chore(deps-dev): Bump the linting group across 1 directory with 7 updates

[dependabot]

Bumps the linting group with 7 updates in the / directory:

Package	From	To
@typescript-eslint/eslint-plugin	8.48.1	8.50.1
@typescript-eslint/parser	8.48.1	8.50.1
eslint-plugin-better-tailwindcss	3.7.11	3.8.0
eslint-plugin-boundaries	5.3.0	5.3.1
eslint-plugin-jsdoc	61.4.1	61.5.0
eslint-plugin-perfectionist	4.15.1	5.0.0
lefthook	2.0.8	2.0.12

Updates @typescript-eslint/eslint-plugin from 8.48.1 to 8.50.1

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.50.1

8.50.1 (2025-12-22)

🩹 Fixes

• eslint-plugin: [method-signature-style] ignore methods that return this (#11813)
• eslint-plugin: [no-unnecessary-type-assertion] correct handling of undefined vs. void (#11826)

❤️ Thank You

• Josh Goldberg ✨
• Tamashoo @​Tamashoo

You can read about our versioning strategy and releases on our website.

v8.50.0

8.50.0 (2025-12-15)

🚀 Features

• eslint-plugin: [no-useless-default-assignment] add rule (#11720)

❤️ Thank You

• Josh Goldberg ✨
• Ulrich Stark

You can read about our versioning strategy and releases on our website.

v8.49.0

8.49.0 (2025-12-08)

🚀 Features

• eslint-plugin: use Intl.Segmenter instead of graphemer (#11804)

🩹 Fixes

• deps: update dependency prettier to v3.7.2 (#11820)

❤️ Thank You

• Justin McBride
• Kirk Waiblinger @​kirkwaiblinger

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.50.1 (2025-12-22)

🩹 Fixes

• eslint-plugin: [no-unnecessary-type-assertion] correct handling of undefined vs. void (#11826)
• eslint-plugin: [method-signature-style] ignore methods that return this (#11813)

❤️ Thank You

• Josh Goldberg ✨
• Tamashoo @​Tamashoo

You can read about our versioning strategy and releases on our website.

8.50.0 (2025-12-15)

🚀 Features

• eslint-plugin: [no-useless-default-assignment] add rule (#11720)

❤️ Thank You

• Josh Goldberg ✨
• Ulrich Stark

You can read about our versioning strategy and releases on our website.

8.49.0 (2025-12-08)

🚀 Features

• eslint-plugin: use Intl.Segmenter instead of graphemer (#11804)

🩹 Fixes

• deps: update dependency prettier to v3.7.2 (#11820)

❤️ Thank You

• Justin McBride
• Kirk Waiblinger @​kirkwaiblinger

You can read about our versioning strategy and releases on our website.

Commits

• d520b88 chore(release): publish 8.50.1
• 46171f0 fix(eslint-plugin): [no-unnecessary-type-assertion] correct handling of undef...
• 6882a09 fix(eslint-plugin): [method-signature-style] ignore methods that return `this...
• c62e858 chore(release): publish 8.50.0
• 1301f79 feat(eslint-plugin): [no-useless-default-assignment] add rule (#11720)
• 864595a chore(release): publish 8.49.0
• 32b7e89 chore(deps): update dependency @​vitest/eslint-plugin to v1.5.1 (#11816)
• 56149a2 feat(eslint-plugin): use Intl.Segmenter instead of graphemer (#11804)
• 34a49a4 fix(deps): update dependency prettier to v3.7.2 (#11820)
• d2d7ace docs: fixes bad link to jest docs in unbound-method rule page (#11823)
• See full diff in compare view

Updates @typescript-eslint/parser from 8.48.1 to 8.50.1

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.50.1

8.50.1 (2025-12-22)

🩹 Fixes

• eslint-plugin: [method-signature-style] ignore methods that return this (#11813)
• eslint-plugin: [no-unnecessary-type-assertion] correct handling of undefined vs. void (#11826)

❤️ Thank You

• Josh Goldberg ✨
• Tamashoo @​Tamashoo

You can read about our versioning strategy and releases on our website.

v8.50.0

8.50.0 (2025-12-15)

🚀 Features

• eslint-plugin: [no-useless-default-assignment] add rule (#11720)

❤️ Thank You

• Josh Goldberg ✨
• Ulrich Stark

You can read about our versioning strategy and releases on our website.

v8.49.0

8.49.0 (2025-12-08)

🚀 Features

• eslint-plugin: use Intl.Segmenter instead of graphemer (#11804)

🩹 Fixes

• deps: update dependency prettier to v3.7.2 (#11820)

❤️ Thank You

• Justin McBride
• Kirk Waiblinger @​kirkwaiblinger

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.50.1 (2025-12-22)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.50.0 (2025-12-15)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

8.49.0 (2025-12-08)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

• d520b88 chore(release): publish 8.50.1
• c62e858 chore(release): publish 8.50.0
• 864595a chore(release): publish 8.49.0
• 32b7e89 chore(deps): update dependency @​vitest/eslint-plugin to v1.5.1 (#11816)
• See full diff in compare view

Updates eslint-plugin-better-tailwindcss from 3.7.11 to 3.8.0

Release notes

Sourced from eslint-plugin-better-tailwindcss's releases.

v3.8.0

compare changes

Features

• no-unregistered-classes: Support @import layer(components) (#257)

Fixes

• Wrong documentation url (#255)
• Ignore variants in custom component classes (#258)
• Angular line wrapping (#259)

❤️ Contributors

• Carlos Marques karkosyk@gmail.com

Changelog

Sourced from eslint-plugin-better-tailwindcss's changelog.

v3.8.0

compare changes

Features

• no-unregistered-classes: Support @import layer(components) (#257)

Fixes

• Wrong documentation url (#255)
• Ignore variants in custom component classes (#258)
• Angular line wrapping (#259)

❤️ Contributors

• Carlos Marques karkosyk@gmail.com

Commits

• a9876d0 chore(release): v3.8.0
• 568a2a9 style: fix eslint issues
• 4087ee1 chore: add missing devDependency
• 3b50693 chore: update markdownlint config
• c951fa0 chore: adapt to type changes
• 4930bbe chore: update dependencies
• ad24c8b fix: angular line wrapping (#259)
• 1044353 fix: ignore variants in custom component classes (#258)
• 8a125a4 feat(no-unregistered-classes): support @import layer(components) (#257)
• 5cd8bdc fix: wrong documentation url (#255)
• Additional commits viewable in compare view

Updates eslint-plugin-boundaries from 5.3.0 to 5.3.1

Release notes

Sourced from eslint-plugin-boundaries's releases.

Fix elements selector validation

@​boundaries/eslint-plugin v5.3.1

Fixed

• fix(#415): Fix elements selector validation error when selector is an empty array

@​boundaries/elements v1.1.2

Fixed

• fix: Update HANDLEBARS_TEMPLATE_REGEX to fix vulnerability with regex denial of service (ReDoS) attacks.

chore

Changed

• chore: Bump pnpm to 10. Set pnpm security options. Detect shai-hulud dependencies in workflow
• chore: bump baseline-browser-mapping to supress warnings

Commits

• 157710a Release v5.3.1 (#418)
• c841187 docs: Change Algolia links (#414)
• 6d8de3b docs: Change web page titles. Add releases page content (#413)
• 932490a docs: Improve website README (#412)
• aa5c1ef feat: Documentation Website (#410)
• See full diff in compare view

Updates eslint-plugin-jsdoc from 61.4.1 to 61.5.0

Release notes

Sourced from eslint-plugin-jsdoc's releases.

v61.5.0

61.5.0 (2025-12-07)

Features

• check-tag-names, require-template, check-template-names: make typeParam a non-preferred alias for template (3cd7cbd)

v61.4.2

61.4.2 (2025-12-06)

Bug Fixes

• require-rejects: reflect proper tag name in error message (44b2631)

Commits

• 3cd7cbd feat(check-tag-names, require-template, check-template-names): make `ty...
• 44b2631 fix(require-rejects): reflect proper tag name in error message
• See full diff in compare view

Updates eslint-plugin-perfectionist from 4.15.1 to 5.0.0

Release notes

Sourced from eslint-plugin-perfectionist's releases.

v5.0.0

   🚨 Breaking Changes

• Drop nodejs v18 support  -  by @​azat-io (6c4a7)
• Move to esm only  -  by @​azat-io (442f4)
• Drop group kind support  -  by @​hugop95 (44af8)
• Drop deprecated selectors support for multiple rules  -  by @​hugop95 (4c016)
• Drop deprecated object-based custom groups support  -  by @​hugop95 (5a6d5)
• Drop deprecated newlines between always and never  -  by @​hugop95 (4a9a6)
• Improve comment above integration in groups  -  by @​hugop95 (2011d)
• sort-enums:
  • Replace force numeric sort and update default sort by value option  -  by @​hugop95 (b7075)
• sort-imports:
  • Drop deprecated ts config root dir support  -  by @​hugop95 (54522)
  • Drop deprecated selectors  -  by @​hugop95 (f0894)
• sort-jsx-props:
  • Drop deprecated ignore pattern option  -  by @​hugop95 (f1a24)
• sort-object:
  • Drop deprecated destructure only option  -  by @​hugop95 (2f9d6)
• sort-object-types:
  • Drop deprecated ignore pattern option  -  by @​hugop95 (d28a1)
• sort-objects:
  • Migrate object type options to conditional configuration pattern  -  by @​hugop95 (724d0)
  • Drop deprecated ignore pattern  -  by @​hugop95 (02a09)

   🚀 Features

• Support annotation-based config  -  by @​hugop95 (96cda)
• Add sort-import-attributes rule  -  by @​azat-io (d147c)
• Add sort-export-attributes rule  -  by @​azat-io (ac7e5)
• Allow type overrides in groups option  -  by @​hugop95 (79857)
• Allow order overrides in groups option  -  by @​hugop95 (2c64f)
• Allow new lines inside overrides in groups option  -  by @​hugop95 (f9300)
• sort-decorators:
  • Add array-based custom groups api  -  by @​hugop95 (358b1)
• sort-exports:
  • Add wildcard, named and line-related modifiers  -  by @​hugop95 (2211e)
• sort-heritage-clauses:
  • Add array-based custom groups api  -  by @​hugop95 (e6ef2)
• sort-imports:
  • Add multiline and singleline modifiers  -  by @​hugop95 (2c954)
  • Allow type-import-first fallback sort  -  by @​hugop95 (a73c6)
• sort-object-types:
  • Add numeric keys detection option  -  by @​hugop95 (88f1c)
  • Add scoped matching for declaration patterns  -  by @​hugop95 (7fde0)
  • Add scoped matching for declaration comments  -  by @​hugop95 (1addc)
• sort-objects:
  • Add pattern matching for variable declarations  -  by @​hugop95 (ea22a)
  • Add numeric keys detection option  -  by @​hugop95 (2a665)
  • Add scope option for pattern matching  -  by @​hugop95 (a2e01)

... (truncated)

Changelog

Sourced from eslint-plugin-perfectionist's changelog.

v5.0.0

compare changes

🚀 Features

• ⚠️ Drop nodejs v18 support (6c4a74a)
• ⚠️ Move to esm only (442f409)
• sort-decorators: Add array-based custom groups api (358b1f4)
• ⚠️ Drop group kind support (44af851)
• sort-heritage-clauses: Add array-based custom groups api (e6ef242)
• sort-imports: ⚠️ Drop deprecated ts config root dir support (5452245)
• ⚠️ Drop deprecated selectors support for multiple rules (4c0161a)
• ⚠️ Drop deprecated object-based custom groups support (5a6d5fa)
• Support annotation-based config (96cda80)
• sort-object-types: ⚠️ Drop deprecated ignore pattern option (d28a154)
• sort-jsx-props: ⚠️ Drop deprecated ignore pattern option (f1a2498)
• Add sort-import-attributes rule (d147c56)
• Add sort-export-attributes rule (ac7e597)
• sort-object: ⚠️ Drop deprecated destructure only option (2f9d620)
• sort-objects: Add pattern matching for variable declarations (ea22aa1)
• ⚠️ Drop deprecated newlines between always and never (4a9a693)
• sort-objects: ⚠️ Migrate object type options to conditional configuration pattern (724d044)
• sort-enums: ⚠️ Replace force numeric sort and update default sort by value option (b707549)
• sort-objects: Add numeric keys detection option (2a6653d)
• sort-object-types: Add numeric keys detection option (88f1c19)
• sort-imports: Add multiline and singleline modifiers (2c954d4)
• ⚠️ Improve comment above integration in groups (2011d6c)
• Allow type overrides in groups option (7985717)
• sort-imports: ⚠️ Drop deprecated selectors (f089488)
• Allow order overrides in groups option (2c64f20)
• Allow new lines inside overrides in groups option (f9300b6)
• sort-imports: Allow type-import-first fallback sort (a73c690)
• sort-exports: Add wildcard, named and line-related modifiers (2211eb6)
• sort-objects: ⚠️ Drop deprecated ignore pattern (02a09d3)
• sort-objects: Add scope option for pattern matching (a2e013d)
• sort-object-types: Add scoped matching for declaration patterns (7fde0b5)
• sort-objects: Add scoped matching for declaration patterns (e80691a)
• sort-object-types: Add scoped matching for declaration comments (1addc94)

🐞 Bug Fixes

• Fix plugin usage with legacy configurations (a5e5b66)
• Keep settings priority when meta default options provided (5d5793d)
• Require sorting type in fallback sort schema (404a9b0)
• sort-objects: Handle destructured dependencies (572d54a)
• sort-object-types: Improve detection of complex object type declarations (7d9f3bd)
• Honor declaration comments for nested types (c54c522)
• sort-object-types: Match declaration names from variable declarations (99d50bc)

... (truncated)

Commits

• a967b11 build: publish v5.0.0
• 84d4df2 chore: update dependencies
• 7c02eb8 chore: update github actions
• aa9bf5d docs: update content security policy
• 7b1d71f docs: render search modal unconditionally
• b54b803 docs: remove portal wrapper to fix search modal
• 895a084 chore: downgrade eslint to avoid type incompatibility
• 68f4971 chore: move to ts cspell config
• df79285 chore: move to ts changelog config
• 57e3b1f chore: move to ts prettier config
• Additional commits viewable in compare view

Updates lefthook from 2.0.8 to 2.0.12

Release notes

Sourced from lefthook's releases.

v2.0.12

Changelog

• 303e3f7f27239baf5e04ff27d70fb466a97ed87f chore: small changes on diff printing (#1242)
• a4223e947ffb0a704bc14c11c3c35661ec20b62f feat: ability to show diff when failing on changes (#1227)
• 2b4c717882bb3a1254744a4d3a40408fc8ee7404 fix(git): make short status parser more robust (#1236)

v2.0.11

Changelog

• dcb45c027230c883f3b9a360896708aa9d6b50a3 ci: npm trusted publishing (#1234)
• fd62bbb6586477b7d090e356c27f8a9e987c82a3 feat: more rudimentary shell completions (#1230)
• f7bfafdd87868ea85de46c87802ab53278b77f67 feat: refetch and cleanup on ref change (#1210)

v2.0.10

Changelog

• b3791f6b3abdbea78b7c43ef85e0d3ededb69a15 feat: add no_auto_install to lefthook.yml (#1231)
• 1f7303df83e2af58015292986ebe2b8177c77667 fix: skip if empty files template (#1233)

v2.0.9

Changelog

• d2fa5d9f31c57a79d2354654de1939272006fc88 chore: remove unnecessary .svg executable permissions (#1219)
• 0792c2c03a98c306fd9fd762040e9f1d237fb1b1 chore: upgrade golangci-lint to 2.7.1, add godoclint (#1223)
• 0b9f1936ddf18488cb95078e7a3a6f85724a3878 fix: check and report Scanner errors (#1222)
• 97a7399c008be5e646538317f1701a1613be587a fix: do not try to hash-object directories (#1220)
• 16fe016a8e25f9b4d15aa2848fb516d4842618be fix: improve separation of options and filenames for more git commands (#1225)
• 07c5ccbd254cdad1135c260ac797191709382560 fix: skip pre commit hook if no staged files (#1229)
• 98699c83d34fc36fa4f29d669a0ab4f3ec48d991 refactor: command executor tweaks (#1224)
• 76cc6de4fd048d1de4ec4bc45930e780fd7e549a refactor: remove some redundant code (#1221)

Changelog

Sourced from lefthook's changelog.

2.0.12 (2025-12-15)

• chore: small changes on diff printing (#1242) by @​mrexox
• feat: ability to show diff when failing on changes (#1227) by @​scop
• fix: make short status parser more robust (#1236) by @​scop
• docs: fix readme (#1235) by @​matdibu

2.0.11 (2025-12-12)

• feat: refetch and cleanup on ref change (#1210) by @​mrexox
• ci: npm trusted publishing (#1234) by @​mrexox
• feat: more rudimentary shell completions (#1230) by @​scop

2.0.10 (2025-12-12)

• feat: add no_auto_install to lefthook.yml (#1231) by @​pavelzw
• fix: skip if empty files template (#1233) by @​mrexox

2.0.9 (2025-12-08)

• fix: skip pre commit hook if no staged files (#1229) by @​mrexox
• fix: do not try to hash-object directories (#1220) by @​scop
• fix: check and report Scanner errors (#1222) by @​scop
• refactor: command executor tweaks (#1224) by @​scop
• refactor: remove some redundant code (#1221) by @​scop
• fix: improve separation of options and filenames for more git commands (#1225) by @​scop
• chore: upgrade golangci-lint to 2.7.1, add godoclint (#1223) by @​scop
• chore: remove unnecessary .svg executable permissions (#1219) by @​scop

Commits

• 737b956 2.0.12: add fail_on_changes_diff hook setting
• 303e3f7 chore: small changes on diff printing (#1242)
• a4223e9 feat: ability to show diff when failing on changes (#1227)
• 2b4c717 fix(git): make short status parser more robust (#1236)
• 59d25a3 docs: fix readme (#1235)
• cffbf6c 2.0.11: improved remotes fetching, flags completion
• f7bfafd feat: refetch and cleanup on ref change (#1210)
• dcb45c0 ci: npm trusted publishing (#1234)
• fd62bbb feat: more rudimentary shell completions (#1230)
• 8d74b7c 2.0.10: no_auto_install option + fix for empty {files} template
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for lefthook since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: automated. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)

See the Details below.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@boundaries/elements	1.1.2	Unknown	Unknown
npm/@typescript-eslint/eslint-plugin	8.50.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 7 Found 15/20 approved changesets -- score normalized to 7 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 37 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/parser	8.50.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 7 Found 15/20 approved changesets -- score normalized to 7 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 37 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/project-service	8.50.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 7 Found 15/20 approved changesets -- score normalized to 7 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 37 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/scope-manager	8.50.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 7 Found 15/20 approved changesets -- score normalized to 7 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 37 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/tsconfig-utils	8.50.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 7 Found 15/20 approved changesets -- score normalized to 7 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 37 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/type-utils	8.50.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 7 Found 15/20 approved changesets -- score normalized to 7 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 37 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/types	8.50.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 7 Found 15/20 approved changesets -- score normalized to 7 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 37 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/typescript-estree	8.50.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 7 Found 15/20 approved changesets -- score normalized to 7 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 37 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/utils	8.50.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 7 Found 15/20 approved changesets -- score normalized to 7 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 37 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/visitor-keys	8.50.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 7 Found 15/20 approved changesets -- score normalized to 7 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 37 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/enhanced-resolve	5.18.4	🟢 6.9	Details Check Score Reason Code-Review 🟢 3 Found 7/21 approved changesets -- score normalized to 3 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 6 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/eslint-plugin-better-tailwindcss	3.8.0	Unknown	Unknown
npm/eslint-plugin-boundaries	5.3.1	🟢 4.8	Details Check Score Reason Code-Review ⚠️ 0 Found 2/21 approved changesets -- score normalized to 0 Maintained 🟢 10 22 commit(s) and 28 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Vulnerabilities 🟢 4 6 existing vulnerabilities detected SAST 🟢 9 SAST tool is not run on all commits -- score normalized to 9
npm/eslint-plugin-jsdoc	61.5.0	🟢 4.8	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Code-Review ⚠️ 1 Found 2/17 approved changesets -- score normalized to 1 Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 9 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Packaging 🟢 10 packaging workflow detected Vulnerabilities 🟢 6 4 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/eslint-plugin-perfectionist	5.0.0	Unknown	Unknown
npm/lefthook	2.0.12	🟢 5.8	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits
npm/lefthook-darwin-arm64	2.0.12	🟢 5.8	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits
npm/lefthook-darwin-x64	2.0.12	🟢 5.8	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits
npm/lefthook-freebsd-arm64	2.0.12	🟢 5.8	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits
npm/lefthook-freebsd-x64	2.0.12	🟢 5.8	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits
npm/lefthook-linux-arm64	2.0.12	🟢 5.8	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits
npm/lefthook-linux-x64	2.0.12	🟢 5.8	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits
npm/lefthook-openbsd-arm64	2.0.12	🟢 5.8	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits
npm/lefthook-openbsd-x64	2.0.12	🟢 5.8	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits
npm/lefthook-windows-arm64	2.0.12	🟢 5.8	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits
npm/lefthook-windows-x64	2.0.12	🟢 5.8	Details Check Score Reason Code-Review 🟢 5 Found 15/30 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits

Scanned Files

• pnpm-lock.yaml

[netlify]

❌ Deploy Preview for heyclaude failed.

Name	Link
🔨 Latest commit	306fe2d
🔍 Latest deploy log	https://app.netlify.com/projects/heyclaude/deploys/69498070328f7b000892fc77

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.