Bump the production-dependencies group across 1 directory with 14 updates

[dependabot]

Bumps the production-dependencies group with 14 updates in the /frontend directory:

Package	From	To
@angular/animations	18.2.12	19.0.6
@angular/cdk	18.2.13	19.0.5
@angular/common	18.2.12	19.0.6
@angular/compiler	18.2.12	19.0.6
@angular/core	18.2.12	19.0.6
@angular/forms	18.2.12	19.0.6
@angular/material	18.2.13	19.0.5
@angular/platform-browser	18.2.12	19.0.6
@angular/platform-browser-dynamic	18.2.12	19.0.6
@angular/router	18.2.12	19.0.6
@octokit/types	13.6.1	13.7.0
cronstrue	2.51.0	2.52.0
highcharts	11.4.8	12.1.2
ng2-charts	7.0.0	8.0.0

Updates @angular/animations from 18.2.12 to 19.0.6

Release notes

Sourced from @​angular/animations's releases.

v19.0.6

19.0.6 (2025-01-08)

compiler-cli

Commit	Description
	account for more expression types when determining HMR dependencies (#59323)
	preserve defer block dependencies during HMR when class metadata is disabled (#59313)

core

Commit	Description
	Ensure that a destroyed effect never run. (#59415)

platform-browser

Commit	Description
	avoid circular DI error in async renderer (#59271)
	styles not replaced during HMR when using animations renderer (#59393)

router

Commit	Description
	avoid component ID collisions with user code (#59300)

v19.0.5

19.0.5 (2024-12-18)

core

Commit	Description
	avoid triggering on timer and on idle on the server (#59177)
	Fix nested timer serialization (#59173)

platform-server

Commit	Description
	Warn user when transfer state happens more than once (#58935)

v19.0.4

19.0.4 (2024-12-12)

compiler-cli

Commit	Description
	consider pre-release versions when detecting feature support (#59061)
	error in unused standalone imports diagnostic (#59064)

core

Commit	Description
	Fix a bug where snapshotted functions are being run twice if they return a nullish/falsey value. (#59073)

platform-browser

Commit	Description

... (truncated)

Changelog

Sourced from @​angular/animations's changelog.

19.0.6 (2025-01-08)

compiler-cli

Commit	Type	Description
06a55e9817	fix	account for more expression types when determining HMR dependencies (#59323)
17fb20f85d	fix	preserve defer block dependencies during HMR when class metadata is disabled (#59313)

core

Commit	Type	Description
07afce81b8	fix	Ensure that a destroyed effect never run. (#59415)

platform-browser

Commit	Type	Description
dbb8980d03	fix	avoid circular DI error in async renderer (#59271)
6d00efde95	fix	styles not replaced during HMR when using animations renderer (#59393)

router

Commit	Type	Description
144bccb687	fix	avoid component ID collisions with user code (#59300)

19.1.0-next.4 (2024-12-18)

core

Commit	Type	Description
57f3550219	feat	add utility for resolving defer block information to ng global (#59184)
22f191f763	feat	extend the set of profiler events (#59183)
1f4ff2fa36	fix	avoid triggering on timer and on idle on the server (#59177)
cf89f14766	fix	Fix nested timer serialization (#59173)

platform-server

Commit	Type	Description
300b141cc8	fix	Warn user when transfer state happens more than once (#58935)

19.0.5 (2024-12-18)

core

Commit	Type	Description
3793218e77	fix	avoid triggering on timer and on idle on the server (#59177)
cfc96ed82c	fix	Fix nested timer serialization (#59173)

platform-server

Commit	Type	Description
9085a8fbd8	fix	Warn user when transfer state happens more than once (#58935)

... (truncated)

Commits

• 6d00efd fix(platform-browser): styles not replaced during HMR when using animations r...
• c829a15 docs(animations): update position parameter to be a decimal (#57927)
• 5f3ba06 docs: set syntax highlighting of code examples MD code blocks (#59026)
• b8a2ae0 docs: fix missing alert block styles in the API reference (#59020)
• 09df589 refactor(core): Migrate all packages with the explicit-standalone-flag sche...
• 84b6896 refactor(platform-server): Add an ssr benchmark setup. (#57647)
• 9dbe6fc refactor: update license text to point to angular.dev (#57901)
• See full diff in compare view

Updates @angular/cdk from 18.2.13 to 19.0.5

Release notes

Sourced from @​angular/cdk's releases.

v19.0.5

19.0.5 "silk-sky" (2025-01-08)

cdk-experimental

Commit	Description
	column-resize: Use ResizeObserver to avoid layout thrashing (#30215)

material

Commit	Description
	datepicker: simplify DI setup (#30247)
	sidenav: remove deprecated API usage (#30268)
	sidenav: switch away from animations module (#30235)
	sort: show arrow on focus (#30217)
	timepicker: don't mark as touched when blurred while dropdown is open (#30228)
	tooltip: Tiny but measurable optimization to MatTooltip construction. Defer hooking up to directionality changes until overlay is created. (#30214)

cdk

Commit	Description
	menu: avoid re-opening the menu on enter (#30263)
	tree: expandAll not expanding all nodes (#30226)

v19.0.4

19.0.4 "linen-lampshade" (2024-12-18)

material

Commit	Description
	list: enable MacOS select all with command+a (#30183)
	menu: remove dependency on animations module (#30163)
	sort: avoid center align for sort header (#30198)
	table: improve filter predicate efficiency (#30172)
	table: set border none for header cells on last row (#30193)
	theming: fix not found error in the guide duplicate theming styles document (#30108)
	tooltip: body line height affecting gap (#30164)

cdk

Commit	Description
	drag-drop: resolve projected handles
	drag-drop: stop dragging on touchcancel (#30184)
	testing: add code to keyboard events (#30188)

v19.0.3

19.0.3 "polonium-popsicle" (2024-12-11)

material

Commit	Description
	expansion: switch away from animations module (#30119)
	menu: decouple menu lifecycle from animations (#30148)

... (truncated)

Changelog

Sourced from @​angular/cdk's changelog.

19.0.5 "silk-sky" (2025-01-08)

cdk

Commit	Type	Description
64d8df8bd	fix	menu: avoid re-opening the menu on enter (#30263)
5b04e1733	fix	tree: expandAll not expanding all nodes (#30226)

material

Commit	Type	Description
85c6e54a5	fix	datepicker: simplify DI setup (#30247)
1eb6cabcc	fix	sidenav: remove deprecated API usage (#30268)
4618b5b7c	fix	sidenav: switch away from animations module (#30235)
10e752a52	fix	sort: show arrow on focus (#30217)
e8a099179	fix	timepicker: don't mark as touched when blurred while dropdown is open (#30228)
f9f8df348	perf	tooltip: Tiny but measurable optimization to MatTooltip construction. Defer hooking up to directionality changes until overlay is created. (#30214)

cdk-experimental

Commit	Type	Description
4a040cb9f	perf	column-resize: Use ResizeObserver to avoid layout thrashing (#30215)

19.1.0-next.3 "cotton-curtains" (2024-12-18)

cdk

Commit	Type	Description
62a672af0d	feat	dialog: expose cdk dialog docs (#1144)
a0a16fc70e	feat	menu: expose cdk menu docs (#1142)
a141c22e99	fix	drag-drop: resolve projected handles
454d9f9c09	fix	drag-drop: stop dragging on touchcancel (#30184)
d34d2a2ca3	fix	testing: add code to keyboard events (#30188)

material

Commit	Type	Description
057ed370aa	fix	api-theme: fix nav items hover/focus contrast (#1004)
3163040850	fix	docs: change twitter logo (#1245)
4697d8e180	fix	list: enable MacOS select all with command+a (#30183)
4620df14f7	fix	menu: remove dependency on animations module (#30163)
c12b73ee66	fix	table: improve filter predicate efficiency (#30172)
04a7652dca	fix	table: set border none for header cells on last row (#30193)
a0b5546111	fix	theme: unselected theme picker
b924e869c5	fix	theming: fix not found error in the guide duplicate theming styles document (#30108)
c04f84fd3b	fix	tooltip: body line height affecting gap (#30164)

cdk-experimental

Commit	Type	Description
50d906b3e3	fix	column-resize: Previous size was being sent for persistance rather than newly updated size in non-live resize mode. (#30161)

... (truncated)

Commits

• b879ba7 release: cut the v19.0.5 release
• 2585350 docs: Update references to M2 theming guide color variants section and add li...
• 1eb6cab fix(material/sidenav): remove deprecated API usage (#30268)
• 629f91a build: update angular shared dev-infra code to 359350b (#30274)
• 4618b5b fix(material/sidenav): switch away from animations module (#30235)
• 623af57 refactor(material/paginator): switch to inject function (#30253)
• 0122bc5 docs(cdk/overlay): keep state in sync in example (#30237)
• 85c6e54 fix(material/datepicker): simplify DI setup (#30247)
• c5201f8 build: bump year (#30257)
• 64d8df8 fix(cdk/menu): avoid re-opening the menu on enter (#30263)
• Additional commits viewable in compare view

Updates @angular/common from 18.2.12 to 19.0.6

Release notes

Sourced from @​angular/common's releases.

v19.0.6

19.0.6 (2025-01-08)

compiler-cli

Commit	Description
	account for more expression types when determining HMR dependencies (#59323)
	preserve defer block dependencies during HMR when class metadata is disabled (#59313)

core

Commit	Description
	Ensure that a destroyed effect never run. (#59415)

platform-browser

Commit	Description
	avoid circular DI error in async renderer (#59271)
	styles not replaced during HMR when using animations renderer (#59393)

router

Commit	Description
	avoid component ID collisions with user code (#59300)

v19.0.5

19.0.5 (2024-12-18)

core

Commit	Description
	avoid triggering on timer and on idle on the server (#59177)
	Fix nested timer serialization (#59173)

platform-server

Commit	Description
	Warn user when transfer state happens more than once (#58935)

v19.0.4

19.0.4 (2024-12-12)

compiler-cli

Commit	Description
	consider pre-release versions when detecting feature support (#59061)
	error in unused standalone imports diagnostic (#59064)

core

Commit	Description
	Fix a bug where snapshotted functions are being run twice if they return a nullish/falsey value. (#59073)

platform-browser

Commit	Description

... (truncated)

Changelog

Sourced from @​angular/common's changelog.

19.0.6 (2025-01-08)

compiler-cli

Commit	Type	Description
06a55e9817	fix	account for more expression types when determining HMR dependencies (#59323)
17fb20f85d	fix	preserve defer block dependencies during HMR when class metadata is disabled (#59313)

core

Commit	Type	Description
07afce81b8	fix	Ensure that a destroyed effect never run. (#59415)

platform-browser

Commit	Type	Description
dbb8980d03	fix	avoid circular DI error in async renderer (#59271)
6d00efde95	fix	styles not replaced during HMR when using animations renderer (#59393)

router

Commit	Type	Description
144bccb687	fix	avoid component ID collisions with user code (#59300)

19.1.0-next.4 (2024-12-18)

core

Commit	Type	Description
57f3550219	feat	add utility for resolving defer block information to ng global (#59184)
22f191f763	feat	extend the set of profiler events (#59183)
1f4ff2fa36	fix	avoid triggering on timer and on idle on the server (#59177)
cf89f14766	fix	Fix nested timer serialization (#59173)

platform-server

Commit	Type	Description
300b141cc8	fix	Warn user when transfer state happens more than once (#58935)

19.0.5 (2024-12-18)

core

Commit	Type	Description
3793218e77	fix	avoid triggering on timer and on idle on the server (#59177)
cfc96ed82c	fix	Fix nested timer serialization (#59173)

platform-server

Commit	Type	Description
9085a8fbd8	fix	Warn user when transfer state happens more than once (#58935)

... (truncated)

Commits

• 6084a59 refactor(common): drop PRELOADED_IMAGES name in production (#59425)
• f3bc92b refactor: remove unnecessary TSLint rule flags (#59365)
• e3bb6a0 refactor(common): update the NgOptimizedImage message to use @if instead of...
• 326337e refactor: replace ɵPendingTasks with ɵPendingTasksInternal (#59138)
• ffae7df refactor(http): Don't log fetch warning in tests. (#59049)
• 0c40bb2 refactor(docs-infra): convert code-example-s that have only region param to @...
• 5f3ba06 docs: set syntax highlighting of code examples MD code blocks (#59026)
• 0df7b1e refactor(common): remove standalone: true (#58949)
• b8a2ae0 docs: fix missing alert block styles in the API reference (#59020)
• ea0bf74 refactor(core): use ApplicationRef.whenStable instead of a custom util func...
• Additional commits viewable in compare view

Updates @angular/compiler from 18.2.12 to 19.0.6

Release notes

Sourced from @​angular/compiler's releases.

v19.0.6

19.0.6 (2025-01-08)

compiler-cli

Commit	Description
	account for more expression types when determining HMR dependencies (#59323)
	preserve defer block dependencies during HMR when class metadata is disabled (#59313)

core

Commit	Description
	Ensure that a destroyed effect never run. (#59415)

platform-browser

Commit	Description
	avoid circular DI error in async renderer (#59271)
	styles not replaced during HMR when using animations renderer (#59393)

router

Commit	Description
	avoid component ID collisions with user code (#59300)

v19.0.5

19.0.5 (2024-12-18)

core

Commit	Description
	avoid triggering on timer and on idle on the server (#59177)
	Fix nested timer serialization (#59173)

platform-server

Commit	Description
	Warn user when transfer state happens more than once (#58935)

v19.0.4

19.0.4 (2024-12-12)

compiler-cli

Commit	Description
	consider pre-release versions when detecting feature support (#59061)
	error in unused standalone imports diagnostic (#59064)

core

Commit	Description
	Fix a bug where snapshotted functions are being run twice if they return a nullish/falsey value. (#59073)

platform-browser

Commit	Description

... (truncated)

Changelog

Sourced from @​angular/compiler's changelog.

19.0.6 (2025-01-08)

compiler-cli

Commit	Type	Description
06a55e9817	fix	account for more expression types when determining HMR dependencies (#59323)
17fb20f85d	fix	preserve defer block dependencies during HMR when class metadata is disabled (#59313)

core

Commit	Type	Description
07afce81b8	fix	Ensure that a destroyed effect never run. (#59415)

platform-browser

Commit	Type	Description
dbb8980d03	fix	avoid circular DI error in async renderer (#59271)
6d00efde95	fix	styles not replaced during HMR when using animations renderer (#59393)

router

Commit	Type	Description
144bccb687	fix	avoid component ID collisions with user code (#59300)

19.1.0-next.4 (2024-12-18)

core

Commit	Type	Description
57f3550219	feat	add utility for resolving defer block information to ng global (#59184)
22f191f763	feat	extend the set of profiler events (#59183)
1f4ff2fa36	fix	avoid triggering on timer and on idle on the server (#59177)
cf89f14766	fix	Fix nested timer serialization (#59173)

platform-server

Commit	Type	Description
300b141cc8	fix	Warn user when transfer state happens more than once (#58935)

19.0.5 (2024-12-18)

core

Commit	Type	Description
3793218e77	fix	avoid triggering on timer and on idle on the server (#59177)
cfc96ed82c	fix	Fix nested timer serialization (#59173)

platform-server

Commit	Type	Description
9085a8fbd8	fix	Warn user when transfer state happens more than once (#58935)

... (truncated)

Commits

• 5be5695 refactor(compiler): incorrect spelling in for loop parse error message (#59289)
• b58123b refactor(compiler): remove circular dep in the output ast (#59083)
• 5f3ba06 docs: set syntax highlighting of code examples MD code blocks (#59026)
• b182806 refactor(compiler): remove allowInvalidAssignmentEvents flag (#58988)
• 9f99196 fix(compiler-cli): account for multiple generated namespace imports in HMR (#...
• d23a5d5 refactor(core): Consolidates shouldTrigger* methods down to one (#58833)
• d6da631 refactor(compiler): Adds ingest and flags for defer details (#58833)
• 4852e57 docs: capitalize webpack with a lowercase W (#56812)
• fb1fa8b fix(compiler-cli): more accurate diagnostics for host binding parser errors (...
• 806a61b fix(compiler): fix multiline selectors (#58681)
• Additional commits viewable in compare view

Updates @angular/core from 18.2.12 to 19.0.6

Release notes

Sourced from @​angular/core's releases.

v19.0.6

19.0.6 (2025-01-08)

compiler-cli

Commit	Description
	account for more expression types when determining HMR dependencies (#59323)
	preserve defer block dependencies during HMR when class metadata is disabled (

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

frontend/package.json

Package	Version	License	Issue Type
highcharts	^12.1.2	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@angular/animations	19.0.6	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 36 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 68 existing vulnerabilities detected
npm/@angular/cdk	19.0.5	🟢 7.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 29 out of 29 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: in_progress Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 24 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) out of 30 and 13 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 8 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 53 existing vulnerabilities detected
npm/@angular/common	19.0.6	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 36 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 68 existing vulnerabilities detected
npm/@angular/compiler	19.0.6	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 36 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 68 existing vulnerabilities detected
npm/@angular/core	19.0.6	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 36 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 68 existing vulnerabilities detected
npm/@angular/forms	19.0.6	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 36 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 68 existing vulnerabilities detected
npm/@angular/material	19.0.5	🟢 7.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 29 out of 29 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: in_progress Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 24 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) out of 30 and 13 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 8 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 53 existing vulnerabilities detected
npm/@angular/platform-browser	19.0.6	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 36 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 68 existing vulnerabilities detected
npm/@angular/platform-browser-dynamic	19.0.6	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 36 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 68 existing vulnerabilities detected
npm/@angular/router	19.0.6	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 36 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 68 existing vulnerabilities detected
npm/@octokit/openapi-types	23.0.1	🟢 7	Details Check Score Reason Code-Review 🟢 8 Found 6/7 approved changesets -- score normalized to 8 Maintained 🟢 7 8 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 7 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 9 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 SAST 🟢 9 SAST tool detected but not run on all commits
npm/@octokit/types	13.7.0	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Security-Policy 🟢 9 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 7 7 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 7 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 8 2 existing vulnerabilities detected
npm/cronstrue	2.52.0	🟢 3.8	Details Check Score Reason Maintained 🟢 6 5 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 6 Code-Review 🟢 3 Found 9/28 approved changesets -- score normalized to 3 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/highcharts	12.1.2	🟢 3.5	Details Check Score Reason Dangerous-Workflow ⚠️ -1 no workflows found Maintained 🟢 7 9 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 1/28 approved changesets -- score normalized to 0 Token-Permissions ⚠️ -1 No tokens found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License ⚠️ 0 license file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies ⚠️ -1 no dependencies found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/ng2-charts	8.0.0	🟢 4.4	Details Check Score Reason Code-Review ⚠️ 0 Found 1/16 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 14 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
npm/zone.js	0.15.0	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 36 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 68 existing vulnerabilities detected
npm/@angular/animations	^19.0.6	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 36 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 68 existing vulnerabilities detected
npm/@angular/cdk	^19.0.5	🟢 7.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 29 out of 29 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: in_progress Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 24 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) out of 30 and 13 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 8 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 53 existing vulnerabilities detected
npm/@angular/common	^19.0.6	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 36 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 68 existing vulnerabilities detected
npm/@angular/compiler	^19.0.6	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 36 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 68 existing vulnerabilities detected
npm/@angular/core	^19.0.6	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 36 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 68 existing vulnerabilities detected
npm/@angular/forms	^19.0.6	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 36 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 68 existing vulnerabilities detected
npm/@angular/material	^19.0.5	🟢 7.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 29 out of 29 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: in_progress Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 24 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) out of 30 and 13 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 8 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 53 existing vulnerabilities detected
npm/@angular/platform-browser	^19.0.6	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 36 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 68 existing vulnerabilities detected
npm/@angular/platform-browser-dynamic	^19.0.6	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 36 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 68 existing vulnerabilities detected
npm/@angular/router	^19.0.6	🟢 6.4	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 6 branch protection is not maximal on development and all release branches CI-Tests ⚠️ -1 no pull request found CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Contributors 🟢 10 project has 36 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 no SAST tool detected Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities ⚠️ 0 68 existing vulnerabilities detected
npm/@octokit/types	^13.7.0	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Security-Policy 🟢 9 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 7 7 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 7 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 8 2 existing vulnerabilities detected
npm/cronstrue	^2.52.0	🟢 3.8	Details Check Score Reason Maintained 🟢 6 5 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 6 Code-Review 🟢 3 Found 9/28 approved changesets -- score normalized to 3 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 5 5 existing vulnerabilities detected
npm/highcharts	^12.1.2	🟢 3.5	Details Check Score Reason Dangerous-Workflow ⚠️ -1 no workflows found Maintained 🟢 7 9 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7 Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 1/28 approved changesets -- score normalized to 0 Token-Permissions ⚠️ -1 No tokens found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License ⚠️ 0 license file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies ⚠️ -1 no dependencies found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/ng2-charts	^8.0.0	🟢 4.4	Details Check Score Reason Code-Review ⚠️ 0 Found 1/16 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 14 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected

Scanned Files

• frontend/package-lock.json
• frontend/package.json

[dependabot]

Superseded by #112.