Skip to content

chore(deps-dev): bump ts-jest from 29.1.4 to 29.4.11#717

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/ts-jest-29.4.9
Open

chore(deps-dev): bump ts-jest from 29.1.4 to 29.4.11#717
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/ts-jest-29.4.9

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 11, 2026
edited
Loading

Bumps ts-jest from 29.1.4 to 29.4.11.

Release notes

Sourced from ts-jest's releases.

v29.4.11

Please refer to CHANGELOG.md for details.

v29.4.10

Please refer to CHANGELOG.md for details.

v29.4.9

Please refer to CHANGELOG.md for details.

v29.4.8

No release notes provided.

v29.4.7

Please refer to CHANGELOG.md for details.

v29.4.6

Please refer to CHANGELOG.md for details.

v29.4.5

Please refer to CHANGELOG.md for details.

v29.4.4

Please refer to CHANGELOG.md for details.

v29.4.3

Please refer to CHANGELOG.md for details.

v29.4.2

Please refer to CHANGELOG.md for details.

v29.4.1

Please refer to CHANGELOG.md for details.

v29.4.0

Please refer to CHANGELOG.md for details.

v29.3.4

Please refer to CHANGELOG.md for details.

v29.3.3

Please refer to CHANGELOG.md for details.

v29.3.2

Please refer to CHANGELOG.md for details.

v29.3.1

Please refer to CHANGELOG.md for details.

v29.3.0

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from ts-jest's changelog.

29.4.11 (2026-05-21)

Bug Fixes

  • preserve Bundler on the CJS path under TypeScript >= 6 (3941818), closes #4198

29.4.10 (2026-05-18)

Bug Fixes

  • pass resolutionMode to ts.resolveModuleName for hybrid module support (b557a85)
  • rebuild Program when consecutive compiles need different module kinds (a82a2b3), closes #4774
  • respect tsconfig moduleResolution instead of forcing Node10 (1bffffc)
  • transformer: transpile mjs files from node_modules for CJS mode (96d025d)
  • transformer: use a consistent comparator in hoist-jest sortStatements (8a8fd2f)

29.4.9 (2026-04-01)

Bug Fixes

  • use correct registry for npm OIDC trusted publishing (f8a9cc9)

29.4.8 (2026-04-01)

Bug Fixes

  • wrong published assets

29.4.7 (2026-04-01)

Features

29.4.6 (2025-12-01)

... (truncated)

Commits
  • bff2d64 chore(release): 29.4.11
  • 3941818 fix: preserve Bundler on the CJS path under TypeScript >= 6
  • efb3c2f build(deps): bump webpack-dev-server from 5.2.2 to 5.2.4 in /website
  • 4e46fad ci: refactor release workflow
  • 96b3ac0 chore(release): 29.4.10
  • e98ec64 build(deps): update github/codeql-action digest to 458d36d
  • 21ac58f build(deps): update jest packages
  • 0fdc96d build(deps): update dependency semver to ^7.8.0
  • 4b95551 build(deps): update dependency jest-environment-jsdom to ^30.4.1 (#5311)
  • 7b88447 build(deps): update eslint packages to ^8.59.3 (#5310)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for ts-jest since your current version.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 11, 2026
@dependabot dependabot Bot requested a review from farrah-deriv as a code owner May 11, 2026 02:48
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 11, 2026
@dependabot dependabot Bot requested a review from ameerul-deriv as a code owner May 11, 2026 02:48
@dependabot dependabot Bot added the javascript Pull requests that update javascript code label May 11, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 11, 2026
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ✅ 0 package(s) with unknown licenses.
  • ⚠️ 2 packages with OpenSSF Scorecard issues.
See the Details below.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@emotion/babel-plugin 11.13.5 🟢 5.5
Details
CheckScoreReason
Code-Review🟢 8Found 17/20 approved changesets -- score normalized to 8
Maintained⚠️ 00 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 4security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@emotion/cache 11.14.0 🟢 5.5
Details
CheckScoreReason
Code-Review🟢 8Found 17/20 approved changesets -- score normalized to 8
Maintained⚠️ 00 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 4security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@emotion/hash 0.9.2 🟢 5.5
Details
CheckScoreReason
Code-Review🟢 8Found 17/20 approved changesets -- score normalized to 8
Maintained⚠️ 00 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 4security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@emotion/is-prop-valid 1.4.0 🟢 5.5
Details
CheckScoreReason
Code-Review🟢 8Found 17/20 approved changesets -- score normalized to 8
Maintained⚠️ 00 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 4security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@emotion/memoize 0.9.0 🟢 5.5
Details
CheckScoreReason
Code-Review🟢 8Found 17/20 approved changesets -- score normalized to 8
Maintained⚠️ 00 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 4security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@emotion/react 11.14.0 🟢 5.5
Details
CheckScoreReason
Code-Review🟢 8Found 17/20 approved changesets -- score normalized to 8
Maintained⚠️ 00 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 4security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@emotion/serialize 1.3.3 🟢 5.5
Details
CheckScoreReason
Code-Review🟢 8Found 17/20 approved changesets -- score normalized to 8
Maintained⚠️ 00 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 4security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@emotion/sheet 1.4.0 🟢 5.5
Details
CheckScoreReason
Code-Review🟢 8Found 17/20 approved changesets -- score normalized to 8
Maintained⚠️ 00 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 4security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@emotion/styled 11.14.1 🟢 5.5
Details
CheckScoreReason
Code-Review🟢 8Found 17/20 approved changesets -- score normalized to 8
Maintained⚠️ 00 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 4security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@emotion/unitless 0.10.0 🟢 5.5
Details
CheckScoreReason
Code-Review🟢 8Found 17/20 approved changesets -- score normalized to 8
Maintained⚠️ 00 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 4security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@emotion/use-insertion-effect-with-fallbacks 1.2.0 🟢 5.5
Details
CheckScoreReason
Code-Review🟢 8Found 17/20 approved changesets -- score normalized to 8
Maintained⚠️ 00 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 4security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@emotion/utils 1.4.2 🟢 5.5
Details
CheckScoreReason
Code-Review🟢 8Found 17/20 approved changesets -- score normalized to 8
Maintained⚠️ 00 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 4security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@emotion/weak-memoize 0.4.0 🟢 5.5
Details
CheckScoreReason
Code-Review🟢 8Found 17/20 approved changesets -- score normalized to 8
Maintained⚠️ 00 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 4security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@jridgewell/source-map 0.3.11 UnknownUnknown
npm/@parcel/watcher 2.5.1 🟢 3.3
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts🟢 7binaries present in source code
Code-Review🟢 5Found 17/30 approved changesets -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@parcel/watcher-android-arm64 2.5.1 🟢 3.3
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts🟢 7binaries present in source code
Code-Review🟢 5Found 17/30 approved changesets -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@parcel/watcher-darwin-arm64 2.5.1 🟢 3.3
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts🟢 7binaries present in source code
Code-Review🟢 5Found 17/30 approved changesets -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@parcel/watcher-darwin-x64 2.5.1 🟢 3.3
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts🟢 7binaries present in source code
Code-Review🟢 5Found 17/30 approved changesets -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@parcel/watcher-freebsd-x64 2.5.1 🟢 3.3
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts🟢 7binaries present in source code
Code-Review🟢 5Found 17/30 approved changesets -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@parcel/watcher-linux-arm-glibc 2.5.1 🟢 3.3
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts🟢 7binaries present in source code
Code-Review🟢 5Found 17/30 approved changesets -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@parcel/watcher-linux-arm-musl 2.5.1 🟢 3.3
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts🟢 7binaries present in source code
Code-Review🟢 5Found 17/30 approved changesets -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@parcel/watcher-linux-arm64-glibc 2.5.1 🟢 3.3
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts🟢 7binaries present in source code
Code-Review🟢 5Found 17/30 approved changesets -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@parcel/watcher-linux-arm64-musl 2.5.1 🟢 3.3
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts🟢 7binaries present in source code
Code-Review🟢 5Found 17/30 approved changesets -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@parcel/watcher-linux-x64-glibc 2.5.1 🟢 3.3
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts🟢 7binaries present in source code
Code-Review🟢 5Found 17/30 approved changesets -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@parcel/watcher-linux-x64-musl 2.5.1 🟢 3.3
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts🟢 7binaries present in source code
Code-Review🟢 5Found 17/30 approved changesets -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@parcel/watcher-win32-arm64 2.5.1 🟢 3.3
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts🟢 7binaries present in source code
Code-Review🟢 5Found 17/30 approved changesets -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@parcel/watcher-win32-ia32 2.5.1 🟢 3.3
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts🟢 7binaries present in source code
Code-Review🟢 5Found 17/30 approved changesets -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@parcel/watcher-win32-x64 2.5.1 🟢 3.3
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts🟢 7binaries present in source code
Code-Review🟢 5Found 17/30 approved changesets -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@types/parse-json 4.0.2 🟢 6.6
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 9Found 27/29 approved changesets -- score normalized to 9
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
npm/acorn 8.16.0 🟢 5
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 3Found 11/29 approved changesets -- score normalized to 3
Maintained🟢 109 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy⚠️ 0security policy file not detected
License⚠️ 0license file not detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/babel-plugin-macros 3.1.0 🟢 3.5
Details
CheckScoreReason
Code-Review🟢 7Found 17/22 approved changesets -- score normalized to 7
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/buffer-from 1.1.2 ⚠️ 2
Details
CheckScoreReason
Token-Permissions⚠️ -1No tokens found
Code-Review⚠️ 0Found 1/18 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow⚠️ -1no workflows found
Pinned-Dependencies⚠️ -1no dependencies found
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/call-bind 1.0.9 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 34 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
SAST⚠️ 0no SAST tool detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy🟢 10security policy file detected
npm/callsites 3.1.0 🟢 3.8
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review🟢 3Found 10/30 approved changesets -- score normalized to 3
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/chokidar 4.0.3 🟢 4.5
Details
CheckScoreReason
Code-Review⚠️ 2Found 7/25 approved changesets -- score normalized to 2
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 55 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 10all dependencies are pinned
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/commander 2.20.3 🟢 6.7
Details
CheckScoreReason
Code-Review🟢 8Found 8/9 approved changesets -- score normalized to 8
Maintained🟢 70 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 7
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST🟢 10SAST tool is run on all commits
npm/convert-source-map 1.9.0 🟢 3.9
Details
CheckScoreReason
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review🟢 4Found 12/30 approved changesets -- score normalized to 4
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/cosmiconfig 7.1.0 🟢 5.4
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Code-Review⚠️ 0Found 1/30 approved changesets -- score normalized to 0
Maintained🟢 1015 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/detect-libc 1.0.3 🟢 3.8
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 2Found 7/30 approved changesets -- score normalized to 2
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts🟢 8binaries present in source code
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/error-ex 1.3.2 UnknownUnknown
npm/escape-string-regexp 4.0.0 🟢 3.7
Details
CheckScoreReason
Code-Review⚠️ 2Found 6/30 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/find-root 1.1.0 UnknownUnknown
npm/framer-motion 12.40.0 UnknownUnknown
npm/hasown 2.0.4 UnknownUnknown
npm/immutable 5.1.5 🟢 6.6
Details
CheckScoreReason
Maintained🟢 1018 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 1Found 1/8 approved changesets -- score normalized to 1
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Packaging🟢 10packaging workflow detected
Signed-Releases⚠️ -1no releases found
SAST⚠️ 1SAST tool is not run on all commits -- score normalized to 1
npm/import-fresh 3.3.0 🟢 3.8
Details
CheckScoreReason
Code-Review⚠️ 2Found 7/30 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Maintained⚠️ 10 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/is-arrayish 0.2.1 UnknownUnknown
npm/is-core-module 2.16.2 🟢 4.5
Details
CheckScoreReason
Maintained🟢 68 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0no SAST tool detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy🟢 10security policy file detected
npm/is-extglob 2.1.1 🟢 3
Details
CheckScoreReason
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow⚠️ -1no workflows found
SAST⚠️ 0no SAST tool detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ -1No tokens found
Code-Review⚠️ 0Found 0/19 approved changesets -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ -1no dependencies found
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy🟢 10security policy file detected
npm/is-glob 4.0.3 🟢 3.6
Details
CheckScoreReason
Code-Review⚠️ 1Found 3/26 approved changesets -- score normalized to 1
Binary-Artifacts🟢 10no binaries found in the repo
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/jiti 1.21.0 🟢 5.6
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1023 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 1Found 5/27 approved changesets -- score normalized to 1
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Security-Policy⚠️ 0security policy file not detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/json-parse-even-better-errors 2.3.1 🟢 6.6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 810 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST🟢 9SAST tool detected but not run on all commits
npm/lines-and-columns 1.2.4 🟢 3.1
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/17 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Packaging⚠️ -1packaging workflow not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/motion-dom 12.40.0 UnknownUnknown
npm/motion-utils 12.39.0 UnknownUnknown
npm/node-addon-api 7.1.1 🟢 8.9
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Maintained🟢 1014 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
Vulnerabilities🟢 100 existing vulnerabilities detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
SAST🟢 9SAST tool detected but not run on all commits
License🟢 10license file detected
Packaging🟢 10packaging workflow detected
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy🟢 10security policy file detected
CI-Tests🟢 826 out of 30 merged PRs checked by a CI test -- score normalized to 8
Contributors🟢 10project has 47 contributing companies or organizations
npm/parent-module 1.0.1 🟢 3.6
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Code-Review⚠️ 1Found 4/26 approved changesets -- score normalized to 1
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/parse-json 5.2.0 🟢 4
Details
CheckScoreReason
Code-Review🟢 5Found 15/30 approved changesets -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/path-type 4.0.0 🟢 3.7
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 2Found 7/27 approved changesets -- score normalized to 2
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/readdirp 4.1.2 🟢 3.4
Details
CheckScoreReason
Code-Review⚠️ 0Found 2/28 approved changesets -- score normalized to 0
Maintained⚠️ 01 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 10all dependencies are pinned
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/resolve-from 4.0.0 🟢 3.7
Details
CheckScoreReason
Code-Review⚠️ 2Found 7/30 approved changesets -- score normalized to 2
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/sass 1.86.3 🟢 4.3
Details
CheckScoreReason
Code-Review🟢 9Found 16/17 approved changesets -- score normalized to 9
Maintained🟢 1013 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/source-map 0.5.7 🟢 4.5
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 32 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 3
Code-Review🟢 8Found 10/12 approved changesets -- score normalized to 8
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 9binaries present in source code
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Security-Policy⚠️ 0security policy file not detected
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
npm/source-map 0.6.1 🟢 4.5
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 32 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 3
Code-Review🟢 8Found 10/12 approved changesets -- score normalized to 8
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 9binaries present in source code
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Security-Policy⚠️ 0security policy file not detected
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
npm/source-map-support 0.5.21 ⚠️ 2.3
Details
CheckScoreReason
Code-Review⚠️ 2Found 5/17 approved changesets -- score normalized to 2
Token-Permissions⚠️ -1No tokens found
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow⚠️ -1no workflows found
Pinned-Dependencies⚠️ -1no dependencies found
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/stylis 4.2.0 UnknownUnknown
npm/terser 5.48.0 🟢 5.9
Details
CheckScoreReason
Maintained🟢 1023 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 1Found 3/30 approved changesets -- score normalized to 1
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
License🟢 9license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/yaml 1.10.3 🟢 7.2
Details
CheckScoreReason
Maintained🟢 1023 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 0/11 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits
npm/yaml 2.8.3 🟢 7.2
Details
CheckScoreReason
Maintained🟢 1023 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 0/11 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits
npm/call-bind 1.0.8 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 34 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
SAST⚠️ 0no SAST tool detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy🟢 10security policy file detected
npm/hasown 2.0.2 UnknownUnknown
npm/is-core-module 2.16.1 🟢 4.5
Details
CheckScoreReason
Maintained🟢 68 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0no SAST tool detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy🟢 10security policy file detected

Scanned Manifest Files

package-lock.json
  • @babel/eslint-parser@7.29.7
  • @emnapi/core@1.10.0
  • @emnapi/runtime@1.10.0
  • @emnapi/wasi-threads@1.2.1
  • @emotion/babel-plugin@11.13.5
  • @emotion/cache@11.14.0
  • @emotion/hash@0.9.2
  • @emotion/is-prop-valid@1.4.0
  • @emotion/memoize@0.9.0
  • @emotion/react@11.14.0
  • @emotion/serialize@1.3.3
  • @emotion/sheet@1.4.0
  • @emotion/styled@11.14.1
  • @emotion/unitless@0.10.0
  • @emotion/use-insertion-effect-with-fallbacks@1.2.0
  • @emotion/utils@1.4.2
  • @emotion/weak-memoize@0.4.0
  • @jridgewell/source-map@0.3.11
  • @napi-rs/wasm-runtime@1.1.4
  • @nicolo-ribaudo/eslint-scope-5-internals@5.1.1-1
  • @nolyfill/is-core-module@1.0.39
  • @parcel/watcher@2.5.1
  • @parcel/watcher-android-arm64@2.5.1
  • @parcel/watcher-darwin-arm64@2.5.1
  • @parcel/watcher-darwin-x64@2.5.1
  • @parcel/watcher-freebsd-x64@2.5.1
  • @parcel/watcher-linux-arm-glibc@2.5.1
  • @parcel/watcher-linux-arm-musl@2.5.1
  • @parcel/watcher-linux-arm64-glibc@2.5.1
  • @parcel/watcher-linux-arm64-musl@2.5.1
  • @parcel/watcher-linux-x64-glibc@2.5.1
  • @parcel/watcher-linux-x64-musl@2.5.1
  • @parcel/watcher-win32-arm64@2.5.1
  • @parcel/watcher-win32-ia32@2.5.1
  • @parcel/watcher-win32-x64@2.5.1
  • @rtsao/scc@1.1.0
  • @testing-library/dom@10.4.1
  • @tybys/wasm-util@0.10.2
  • @types/aria-query@5.0.4
  • @types/eslint@7.29.0
  • @types/eslint@8.56.12
  • @types/json5@0.0.29
  • @types/parse-json@4.0.2
  • @unrs/resolver-binding-android-arm-eabi@1.12.2
  • @unrs/resolver-binding-android-arm64@1.12.2
  • @unrs/resolver-binding-darwin-arm64@1.12.2
  • @unrs/resolver-binding-darwin-x64@1.12.2
  • @unrs/resolver-binding-freebsd-x64@1.12.2
  • @unrs/resolver-binding-linux-arm-gnueabihf@1.12.2
  • @unrs/resolver-binding-linux-arm-musleabihf@1.12.2
  • @unrs/resolver-binding-linux-arm64-gnu@1.12.2
  • @unrs/resolver-binding-linux-arm64-musl@1.12.2
  • @unrs/resolver-binding-linux-loong64-gnu@1.12.2
  • @unrs/resolver-binding-linux-loong64-musl@1.12.2
  • @unrs/resolver-binding-linux-ppc64-gnu@1.12.2
  • @unrs/resolver-binding-linux-riscv64-gnu@1.12.2
  • @unrs/resolver-binding-linux-riscv64-musl@1.12.2
  • @unrs/resolver-binding-linux-s390x-gnu@1.12.2
  • @unrs/resolver-binding-linux-x64-gnu@1.12.2
  • @unrs/resolver-binding-linux-x64-musl@1.12.2
  • @unrs/resolver-binding-openharmony-arm64@1.12.2
  • @unrs/resolver-binding-wasm32-wasi@1.12.2
  • @unrs/resolver-binding-win32-arm64-msvc@1.12.2
  • @unrs/resolver-binding-win32-ia32-msvc@1.12.2
  • @unrs/resolver-binding-win32-x64-msvc@1.12.2
  • @webassemblyjs/ast@1.14.1
  • @webassemblyjs/floating-point-hex-parser@1.13.2
  • @webassemblyjs/helper-api-error@1.13.2
  • @webassemblyjs/helper-buffer@1.14.1
  • @webassemblyjs/helper-numbers@1.13.2
  • @webassemblyjs/helper-wasm-bytecode@1.13.2
  • @webassemblyjs/helper-wasm-section@1.14.1
  • @webassemblyjs/ieee754@1.13.2
  • @webassemblyjs/leb128@1.13.2
  • @webassemblyjs/utf8@1.13.2
  • @webassemblyjs/wasm-edit@1.14.1
  • @webassemblyjs/wasm-gen@1.14.1
  • @webassemblyjs/wasm-opt@1.14.1
  • @webassemblyjs/wasm-parser@1.14.1
  • @webassemblyjs/wast-printer@1.14.1
  • @xtuc/ieee754@1.2.0
  • @xtuc/long@4.2.2
  • acorn@8.16.0
  • acorn-import-phases@1.0.4
  • ajv-formats@2.1.1
  • ajv-keywords@5.1.0
  • array-buffer-byte-length@1.0.2
  • array-includes@3.1.9
  • array.prototype.findlast@1.2.5
  • array.prototype.findlastindex@1.2.6
  • array.prototype.flat@1.3.3
  • array.prototype.flatmap@1.3.3
  • array.prototype.tosorted@1.1.4
  • arraybuffer.prototype.slice@1.0.4
  • async-function@1.0.0
  • available-typed-arrays@1.0.7
  • babel-plugin-macros@3.1.0
  • buffer-from@1.1.2
  • call-bind@1.0.9
  • call-bound@1.0.4
  • callsites@3.1.0
  • chokidar@4.0.3
  • chrome-trace-event@1.0.4
  • commander@2.20.3
  • confusing-browser-globals@1.0.11
  • convert-source-map@1.9.0
  • cosmiconfig@7.1.0
  • data-view-buffer@1.0.2
  • data-view-byte-length@1.0.2
  • data-view-byte-offset@1.0.1
  • debug@3.2.7
  • define-properties@1.2.1
  • detect-libc@1.0.3
  • doctrine@2.1.0
  • dom-accessibility-api@0.5.16
  • enhanced-resolve@0.9.1
  • enhanced-resolve@5.22.1
  • error-ex@1.3.2
  • es-abstract@1.24.2
  • es-iterator-helpers@1.3.2
  • es-module-lexer@2.1.0
  • es-shim-unscopables@1.1.0
  • es-to-primitive@1.3.0
  • escape-string-regexp@4.0.0
  • eslint-config-airbnb-base@15.0.0
  • eslint-config-prettier@7.2.0
  • eslint-formatter-pretty@4.1.0
  • eslint-import-resolver-node@0.3.10
  • eslint-import-resolver-typescript@3.10.1
  • eslint-import-resolver-webpack@0.13.11
  • eslint-module-utils@2.13.0
  • eslint-plugin-deprecation@1.5.0
  • eslint-plugin-import@2.32.0
  • eslint-plugin-jest@27.9.0
  • eslint-plugin-jest-dom@5.5.0
  • eslint-plugin-jest-playwright@0.9.0
  • eslint-plugin-playwright@0.9.0
  • eslint-plugin-react@7.37.5
  • eslint-plugin-simple-import-sort@10.0.0
  • eslint-plugin-testing-library@6.5.0
  • eslint-rule-docs@1.1.235
  • eslint-visitor-keys@2.1.0
  • eslint-webpack-plugin@4.2.0
  • events@3.3.0
  • find-root@1.1.0
  • for-each@0.3.5
  • framer-motion@12.40.0
  • function.prototype.name@1.1.8
  • functions-have-names@1.2.3
  • generator-function@2.0.1
  • get-symbol-description@1.1.0
  • get-tsconfig@4.14.0
  • glob-to-regexp@0.4.1
  • globalthis@1.0.4
  • handlebars@4.7.9
  • has-bigints@1.1.0
  • has-proto@1.2.0
  • hasown@2.0.4
  • immutable@5.1.5
  • import-fresh@3.3.0
  • internal-slot@1.1.0
  • interpret@1.4.0
  • irregular-plurals@3.5.0
  • is-array-buffer@3.0.5
  • is-arrayish@0.2.1
  • is-async-function@2.1.1
  • is-bigint@1.1.0
  • is-boolean-object@1.2.2
  • is-bun-module@2.0.0
  • is-callable@1.2.7
  • is-core-module@2.16.2
  • is-data-view@1.0.2
  • is-date-object@1.1.0
  • is-extglob@2.1.1
  • is-finalizationregistry@1.1.1
  • is-generator-function@1.1.2
  • is-glob@4.0.3
  • is-map@2.0.3
  • is-negative-zero@2.0.3
  • is-number-object@1.1.1
  • is-regex@1.2.1
  • is-set@2.0.3
  • is-shared-array-buffer@1.0.4
  • is-string@1.1.1
  • is-symbol@1.1.1
  • is-typed-array@1.1.15
  • is-weakmap@2.0.2
  • is-weakref@1.1.1
  • is-weakset@2.0.4
  • iterator.prototype@1.1.5
  • jest-worker@27.5.1
  • jiti@1.21.0
  • json-parse-even-better-errors@2.3.1
  • json5@1.0.2
  • jsx-ast-utils@3.3.5
  • lines-and-columns@1.2.4
  • loader-runner@4.3.2
  • lz-string@1.5.0
  • memory-fs@0.2.0
  • mime-db@1.54.0
  • motion-dom@12.40.0
  • motion-utils@12.39.0
  • napi-postinstall@0.3.4
  • neo-async@2.6.2
  • node-addon-api@7.1.1
  • node-exports-info@1.6.0
  • object-inspect@1.13.4
  • object.assign@4.1.7
  • object.entries@1.1.9
  • object.fromentries@2.0.8
  • object.groupby@1.0.3
  • object.values@1.2.1
  • own-keys@1.0.1
  • parent-module@1.0.1
  • parse-json@5.2.0
  • path-type@4.0.0
  • plur@4.0.0
  • possible-typed-array-names@1.1.0
  • pretty-format@27.5.1
  • react-is@17.0.2
  • readdirp@4.1.2
  • reflect.getprototypeof@1.0.10
  • regexp.prototype.flags@1.5.4
  • requireindex@1.2.0
  • resolve@2.0.0-next.7
  • resolve-from@4.0.0
  • resolve-pkg-maps@1.0.0
  • safe-array-concat@1.1.4
  • safe-push-apply@1.0.0
  • safe-regex-test@1.1.0
  • sass@1.86.3
  • schema-utils@4.3.3
  • semver@7.8.1
  • set-function-name@2.0.2
  • set-proto@1.0.0
  • side-channel@1.1.0
  • side-channel-list@1.0.1
  • side-channel-map@1.0.1
  • side-channel-weakmap@1.0.2
  • source-map@0.5.7
  • source-map@0.6.1
  • source-map-support@0.5.21
  • stable-hash@0.0.5
  • stop-iteration-iterator@1.1.0
  • string.prototype.matchall@4.0.12
  • string.prototype.repeat@1.0.0
  • string.prototype.trim@1.2.10
  • string.prototype.trimend@1.0.9
  • string.prototype.trimstart@1.0.8
  • strip-bom@3.0.0
  • stylis@4.2.0
  • supports-color@8.1.1
  • supports-hyperlinks@2.3.0
  • tapable@0.1.10
  • tapable@2.3.3
  • terser@5.48.0
  • terser-webpack-plugin@5.6.1
  • ts-jest@29.4.11
  • tsconfig-paths@3.15.0
  • type-fest@4.41.0
  • typed-array-buffer@1.0.3
  • typed-array-byte-length@1.0.3
  • typed-array-byte-offset@1.0.4
  • typed-array-length@1.0.8
  • uglify-js@3.19.3
  • unbox-primitive@1.1.0
  • unrs-resolver@1.12.2
  • watchpack@2.5.1
  • webpack@5.107.2
  • webpack-sources@3.5.0
  • which-boxed-primitive@1.1.1
  • which-builtin-type@1.2.1
  • which-collection@1.0.2
  • which-typed-array@1.1.21
  • wordwrap@1.0.0
  • yaml@1.10.3
  • yaml@2.8.3
  • @parcel/watcher@2.5.1
  • @parcel/watcher-android-arm64@2.5.1
  • @parcel/watcher-darwin-arm64@2.5.1
  • @parcel/watcher-darwin-x64@2.5.1
  • @parcel/watcher-freebsd-x64@2.5.1
  • @parcel/watcher-linux-arm-glibc@2.5.1
  • @parcel/watcher-linux-arm-musl@2.5.1
  • @parcel/watcher-linux-arm64-glibc@2.5.1
  • @parcel/watcher-linux-arm64-musl@2.5.1
  • @parcel/watcher-linux-x64-glibc@2.5.1
  • @parcel/watcher-linux-x64-musl@2.5.1
  • @parcel/watcher-win32-arm64@2.5.1
  • @parcel/watcher-win32-ia32@2.5.1
  • @parcel/watcher-win32-x64@2.5.1
  • @types/parse-json@4.0.2
  • acorn@8.16.0
  • buffer-from@1.1.2
  • call-bind@1.0.8
  • callsites@3.1.0
  • chokidar@4.0.3
  • detect-libc@1.0.3
  • error-ex@1.3.2
  • escape-string-regexp@4.0.0
  • hasown@2.0.2
  • immutable@5.1.5
  • import-fresh@3.3.0
  • is-arrayish@0.2.1
  • is-core-module@2.16.1
  • is-extglob@2.1.1
  • is-glob@4.0.3
  • jiti@1.21.0
  • json-parse-even-better-errors@2.3.1
  • lines-and-columns@1.2.4
  • node-addon-api@7.1.1
  • parent-module@1.0.1
  • parse-json@5.2.0
  • path-type@4.0.0
  • readdirp@4.1.2
  • resolve-from@4.0.0
  • sass@1.86.3
  • source-map@0.6.1
  • ts-jest@29.1.4
  • yaml@2.8.3

@dependabot
chore(deps-dev): bump ts-jest from 29.1.4 to 29.4.11
ce1c7dc 
Bumps [ts-jest](https://github.com/kulshekhar/ts-jest) from 29.1.4 to 29.4.11.
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](kulshekhar/ts-jest@v29.1.4...v29.4.11)

---
updated-dependencies:
- dependency-name: ts-jest
  dependency-version: 29.4.9
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps-dev): bump ts-jest from 29.1.4 to 29.4.9 chore(deps-dev): bump ts-jest from 29.1.4 to 29.4.11 Jun 1, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ts-jest-29.4.9 branch from 82cf6f5 to ce1c7dc Compare June 1, 2026 10:55
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 1, 2026

Name Result
Build status Failed ❌
Action URL Visit Action

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@farrah-deriv farrah-deriv Awaiting requested review from farrah-deriv farrah-deriv is a code owner

@ameerul-deriv ameerul-deriv Awaiting requested review from ameerul-deriv ameerul-deriv is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants