Bump the development-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the development-dependencies group with 6 updates in the /backend directory:

Package	From	To
@eslint/js	9.16.0	9.19.0
@types/express	4.17.21	5.0.0
eslint	9.16.0	9.19.0
globals	15.13.0	15.14.0
typescript	5.7.2	5.7.3
typescript-eslint	8.17.0	8.23.0

Updates @eslint/js from 9.16.0 to 9.19.0

Release notes

Sourced from @​eslint/js's releases.

v9.19.0

Features

• 1637b8e feat: add --report-unused-inline-configs (#19201) (Josh Goldberg ✨)

Bug Fixes

• aae6717 fix: sync rule type header comments automatically (#19276) (Francesco Trotta)

Documentation

• cfea9ab docs: Clarify overrideConfig option (#19370) (Nicholas C. Zakas)
• 2b84f66 docs: Update README (#19362) (Nicholas C. Zakas)
• 044f93c docs: clarify frozen rule description (#19351) (Pavel)
• 797ee7c docs: fix Bluesky links (#19368) (Milos Djermanovic)
• 81a9c0e docs: Update README (GitHub Actions Bot)
• 093fb3d docs: replace var with let and const in rule examples (#19365) (Tanuj Kanti)
• 417de32 docs: replace var with const in rule examples (#19352) (jj)
• 17f2aae docs: update getting-started config to match default generated config (#19308) (0xDev)
• 8a0a5a8 docs: better global ignores instruction (#19297) (Jacopo Marrone)
• 6671a2c docs: Update README (GitHub Actions Bot)
• e39d3f2 docs: fix divider for rule category (#19264) (Tanuj Kanti)
• e0cf53f docs: fix search result box position for small screens (#19328) (Tanuj Kanti)
• f92a680 docs: replace var with let or const in rule examples (#19331) (Ravi Teja Kolla)
• b04b84b docs: revert accidental changes in TS config files docs (#19336) (Francesco Trotta)

Chores

• 9b9cb05 chore: upgrade @​eslint/js@​9.19.0 (#19371) (Milos Djermanovic)
• 58560e7 chore: package.json update for @​eslint/js release (Jenkins)
• 2089707 test: fix failing test in Node.js v22.13.0 (#19345) (Francesco Trotta)

v9.18.0

Features

• e84e6e2 feat: Report allowed methods for no-console rule (#19306) (Anna Bocharova)
• 8efc2d0 feat: unflag TypeScript config files (#19266) (Francesco Trotta)
• 87a9352 feat: check imports and class names in no-shadow-restricted-names (#19272) (Milos Djermanovic)

Bug Fixes

• da768d4 fix: correct overrideConfigFile type (#19289) (Francesco Trotta)

Documentation

• d9c23c5 docs: replace var with const in rule examples (#19325) (Tanuj Kanti)
• 8e1a898 docs: add tabs to cli code blocks (#18784) (Jay)
• f3aeefb docs: rewrite using let and const in rule examples (#19320) (PoloSpark)
• 0b680b3 docs: Update README (GitHub Actions Bot)
• 98c86a9 docs: Edit this page button link to different branches (#19228) (Tanuj Kanti)
• 6947901 docs: remove hardcoded edit link (#19323) (Milos Djermanovic)
• 03f2f44 docs: rewrite var with const in rules examples (#19317) (Thiago)
• 26c3003 docs: Clarify dangers of eslint:all (#19318) (Nicholas C. Zakas)
• c038257 docs: add eqeqeq in related rules to no-eq-null (#19310) (루밀LuMir)
• 89c8fc5 docs: rewrite examples with var using let and const (#19315) (Amaresh S M)
• db574c4 docs: add missing backticks to no-void (#19313) (루밀LuMir)
• 8d943c3 docs: add missing backticks to default-case-last (#19311) (루밀LuMir)

... (truncated)

Changelog

Sourced from @​eslint/js's changelog.

v9.19.0 - January 24, 2025

• 9b9cb05 chore: upgrade @​eslint/js@​9.19.0 (#19371) (Milos Djermanovic)
• 58560e7 chore: package.json update for @​eslint/js release (Jenkins)
• cfea9ab docs: Clarify overrideConfig option (#19370) (Nicholas C. Zakas)
• 2b84f66 docs: Update README (#19362) (Nicholas C. Zakas)
• 044f93c docs: clarify frozen rule description (#19351) (Pavel)
• 797ee7c docs: fix Bluesky links (#19368) (Milos Djermanovic)
• 81a9c0e docs: Update README (GitHub Actions Bot)
• 093fb3d docs: replace var with let and const in rule examples (#19365) (Tanuj Kanti)
• 417de32 docs: replace var with const in rule examples (#19352) (jj)
• 17f2aae docs: update getting-started config to match default generated config (#19308) (0xDev)
• aae6717 fix: sync rule type header comments automatically (#19276) (Francesco Trotta)
• 8a0a5a8 docs: better global ignores instruction (#19297) (Jacopo Marrone)
• 2089707 test: fix failing test in Node.js v22.13.0 (#19345) (Francesco Trotta)
• 6671a2c docs: Update README (GitHub Actions Bot)
• 1637b8e feat: add --report-unused-inline-configs (#19201) (Josh Goldberg ✨)
• e39d3f2 docs: fix divider for rule category (#19264) (Tanuj Kanti)
• e0cf53f docs: fix search result box position for small screens (#19328) (Tanuj Kanti)
• f92a680 docs: replace var with let or const in rule examples (#19331) (Ravi Teja Kolla)
• b04b84b docs: revert accidental changes in TS config files docs (#19336) (Francesco Trotta)

v9.18.0 - January 10, 2025

• c52be85 chore: upgrade to @eslint/js@9.18.0 (#19330) (Francesco Trotta)
• 362099c chore: package.json update for @​eslint/js release (Jenkins)
• 9486141 deps: upgrade @eslint/core and @eslint/plugin-kit (#19329) (Francesco Trotta)
• d9c23c5 docs: replace var with const in rule examples (#19325) (Tanuj Kanti)
• 8e1a898 docs: add tabs to cli code blocks (#18784) (Jay)
• f3aeefb docs: rewrite using let and const in rule examples (#19320) (PoloSpark)
• 0b680b3 docs: Update README (GitHub Actions Bot)
• 98c86a9 docs: Edit this page button link to different branches (#19228) (Tanuj Kanti)
• 6947901 docs: remove hardcoded edit link (#19323) (Milos Djermanovic)
• 03f2f44 docs: rewrite var with const in rules examples (#19317) (Thiago)
• 26c3003 docs: Clarify dangers of eslint:all (#19318) (Nicholas C. Zakas)
• c038257 docs: add eqeqeq in related rules to no-eq-null (#19310) (루밀LuMir)
• 89c8fc5 docs: rewrite examples with var using let and const (#19315) (Amaresh S M)
• 495aa49 chore: extract package name from package.json for public interface (#19314) (루밀LuMir)
• db574c4 docs: add missing backticks to no-void (#19313) (루밀LuMir)
• 8d943c3 docs: add missing backticks to default-case-last (#19311) (루밀LuMir)
• 36ef8bb docs: rewrite examples with var using let and const (#19298) (Amaresh S M)
• 1610c9e docs: add missing backticks to no-else-return (#19309) (루밀LuMir)
• df409d8 docs: Update README (GitHub Actions Bot)
• e84e6e2 feat: Report allowed methods for no-console rule (#19306) (Anna Bocharova)
• 2e84213 docs: Fix Horizontal Scroll Overflow in Rule Description on Mobile View (#19304) (Amaresh S M)
• 6e7361b docs: replace var with let and const in rule example (#19302) (Tanuj Kanti)
• 069af5e docs: rewrite var using const in rule examples (#19303) (Kim GyeonWon)
• 064e35d docs: remove 'I hope to' comments from scope-manager-interface (#19300) (Josh Goldberg ✨)
• 8e00305 docs: replace var with const in rule examples (#19299) (Tanuj Kanti)
• a559009 docs: Add warning about extending core rules (#19295) (Nicholas C. Zakas)

... (truncated)

Commits

• 58560e7 chore: package.json update for @​eslint/js release
• 362099c chore: package.json update for @​eslint/js release
• 495aa49 chore: extract package name from package.json for public interface (#19314)
• 84c5787 chore: package.json update for @​eslint/js release
• See full diff in compare view

Updates @types/express from 4.17.21 to 5.0.0

Commits

• See full diff in compare view

Updates eslint from 9.16.0 to 9.19.0

Release notes

Sourced from eslint's releases.

v9.19.0

Features

• 1637b8e feat: add --report-unused-inline-configs (#19201) (Josh Goldberg ✨)

Bug Fixes

• aae6717 fix: sync rule type header comments automatically (#19276) (Francesco Trotta)

Documentation

• cfea9ab docs: Clarify overrideConfig option (#19370) (Nicholas C. Zakas)
• 2b84f66 docs: Update README (#19362) (Nicholas C. Zakas)
• 044f93c docs: clarify frozen rule description (#19351) (Pavel)
• 797ee7c docs: fix Bluesky links (#19368) (Milos Djermanovic)
• 81a9c0e docs: Update README (GitHub Actions Bot)
• 093fb3d docs: replace var with let and const in rule examples (#19365) (Tanuj Kanti)
• 417de32 docs: replace var with const in rule examples (#19352) (jj)
• 17f2aae docs: update getting-started config to match default generated config (#19308) (0xDev)
• 8a0a5a8 docs: better global ignores instruction (#19297) (Jacopo Marrone)
• 6671a2c docs: Update README (GitHub Actions Bot)
• e39d3f2 docs: fix divider for rule category (#19264) (Tanuj Kanti)
• e0cf53f docs: fix search result box position for small screens (#19328) (Tanuj Kanti)
• f92a680 docs: replace var with let or const in rule examples (#19331) (Ravi Teja Kolla)
• b04b84b docs: revert accidental changes in TS config files docs (#19336) (Francesco Trotta)

Chores

• 9b9cb05 chore: upgrade @​eslint/js@​9.19.0 (#19371) (Milos Djermanovic)
• 58560e7 chore: package.json update for @​eslint/js release (Jenkins)
• 2089707 test: fix failing test in Node.js v22.13.0 (#19345) (Francesco Trotta)

v9.18.0

Features

• e84e6e2 feat: Report allowed methods for no-console rule (#19306) (Anna Bocharova)
• 8efc2d0 feat: unflag TypeScript config files (#19266) (Francesco Trotta)
• 87a9352 feat: check imports and class names in no-shadow-restricted-names (#19272) (Milos Djermanovic)

Bug Fixes

• da768d4 fix: correct overrideConfigFile type (#19289) (Francesco Trotta)

Documentation

• d9c23c5 docs: replace var with const in rule examples (#19325) (Tanuj Kanti)
• 8e1a898 docs: add tabs to cli code blocks (#18784) (Jay)
• f3aeefb docs: rewrite using let and const in rule examples (#19320) (PoloSpark)
• 0b680b3 docs: Update README (GitHub Actions Bot)
• 98c86a9 docs: Edit this page button link to different branches (#19228) (Tanuj Kanti)
• 6947901 docs: remove hardcoded edit link (#19323) (Milos Djermanovic)
• 03f2f44 docs: rewrite var with const in rules examples (#19317) (Thiago)
• 26c3003 docs: Clarify dangers of eslint:all (#19318) (Nicholas C. Zakas)
• c038257 docs: add eqeqeq in related rules to no-eq-null (#19310) (루밀LuMir)
• 89c8fc5 docs: rewrite examples with var using let and const (#19315) (Amaresh S M)
• db574c4 docs: add missing backticks to no-void (#19313) (루밀LuMir)
• 8d943c3 docs: add missing backticks to default-case-last (#19311) (루밀LuMir)

... (truncated)

Changelog

Sourced from eslint's changelog.

v9.19.0 - January 24, 2025

• 9b9cb05 chore: upgrade @​eslint/js@​9.19.0 (#19371) (Milos Djermanovic)
• 58560e7 chore: package.json update for @​eslint/js release (Jenkins)
• cfea9ab docs: Clarify overrideConfig option (#19370) (Nicholas C. Zakas)
• 2b84f66 docs: Update README (#19362) (Nicholas C. Zakas)
• 044f93c docs: clarify frozen rule description (#19351) (Pavel)
• 797ee7c docs: fix Bluesky links (#19368) (Milos Djermanovic)
• 81a9c0e docs: Update README (GitHub Actions Bot)
• 093fb3d docs: replace var with let and const in rule examples (#19365) (Tanuj Kanti)
• 417de32 docs: replace var with const in rule examples (#19352) (jj)
• 17f2aae docs: update getting-started config to match default generated config (#19308) (0xDev)
• aae6717 fix: sync rule type header comments automatically (#19276) (Francesco Trotta)
• 8a0a5a8 docs: better global ignores instruction (#19297) (Jacopo Marrone)
• 2089707 test: fix failing test in Node.js v22.13.0 (#19345) (Francesco Trotta)
• 6671a2c docs: Update README (GitHub Actions Bot)
• 1637b8e feat: add --report-unused-inline-configs (#19201) (Josh Goldberg ✨)
• e39d3f2 docs: fix divider for rule category (#19264) (Tanuj Kanti)
• e0cf53f docs: fix search result box position for small screens (#19328) (Tanuj Kanti)
• f92a680 docs: replace var with let or const in rule examples (#19331) (Ravi Teja Kolla)
• b04b84b docs: revert accidental changes in TS config files docs (#19336) (Francesco Trotta)

v9.18.0 - January 10, 2025

• c52be85 chore: upgrade to @eslint/js@9.18.0 (#19330) (Francesco Trotta)
• 362099c chore: package.json update for @​eslint/js release (Jenkins)
• 9486141 deps: upgrade @eslint/core and @eslint/plugin-kit (#19329) (Francesco Trotta)
• d9c23c5 docs: replace var with const in rule examples (#19325) (Tanuj Kanti)
• 8e1a898 docs: add tabs to cli code blocks (#18784) (Jay)
• f3aeefb docs: rewrite using let and const in rule examples (#19320) (PoloSpark)
• 0b680b3 docs: Update README (GitHub Actions Bot)
• 98c86a9 docs: Edit this page button link to different branches (#19228) (Tanuj Kanti)
• 6947901 docs: remove hardcoded edit link (#19323) (Milos Djermanovic)
• 03f2f44 docs: rewrite var with const in rules examples (#19317) (Thiago)
• 26c3003 docs: Clarify dangers of eslint:all (#19318) (Nicholas C. Zakas)
• c038257 docs: add eqeqeq in related rules to no-eq-null (#19310) (루밀LuMir)
• 89c8fc5 docs: rewrite examples with var using let and const (#19315) (Amaresh S M)
• 495aa49 chore: extract package name from package.json for public interface (#19314) (루밀LuMir)
• db574c4 docs: add missing backticks to no-void (#19313) (루밀LuMir)
• 8d943c3 docs: add missing backticks to default-case-last (#19311) (루밀LuMir)
• 36ef8bb docs: rewrite examples with var using let and const (#19298) (Amaresh S M)
• 1610c9e docs: add missing backticks to no-else-return (#19309) (루밀LuMir)
• df409d8 docs: Update README (GitHub Actions Bot)
• e84e6e2 feat: Report allowed methods for no-console rule (#19306) (Anna Bocharova)
• 2e84213 docs: Fix Horizontal Scroll Overflow in Rule Description on Mobile View (#19304) (Amaresh S M)
• 6e7361b docs: replace var with let and const in rule example (#19302) (Tanuj Kanti)
• 069af5e docs: rewrite var using const in rule examples (#19303) (Kim GyeonWon)
• 064e35d docs: remove 'I hope to' comments from scope-manager-interface (#19300) (Josh Goldberg ✨)
• 8e00305 docs: replace var with const in rule examples (#19299) (Tanuj Kanti)
• a559009 docs: Add warning about extending core rules (#19295) (Nicholas C. Zakas)

... (truncated)

Commits

• 208e0b1 9.19.0
• 196dfda Build: changelog update for 9.19.0
• 9b9cb05 chore: upgrade @​eslint/js@​9.19.0 (#19371)
• 58560e7 chore: package.json update for @​eslint/js release
• cfea9ab docs: Clarify overrideConfig option (#19370)
• 2b84f66 docs: Update README (#19362)
• 044f93c docs: clarify frozen rule description (#19351)
• 797ee7c docs: fix Bluesky links (#19368)
• 81a9c0e docs: Update README
• 093fb3d docs: replace var with let and const in rule examples (#19365)
• Additional commits viewable in compare view

Updates globals from 15.13.0 to 15.14.0

Release notes

Sourced from globals's releases.

v15.14.0

• Add vitest globals (#274) 06a5723

sindresorhus/globals@v15.13.0...v15.14.0

Commits

• 48c7b51 15.14.0
• 06a5723 Add vitest globals (#274)
• See full diff in compare view

Updates typescript from 5.7.2 to 5.7.3

Release notes

Sourced from typescript's releases.

TypeScript 5.7.3

For release notes, check out the release announcement.

• fixed issues query for Typescript 5.7.0 (Beta).
• fixed issues query for Typescript 5.7.1 (RC).
• fixed issues query for Typescript 5.7.2 (Stable).
• fixed issues query for Typescript 5.7.3 (Stable).

Downloads are available on npm

Commits

• a5e123d Update LKG
• 8bc0204 🤖 Pick PR #60828 (Fix CodeQL configuration, releases) into release-5.7 (#60923)
• 7aa63df 🤖 Pick PR #60393 (Don't try to add an implicit undefi...) into release-5.7 (#...
• 9df7c36 Bump version to 5.7.3 and LKG
• e167412 🤖 Pick PR #60794 (Harden sanitizeLog against incorr...) into release-5.7 (#...
• 9ba364c Fix coverage build on release-5.7 (#60792)
• 4b7441a 🤖 Pick PR #60680 (Mark the inherited any-based index ...) into release-5.7 (#...
• e844dc3 Cherry-pick #60402, #60440, #60616 into release-5.7 (#60777)
• 21b02a1 🤖 Pick PR #60749 (Do not require import attribute on ...) into release-5.7 (#...
• b82fd16 🤖 Pick PR #60576 (Avoid incorrectly reusing assertion...) into release-5.7 (#...
• Additional commits viewable in compare view

Updates typescript-eslint from 8.17.0 to 8.23.0

Release notes

Sourced from typescript-eslint's releases.

v8.23.0

8.23.0 (2025-02-03)

🚀 Features

• eslint-plugin: [no-unnecessary-boolean-literal-compare] enforce strictNullChecks (#10712)
• types: add strict parent types for function-declaration, default-export and named-export nodes (#10685)

🩹 Fixes

• bump ts-api-utils to ^2.0.1 (#10761)
• deps: update eslint monorepo to v9.19.0 (#10752)
• eslint-plugin: [no-unnecessary-type-assertion] should report readonly class properties with a literal initializer (#10618)
• eslint-plugin: [switch-exhaustiveness-check] suggest with qualified name (#10697)
• eslint-plugin: [no-unnecessary-template-expression] allow interpolating type parameter in type context (#10739)
• eslint-plugin: [prefer-nullish-coalescing] fix missing return (#10732)
• eslint-plugin: [dot-notation] handle noPropertyAccessFromIndexSignature true (#10644)
• eslint-plugin: [no-restricted-imports] support regex option (#10699)
• eslint-plugin: [no-shadow] ignore declare variables in definition files shadowing global variables (#10710)

❤️ Thank You

• Josh Goldberg ✨
• Olivier Zalmanski @​OlivierZal
• Ronen Amiel
• Ryan Poon @​sopa301
• YeonJuan @​yeonjuan
• Yukihiro Hasegawa @​y-hsgw

You can read about our versioning strategy and releases on our website.

v8.22.0

8.22.0 (2025-01-27)

🚀 Features

• parser: add standalone isolatedDeclarations option (#10499)

🩹 Fixes

• eslint-plugin: [prefer-nullish-coalescing] doesn't report on ternary but on equivalent || (#10517)
• eslint-plugin: [no-duplicate-type-constituents] handle nested types (#10638)
• eslint-plugin: [no-shadow] don't report unnecessarily on valid ways of using module augmentation (#10616)
• eslint-plugin: [no-extraneous-class] handle accessor keyword (#10678)
• eslint-plugin: [prefer-readonly] autofixer doesn't add type to property that is mutated in the constructor (#10552)
• eslint-plugin: [no-unnecessary-template-expression] handle template literal type (#10612)
• type-utils: support matching intersection types in TypeOrValueSpecifier with a PackageSpecifier (#10667)

❤️ Thank You

... (truncated)

Changelog

Sourced from typescript-eslint's changelog.

8.23.0 (2025-02-03)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.22.0 (2025-01-27)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.21.0 (2025-01-20)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.20.0 (2025-01-13)

🚀 Features

• eslint-plugin: [no-misused-spread] add new rule (#10551)

❤️ Thank You

• Josh Goldberg ✨

You can read about our versioning strategy and releases on our website.

8.19.1 (2025-01-06)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.19.0 (2024-12-30)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.18.2 (2024-12-23)

🩹 Fixes

• typescript-eslint: export types so that declarations can be named for dts files (#10513)

❤️ Thank You

... (truncated)

Commits

• 2a96020 chore(release): publish 8.23.0
• 94e8098 chore(release): publish 8.22.0
• 79af426 chore(release): publish 8.21.0
• a157fd4 chore: standardized on inline named exports (mostly) (#10596)
• ea6fbea chore(release): publish 8.20.0
• a175189 docs(typescript-eslint): make jsdoc for config helper function consistent (#1...
• 04166e0 feat(eslint-plugin): [no-misused-spread] add new rule (#10551)
• 328b7df chore(release): publish 8.19.1
• 4f50f64 docs: [return-await] make the rule no longer an extension of ESLint no-return...
• e19f30f chore(release): publish 8.19.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously r...

Description has been truncated

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@eslint/core	0.10.0	Unknown	Unknown
npm/@eslint/js	9.19.0	🟢 6.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 6 Found 19/30 approved changesets -- score normalized to 6 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/@eslint/plugin-kit	0.2.5	Unknown	Unknown
npm/@types/express	5.0.0	🟢 6.9	Details Check Score Reason Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/@types/express-serve-static-core	5.0.6	🟢 6.9	Details Check Score Reason Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/@types/qs	6.9.18	🟢 6.9	Details Check Score Reason Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/@typescript-eslint/eslint-plugin	8.23.0	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 20/25 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
npm/@typescript-eslint/parser	8.23.0	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 20/25 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
npm/@typescript-eslint/scope-manager	8.23.0	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 20/25 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
npm/@typescript-eslint/type-utils	8.23.0	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 20/25 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
npm/@typescript-eslint/types	8.23.0	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 20/25 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
npm/@typescript-eslint/typescript-estree	8.23.0	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 20/25 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
npm/@typescript-eslint/utils	8.23.0	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 20/25 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
npm/@typescript-eslint/visitor-keys	8.23.0	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 20/25 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
npm/cross-spawn	7.0.6	🟢 3.8	Details Check Score Reason Maintained 🟢 10 12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 2 Found 8/29 approved changesets -- score normalized to 2 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 44 existing vulnerabilities detected
npm/eslint	9.19.0	🟢 6.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 6 Found 19/30 approved changesets -- score normalized to 6 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/fast-glob	3.3.3	🟢 4.9	Details Check Score Reason Code-Review ⚠️ 0 Found 1/13 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST 🟢 9 SAST tool detected but not run on all commits
npm/fastq	1.19.0	🟢 4.9	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 5 4 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5 Code-Review 🟢 4 Found 13/28 approved changesets -- score normalized to 4 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/globals	15.14.0	🟢 4.9	Details Check Score Reason Maintained 🟢 5 6 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 Code-Review 🟢 4 Found 11/24 approved changesets -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/semver	7.7.0	🟢 7	Details Check Score Reason Maintained 🟢 8 7 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 8 Security-Policy 🟢 10 security policy file detected Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found SAST 🟢 9 SAST tool detected but not run on all commits
npm/ts-api-utils	2.0.1	Unknown	Unknown
npm/typescript	5.7.3	🟢 8.7	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 project has 36 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/typescript-eslint	8.23.0	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 20/25 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected
npm/@eslint/js	^9.19.0	🟢 6.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 6 Found 19/30 approved changesets -- score normalized to 6 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/@types/express	^5.0.0	🟢 6.9	Details Check Score Reason Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/eslint	9.19	🟢 6.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 6 Found 19/30 approved changesets -- score normalized to 6 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/globals	^15.14.0	🟢 4.9	Details Check Score Reason Maintained 🟢 5 6 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 Code-Review 🟢 4 Found 11/24 approved changesets -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/typescript	^5.7.3	🟢 8.7	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 project has 36 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/typescript-eslint	^8.23.0	🟢 5.3	Details Check Score Reason Code-Review 🟢 8 Found 20/25 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 24 existing vulnerabilities detected

Scanned Files

• backend/package-lock.json
• backend/package.json

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.