chore(deps-dev): bump webpack from 5.81.0 to 5.100.0 #1157

dependabot · 2025-07-10T01:15:35Z

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

--- updated-dependencies: - dependency-name: webpack dependency-version: 5.100.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2025-07-10T01:15:57Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 1 package(s) with unknown licenses.
⚠️ 32 packages with OpenSSF Scorecard issues.

See the Details below.

License Issues

package-lock.json

Package	Version	License	Issue Type
terser	5.43.1	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/webpack

5.81.0

🟢 5.9

Details

Check	Score	Reason
Code-Review	🟢 5	Found 16/29 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 9	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 2	badge detected: InProgress
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

npm/@types/estree

1.0.8

🟢 7

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 9	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Fuzzing	⚠️ 0	project is not fuzzed

npm/@webassemblyjs/ast

1.14.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/floating-point-hex-parser

1.13.2

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/helper-api-error

1.13.2

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/helper-buffer

1.14.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/helper-numbers

1.13.2

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/helper-wasm-bytecode

1.13.2

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/helper-wasm-section

1.14.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/ieee754

1.13.2

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/leb128

1.13.2

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/utf8

1.13.2

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/wasm-edit

1.14.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/wasm-gen

1.14.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/wasm-opt

1.14.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/wasm-parser

1.14.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/wast-printer

1.14.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/acorn

8.15.0

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	24 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 4	Found 14/30 approved changesets -- score normalized to 4
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	⚠️ 0	license file not detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 7	3 existing vulnerabilities detected

npm/acorn-import-phases

1.0.3

Unknown

npm/ajv

8.12.0

🟢 5.5

Details

Check	Score	Reason
Code-Review	🟢 9	Found 29/30 approved changesets -- score normalized to 9
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
License	🟢 10	license file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts	🟢 10	no binaries found in the repo
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/ajv-formats

2.1.1

🟢 4.2

Details

Check	Score	Reason
Code-Review	🟢 4	Found 8/20 approved changesets -- score normalized to 4
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/ajv-keywords

5.1.0

🟢 3.9

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Code-Review	⚠️ 1	Found 2/11 approved changesets -- score normalized to 1
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/browserslist

4.25.1

🟢 4.5

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	⚠️ 1	Found 4/30 approved changesets -- score normalized to 1
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 10	15 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/caniuse-lite

1.0.30001727

🟢 4.3

Details

Check	Score	Reason
Maintained	🟢 10	13 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	no SAST tool detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

npm/electron-to-chromium

1.5.181

Unknown

npm/enhanced-resolve

5.18.2

🟢 6

Details

Check	Score	Reason
Maintained	🟢 9	11 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 9
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Code-Review	⚠️ 2	Found 4/14 approved changesets -- score normalized to 2
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/escalade

3.2.0

🟢 3.5

Details

Check	Score	Reason
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/json-schema-traverse

1.0.0

🟢 3.6

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	⚠️ 2	Found 5/22 approved changesets -- score normalized to 2
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/node-releases

2.0.19

🟢 4.1

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
SAST	⚠️ 0	no SAST tool detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Maintained	🟢 5	7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches

npm/require-from-string

2.0.2

🟢 3.3

Details

Check	Score	Reason
Dangerous-Workflow	⚠️ -1	no workflows found
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ -1	No tokens found
Pinned-Dependencies	⚠️ -1	no dependencies found
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 2	Found 6/24 approved changesets -- score normalized to 2
Maintained	⚠️ 0	project is archived
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/schema-utils

4.3.2

🟢 4.5

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 4/24 approved changesets -- score normalized to 1
Maintained	🟢 5	7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

npm/tapable

2.2.2

🟢 5

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 9	8 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 9
Code-Review	🟢 3	Found 7/20 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	46 existing vulnerabilities detected

npm/terser

5.43.1

🟢 5.8

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 2/30 approved changesets -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 6	4 existing vulnerabilities detected

npm/terser-webpack-plugin

5.3.14

🟢 5.8

Details

Check	Score	Reason
Code-Review	🟢 5	Found 14/27 approved changesets -- score normalized to 5
Maintained	🟢 5	5 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 7	3 existing vulnerabilities detected

npm/update-browserslist-db

1.1.3

⚠️ 2.9

Details

Check	Score	Reason
Maintained	⚠️ 1	0 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1
Code-Review	⚠️ 1	Found 3/22 approved changesets -- score normalized to 1
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 2	8 existing vulnerabilities detected

npm/webpack

5.100.0

🟢 5.9

Details

Check	Score	Reason
Code-Review	🟢 5	Found 16/29 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 9	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	⚠️ 2	badge detected: InProgress
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts	⚠️ 0	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

npm/webpack-sources

3.3.3

🟢 4.7

Details

Check	Score	Reason
Maintained	🟢 10	18 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 3	Found 7/22 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 6	4 existing vulnerabilities detected

npm/@types/estree

1.0.5

🟢 7

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	🟢 9	Found 27/30 approved changesets -- score normalized to 9
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 9	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 8	dependency not pinned by hash detected -- score normalized to 8
Fuzzing	⚠️ 0	project is not fuzzed

npm/@webassemblyjs/ast

1.12.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/floating-point-hex-parser

1.11.6

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/helper-api-error

1.11.6

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/helper-buffer

1.12.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/helper-numbers

1.11.6

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/helper-wasm-bytecode

1.11.6

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/helper-wasm-section

1.12.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/ieee754

1.11.6

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/leb128

1.11.6

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/utf8

1.11.6

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/wasm-edit

1.12.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/wasm-gen

1.12.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/wasm-opt

1.12.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/wasm-parser

1.12.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/@webassemblyjs/wast-printer

1.12.1

⚠️ 1.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/20 approved changesets -- score normalized to 2
Dangerous-Workflow	⚠️ -1	no workflows found
Security-Policy	🟢 9	security policy file detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	71 existing vulnerabilities detected

npm/acorn

8.11.3

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	24 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 4	Found 14/30 approved changesets -- score normalized to 4
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	⚠️ 0	license file not detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 7	3 existing vulnerabilities detected

npm/acorn-import-assertions

1.9.0

Unknown

npm/ajv

6.12.6

🟢 5.5

Details

Check	Score	Reason
Code-Review	🟢 9	Found 29/30 approved changesets -- score normalized to 9
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
License	🟢 10	license file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts	🟢 10	no binaries found in the repo
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/ajv-keywords

3.5.2

🟢 3.9

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Code-Review	⚠️ 1	Found 2/11 approved changesets -- score normalized to 1
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/browserslist

4.23.2

🟢 4.5

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	⚠️ 1	Found 4/30 approved changesets -- score normalized to 1
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 10	15 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/caniuse-lite

1.0.30001723

🟢 4.3

Details

Check	Score	Reason
Maintained	🟢 10	13 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	no SAST tool detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

npm/electron-to-chromium

1.5.1

Unknown

npm/enhanced-resolve

5.16.0

🟢 6

Details

Check	Score	Reason
Maintained	🟢 9	11 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 9
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Code-Review	⚠️ 2	Found 4/14 approved changesets -- score normalized to 2
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/escalade

3.1.2

🟢 3.5

Details

Check	Score	Reason
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/fast-json-stable-stringify

2.1.0

🟢 3.3

Details

Check	Score	Reason
Dangerous-Workflow	⚠️ -1	no workflows found
Code-Review	⚠️ 2	Found 5/22 approved changesets -- score normalized to 2
Pinned-Dependencies	⚠️ -1	no dependencies found
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Token-Permissions	⚠️ -1	No tokens found
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
License	🟢 9	license file detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/json-schema-traverse

0.4.1

🟢 3.6

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	⚠️ 2	Found 5/22 approved changesets -- score normalized to 2
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/node-releases

2.0.14

🟢 4.1

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
SAST	⚠️ 0	no SAST tool detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Maintained	🟢 5	7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches

npm/schema-utils

3.3.0

🟢 4.5

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 4/24 approved changesets -- score normalized to 1
Maintained	🟢 5	7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

npm/tapable

2.2.1

🟢 5

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 9	8 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 9
Code-Review	🟢 3	Found 7/20 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	46 existing vulnerabilities detected

npm/terser

5.29.1

🟢 5.8

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 2/30 approved changesets -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Maintained	🟢 10	30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 6	4 existing vulnerabilities detected

npm/terser-webpack-plugin

5.3.10

🟢 5.8

Details

Check	Score	Reason
Code-Review	🟢 5	Found 14/27 approved changesets -- score normalized to 5
Maintained	🟢 5	5 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 7	3 existing vulnerabilities detected

npm/update-browserslist-db

1.1.0

⚠️ 2.9

Details

Check	Score	Reason
Maintained	⚠️ 1	0 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1
Code-Review	⚠️ 1	Found 3/22 approved changesets -- score normalized to 1
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 2	8 existing vulnerabilities detected

npm/webpack-sources

3.2.3

🟢 4.7

Details

Check	Score	Reason
Maintained	🟢 10	18 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 3	Found 7/22 approved changesets -- score normalized to 3
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 6	4 existing vulnerabilities detected

Scanned Manifest Files

package-lock.json

webpack@5.81.0
@types/estree@1.0.8
@webassemblyjs/ast@1.14.1
@webassemblyjs/floating-point-hex-parser@1.13.2
@webassemblyjs/helper-api-error@1.13.2
@webassemblyjs/helper-buffer@1.14.1
@webassemblyjs/helper-numbers@1.13.2
@webassemblyjs/helper-wasm-bytecode@1.13.2
@webassemblyjs/helper-wasm-section@1.14.1
@webassemblyjs/ieee754@1.13.2
@webassemblyjs/leb128@1.13.2
@webassemblyjs/utf8@1.13.2
@webassemblyjs/wasm-edit@1.14.1
@webassemblyjs/wasm-gen@1.14.1
@webassemblyjs/wasm-opt@1.14.1
@webassemblyjs/wasm-parser@1.14.1
@webassemblyjs/wast-printer@1.14.1
acorn@8.15.0
acorn-import-phases@1.0.3
ajv@6.12.6
ajv@8.12.0
ajv-formats@2.1.1
ajv-keywords@3.5.2
ajv-keywords@5.1.0
browserslist@4.25.1
caniuse-lite@1.0.30001727
electron-to-chromium@1.5.181
enhanced-resolve@5.18.2
escalade@3.2.0
fast-json-stable-stringify@2.1.0
json-schema-traverse@1.0.0
json-schema-traverse@0.4.1
node-releases@2.0.19
require-from-string@2.0.2
schema-utils@4.3.2
tapable@2.2.2
terser@5.43.1
terser-webpack-plugin@5.3.14
update-browserslist-db@1.1.3
webpack@5.100.0
webpack-sources@3.3.3
@types/estree@1.0.5
@webassemblyjs/ast@1.12.1
@webassemblyjs/floating-point-hex-parser@1.11.6
@webassemblyjs/helper-api-error@1.11.6
@webassemblyjs/helper-buffer@1.12.1
@webassemblyjs/helper-numbers@1.11.6
@webassemblyjs/helper-wasm-bytecode@1.11.6
@webassemblyjs/helper-wasm-section@1.12.1
@webassemblyjs/ieee754@1.11.6
@webassemblyjs/leb128@1.11.6
@webassemblyjs/utf8@1.11.6
@webassemblyjs/wasm-edit@1.12.1
@webassemblyjs/wasm-gen@1.12.1
@webassemblyjs/wasm-opt@1.12.1
@webassemblyjs/wasm-parser@1.12.1
@webassemblyjs/wast-printer@1.12.1
acorn@8.11.3
acorn-import-assertions@1.9.0
ajv@6.12.6
ajv-formats@2.1.1
ajv-keywords@3.5.2
ajv-keywords@5.1.0
browserslist@4.23.2
caniuse-lite@1.0.30001723
electron-to-chromium@1.5.1
enhanced-resolve@5.16.0
escalade@3.1.2
fast-json-stable-stringify@2.1.0
json-schema-traverse@0.4.1
node-releases@2.0.14
require-from-string@2.0.2
schema-utils@4.2.0
schema-utils@3.3.0
tapable@2.2.1
terser@5.29.1
terser-webpack-plugin@5.3.10
update-browserslist-db@1.1.0
webpack-sources@3.2.3

package.json

webpack@5.81.0
webpack@5.100.0

chore(deps-dev): bump webpack from 5.81.0 to 5.100.0

2f2ce1f

--- updated-dependencies: - dependency-name: webpack dependency-version: 5.100.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 10, 2025

dependabot bot requested a review from a team as a code owner July 10, 2025 01:15

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 10, 2025

dependabot bot mentioned this pull request Jul 10, 2025

chore(deps-dev): bump webpack from 5.81.0 to 5.96.0 #849

Closed

dependabot bot had a problem deploying to Development July 10, 2025 01:15 Failure

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps-dev): bump webpack from 5.81.0 to 5.100.0 #1157

chore(deps-dev): bump webpack from 5.81.0 to 5.100.0 #1157

Uh oh!

dependabot bot commented on behalf of github Jul 10, 2025

Uh oh!

github-actions bot commented Jul 10, 2025

Uh oh!

Uh oh!

chore(deps-dev): bump webpack from 5.81.0 to 5.100.0 #1157

Are you sure you want to change the base?

chore(deps-dev): bump webpack from 5.81.0 to 5.100.0 #1157

Uh oh!

Conversation

dependabot bot commented on behalf of github Jul 10, 2025

Uh oh!

github-actions bot commented Jul 10, 2025

Dependency Review

License Issues

package-lock.json

OpenSSF Scorecard

Scanned Manifest Files

Uh oh!

Uh oh!