chore(deps-dev): bump webpack from 5.81.0 to 5.99.9 #1105

dependabot · 2025-06-18T08:31:39Z

Bumps webpack from 5.81.0 to 5.99.9.

Release notes

v5.99.9

Fixes

HMR might fail if there are new initial chunks

Destructuring namespace import with default

Destructuring namespace import with computed-property

Generate valid code for es export generation for multiple module entries

Fixed public path issue for ES modules

Asset modules work when lazy compilation used

Eliminate unused statements in certain scenarios

Fixed regression with location and order of dependencies

Fixed typescript types

v5.99.8

Fixes

Fixed type error with latest @types/node

Fixed typescript types

v5.99.7

Fixes

Don't skip export generation for default reexport (#19463)

Fixed module library export generation for reexport (#19459)

Avoid module concatenation in child compilation for module library (#19457)

Ensure HMR recover gracefully when CSS module with error

Respect cause of any errors and errors of AggregateError in stats output

Added missing @types/json-schema in types

v5.99.6

Fixes

Respect public path for ES modules

Fixed generation of module for module library when mixing commonjs and esm modules

Always apply FlagDependencyExportsPlugin for libraries where it required

Faster logic for dead control flow

Typescript types

v5.99.5

Fixes

Control dead flow for labeled and blockless statements

v5.99.4

Fixes

Fixed terminated state for if/else

v5.99.3

Fixes

... (truncated)

Commits

6c9f912 chore(release): 5.99.9
bca3d40 fix: eliminate unused statements in certain scenarios (#19536)
356c5d1 ci: benchmarks stability (#19552)
2c4f967 fix: sourceTypes of asset module when lazy compilation (#19539)
6b3e1c5 chore(deps): bump the dependencies group with 2 updates (#19551)
dc19f82 chore: fix todo types (#19550)
598767e chore: fix typo in comment
34ec1d8 chore: refactor tests scripts (#19549)
12b8458 fix: publicPath issue for ES modules (#19546)
c1e7ba2 docs: update examples (#19545)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

github-actions · 2025-06-18T08:31:58Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 1 package(s) with unknown licenses.
⚠️ 32 packages with OpenSSF Scorecard issues.

See the Details below.

License Issues

package-lock.json

Package	Version	License	Issue Type
terser	5.43.1	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/webpack

5.81.0

🟢 5.9

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 5	Found 13/26 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 9	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

npm/@types/estree

1.0.8

🟢 7

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 9	Found 29/30 approved changesets -- score normalized to 9
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Fuzzing	⚠️ 0	project is not fuzzed

npm/@webassemblyjs/ast

1.14.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/floating-point-hex-parser

1.13.2

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/helper-api-error

1.13.2

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/helper-buffer

1.14.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/helper-numbers

1.13.2

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/helper-wasm-bytecode

1.13.2

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/helper-wasm-section

1.14.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/ieee754

1.13.2

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/leb128

1.13.2

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/utf8

1.13.2

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/wasm-edit

1.14.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/wasm-gen

1.14.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/wasm-opt

1.14.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/wasm-parser

1.14.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/wast-printer

1.14.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/acorn

8.15.0

🟢 5.3

Details

Check	Score	Reason
Code-Review	🟢 4	Found 13/30 approved changesets -- score normalized to 4
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 10	21 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Security-Policy	⚠️ 0	security policy file not detected
License	⚠️ 0	license file not detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 7	3 existing vulnerabilities detected

npm/ajv

8.12.0

🟢 5.5

Details

Check	Score	Reason
Code-Review	🟢 9	Found 29/30 approved changesets -- score normalized to 9
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Binary-Artifacts	🟢 10	no binaries found in the repo
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/ajv-formats

2.1.1

🟢 4.2

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 4	Found 8/20 approved changesets -- score normalized to 4
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/ajv-keywords

5.1.0

🟢 3.9

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	⚠️ 1	Found 2/11 approved changesets -- score normalized to 1
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/browserslist

4.25.0

🟢 4.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 6/27 approved changesets -- score normalized to 2
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Maintained	🟢 10	10 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

npm/electron-to-chromium

1.5.170

Unknown

npm/enhanced-resolve

5.18.1

🟢 5.7

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 4/14 approved changesets -- score normalized to 2
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Maintained	🟢 8	9 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 8
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	⚠️ 0	security policy file not detected
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

npm/escalade

3.2.0

🟢 3.5

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/json-schema-traverse

1.0.0

🟢 3.6

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	⚠️ 2	Found 5/22 approved changesets -- score normalized to 2
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/node-releases

2.0.19

🟢 4.1

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Maintained	🟢 5	6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
SAST	⚠️ 0	no SAST tool detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/require-from-string

2.0.2

🟢 3.3

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Pinned-Dependencies	⚠️ -1	no dependencies found
Token-Permissions	⚠️ -1	No tokens found
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	⚠️ -1	no workflows found
Code-Review	⚠️ 2	Found 6/24 approved changesets -- score normalized to 2
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/schema-utils

4.3.2

🟢 4.5

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 1	Found 4/24 approved changesets -- score normalized to 1
Maintained	🟢 5	7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Security-Policy	⚠️ 0	security policy file not detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

npm/tapable

2.2.2

🟢 5.1

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Code-Review	🟢 3	Found 7/20 approved changesets -- score normalized to 3
Maintained	🟢 10	8 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	46 existing vulnerabilities detected

npm/terser

5.43.1

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 2/30 approved changesets -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 6	4 existing vulnerabilities detected

npm/terser-webpack-plugin

5.3.14

🟢 5.8

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Maintained	🟢 5	5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 5	Found 14/27 approved changesets -- score normalized to 5
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 7	3 existing vulnerabilities detected

npm/update-browserslist-db

1.1.3

⚠️ 2.9

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	⚠️ 1	0 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1
Binary-Artifacts	🟢 10	no binaries found in the repo
Code-Review	⚠️ 1	Found 3/22 approved changesets -- score normalized to 1
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 2	8 existing vulnerabilities detected

npm/webpack

5.99.9

🟢 5.9

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 5	Found 13/26 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 9	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

npm/@types/estree

1.0.5

🟢 7

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 9	Found 29/30 approved changesets -- score normalized to 9
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Fuzzing	⚠️ 0	project is not fuzzed

npm/@webassemblyjs/ast

1.12.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/floating-point-hex-parser

1.11.6

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/helper-api-error

1.11.6

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/helper-buffer

1.12.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/helper-numbers

1.11.6

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/helper-wasm-bytecode

1.11.6

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/helper-wasm-section

1.12.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/ieee754

1.11.6

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/leb128

1.11.6

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/utf8

1.11.6

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/wasm-edit

1.12.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/wasm-gen

1.12.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/wasm-opt

1.12.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/wasm-parser

1.12.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/wast-printer

1.12.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 9	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/acorn

8.11.3

🟢 5.3

Details

Check	Score	Reason
Code-Review	🟢 4	Found 13/30 approved changesets -- score normalized to 4
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 10	21 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Security-Policy	⚠️ 0	security policy file not detected
License	⚠️ 0	license file not detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 7	3 existing vulnerabilities detected

npm/acorn-import-assertions

1.9.0

Unknown

npm/ajv

6.12.6

🟢 5.5

Details

Check	Score	Reason
Code-Review	🟢 9	Found 29/30 approved changesets -- score normalized to 9
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Binary-Artifacts	🟢 10	no binaries found in the repo
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/ajv-keywords

3.5.2

🟢 3.9

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	⚠️ 1	Found 2/11 approved changesets -- score normalized to 1
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/browserslist

4.23.2

🟢 4.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 6/27 approved changesets -- score normalized to 2
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Maintained	🟢 10	10 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

npm/electron-to-chromium

1.5.1

Unknown

npm/enhanced-resolve

5.16.0

🟢 5.7

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 4/14 approved changesets -- score normalized to 2
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Maintained	🟢 8	9 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 8
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	⚠️ 0	security policy file not detected
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

npm/escalade

3.1.2

🟢 3.5

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/fast-json-stable-stringify

2.1.0

🟢 3.3

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Pinned-Dependencies	⚠️ -1	no dependencies found
Code-Review	⚠️ 2	Found 5/22 approved changesets -- score normalized to 2
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	⚠️ -1	no workflows found
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/json-schema-traverse

0.4.1

🟢 3.6

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	⚠️ 2	Found 5/22 approved changesets -- score normalized to 2
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/node-releases

2.0.14

🟢 4.1

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Maintained	🟢 5	6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
SAST	⚠️ 0	no SAST tool detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/schema-utils

3.3.0

🟢 4.5

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 1	Found 4/24 approved changesets -- score normalized to 1
Maintained	🟢 5	7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Security-Policy	⚠️ 0	security policy file not detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

npm/tapable

2.2.1

🟢 5.1

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Code-Review	🟢 3	Found 7/20 approved changesets -- score normalized to 3
Maintained	🟢 10	8 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	46 existing vulnerabilities detected

npm/terser

5.29.1

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 2/30 approved changesets -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 6	4 existing vulnerabilities detected

npm/terser-webpack-plugin

5.3.10

🟢 5.8

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Maintained	🟢 5	5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 5	Found 14/27 approved changesets -- score normalized to 5
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 7	3 existing vulnerabilities detected

npm/update-browserslist-db

1.1.0

⚠️ 2.9

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	⚠️ 1	0 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1
Binary-Artifacts	🟢 10	no binaries found in the repo
Code-Review	⚠️ 1	Found 3/22 approved changesets -- score normalized to 1
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 2	8 existing vulnerabilities detected

Scanned Manifest Files

package-lock.json

webpack@5.81.0
@types/estree@1.0.8
@webassemblyjs/ast@1.14.1
@webassemblyjs/floating-point-hex-parser@1.13.2
@webassemblyjs/helper-api-error@1.13.2
@webassemblyjs/helper-buffer@1.14.1
@webassemblyjs/helper-numbers@1.13.2
@webassemblyjs/helper-wasm-bytecode@1.13.2
@webassemblyjs/helper-wasm-section@1.14.1
@webassemblyjs/ieee754@1.13.2
@webassemblyjs/leb128@1.13.2
@webassemblyjs/utf8@1.13.2
@webassemblyjs/wasm-edit@1.14.1
@webassemblyjs/wasm-gen@1.14.1
@webassemblyjs/wasm-opt@1.14.1
@webassemblyjs/wasm-parser@1.14.1
@webassemblyjs/wast-printer@1.14.1
acorn@8.15.0
ajv@6.12.6
ajv@8.12.0
ajv-formats@2.1.1
ajv-keywords@3.5.2
ajv-keywords@5.1.0
browserslist@4.25.0
electron-to-chromium@1.5.170
enhanced-resolve@5.18.1
escalade@3.2.0
fast-json-stable-stringify@2.1.0
json-schema-traverse@1.0.0
json-schema-traverse@0.4.1
node-releases@2.0.19
require-from-string@2.0.2
schema-utils@4.3.2
tapable@2.2.2
terser@5.43.1
terser-webpack-plugin@5.3.14
update-browserslist-db@1.1.3
webpack@5.99.9
@types/estree@1.0.5
@webassemblyjs/ast@1.12.1
@webassemblyjs/floating-point-hex-parser@1.11.6
@webassemblyjs/helper-api-error@1.11.6
@webassemblyjs/helper-buffer@1.12.1
@webassemblyjs/helper-numbers@1.11.6
@webassemblyjs/helper-wasm-bytecode@1.11.6
@webassemblyjs/helper-wasm-section@1.12.1
@webassemblyjs/ieee754@1.11.6
@webassemblyjs/leb128@1.11.6
@webassemblyjs/utf8@1.11.6
@webassemblyjs/wasm-edit@1.12.1
@webassemblyjs/wasm-gen@1.12.1
@webassemblyjs/wasm-opt@1.12.1
@webassemblyjs/wasm-parser@1.12.1
@webassemblyjs/wast-printer@1.12.1
acorn@8.11.3
acorn-import-assertions@1.9.0
ajv@6.12.6
ajv-formats@2.1.1
ajv-keywords@3.5.2
ajv-keywords@5.1.0
browserslist@4.23.2
electron-to-chromium@1.5.1
enhanced-resolve@5.16.0
escalade@3.1.2
fast-json-stable-stringify@2.1.0
json-schema-traverse@0.4.1
node-releases@2.0.14
require-from-string@2.0.2
schema-utils@4.2.0
schema-utils@3.3.0
tapable@2.2.1
terser@5.29.1
terser-webpack-plugin@5.3.10
update-browserslist-db@1.1.0

package.json

webpack@5.81.0
webpack@5.99.9

Bumps [webpack](https://github.com/webpack/webpack) from 5.81.0 to 5.99.9. - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.81.0...v5.99.9) --- updated-dependencies: - dependency-name: webpack dependency-version: 5.99.9 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 18, 2025

dependabot bot requested a review from a team as a code owner June 18, 2025 08:31

dependabot bot mentioned this pull request Jun 18, 2025

chore(deps-dev): bump webpack from 5.81.0 to 5.94.0 #811

Closed

dependabot bot had a problem deploying to Development June 18, 2025 08:31 Error

dependabot bot force-pushed the dependabot/npm_and_yarn/webpack-5.99.9 branch from aa24822 to 2dd268f Compare June 18, 2025 08:54

dependabot bot had a problem deploying to Development June 18, 2025 08:54 Failure

nijil-deriv previously approved these changes Jun 18, 2025

View reviewed changes

dependabot bot dismissed nijil-deriv’s stale review via 4aa7d36 June 19, 2025 10:52

dependabot bot force-pushed the dependabot/npm_and_yarn/webpack-5.99.9 branch from 2dd268f to 4aa7d36 Compare June 19, 2025 10:52

dependabot bot had a problem deploying to Development June 19, 2025 10:52 Failure

dependabot bot had a problem deploying to Development June 20, 2025 03:45 Failure

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps-dev): bump webpack from 5.81.0 to 5.99.9 #1105

chore(deps-dev): bump webpack from 5.81.0 to 5.99.9 #1105

Uh oh!

dependabot bot commented on behalf of github Jun 18, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Jun 18, 2025 •

edited

Loading

Uh oh!

Uh oh!

chore(deps-dev): bump webpack from 5.81.0 to 5.99.9 #1105

Are you sure you want to change the base?

chore(deps-dev): bump webpack from 5.81.0 to 5.99.9 #1105

Uh oh!

Conversation

dependabot bot commented on behalf of github Jun 18, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v5.99.9

Fixes

v5.99.8

Fixes

v5.99.7

Fixes

v5.99.6

Fixes

v5.99.5

Fixes

v5.99.4

Fixes

v5.99.3

Fixes

Uh oh!

github-actions bot commented Jun 18, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Dependency Review

License Issues

package-lock.json

OpenSSF Scorecard

Scanned Manifest Files

Uh oh!

Uh oh!

dependabot bot commented on behalf of github Jun 18, 2025 •

edited

Loading

github-actions bot commented Jun 18, 2025 •

edited

Loading