢 7 7 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 7 Code-Review 🟢 4 Found 11/24 approved changesets -- score normalized to 4 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/typescript	^5.7.3	🟢 8.7	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 project has 36 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/typescript-eslint	^8.21.0	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 20/24 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 23 existing vulnerabilities detected

Scanned Files

• backend/package-lock.json
• backend/package.json