build(deps-dev): bump the dev-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the dev-dependencies group with 5 updates in the / directory:

Package	From	To
@playwright/test	1.61.0	1.61.1
eslint-plugin-import-x	4.16.2	4.17.0
knip	6.17.1	6.18.0
lint-staged	17.0.7	17.0.8
typescript-eslint	8.61.1	8.62.0

Updates @playwright/test from 1.61.0 to 1.61.1

Release notes

Sourced from @​playwright/test's releases.

v1.61.1

Bug Fixes

• #41365 [Bug]: Expect.Extend matcher with same name as default matcher in same expect instance overrides default matchers implementation to custom matcher
• #41351 [Bug]: Playwright UI mode: apiRequestContext._wrapApiCall reports unexpected number of bytes (same test passes in headed mode)
• #41360 [Bug]: Trace viewer: message times in websockets are downscaled by 1000
• #41311 [Bug]: [Regression]: Sync loader throws "context.conditions?.includes is not a function" on Node 22.15
• #41371 [Regression]: Sync ESM loader (registerHooks) fails to resolve extensionless .ts subpath imports across pnpm workspace symlinks

Commits

• 39e3553 cherry-pick(#41399): fix(test): load require-reached files as commonjs in syn...
• 4328122 chore: mark v1.61.1 (#41404)
• 2c29a94 fix(tracing): stop recording websocket frames outside of chunks (#41398)
• 4324b19 cherry-pick(#41367): fix(test): keep builtin expect matchers on base extend
• 041e7e3 cherry-pick(#41364): fix(har): WebSocket message timestamps should be in mi...
• b8a0fc3 cherry-pick(#41309, #43149): Revert "fix(firefox): treat `navigationCommitted...
• b5a3175 cherry-pick(#41319): fix(loader): support other node versions
• d4724a9 cherry-pick(#41290): feat(docker): add Ubuntu 26.04 (Resolute Raccoon) image
• See full diff in compare view

Updates eslint-plugin-import-x from 4.16.2 to 4.17.0

Release notes

Sourced from eslint-plugin-import-x's releases.

v4.17.0

Minor Changes

• #474 4b2c0c5 Thanks @​regseb! - Support RegExp in the import-x/ignore setting and the ignore option of the no-unresolved rule.

Patch Changes

• #494 1c84235 Thanks @​morgan-coded! - Fixed no-unresolved crashing when case-sensitive path checks encounter EACCES or EPERM on an ancestor directory.

• #481 3e13121 Thanks @​B4nan! - fix: memoize legacyNodeResolve resolver to avoid native memory leak

• #484 9a07009 Thanks @​sairus2k! - Make the extensions rule check Node.js subpath imports (specifiers starting with #, e.g. #utils/helper). Previously parsePath treated a leading # as a URL hash fragment, so the rule skipped extension validation for these imports.

  Note: single-segment subpath imports without a slash (e.g. #dep) are still skipped by the existing external-root-module classification; fixing that is deferred to avoid expanding scope.

• #468 240ed58 Thanks @​silverwind! - Make extensions handle .d.ts correctly

• #479 e3cc7e4 Thanks @​mrginglymus! - fix: strip querystrings and hash fragments when checking for file existence

• #476 fce29b1 Thanks @​nbouvrette! - fix(deps): replace @​package-json/types with an inline minimal type

Changelog

Sourced from eslint-plugin-import-x's changelog.

4.17.0

Minor Changes

• #474 4b2c0c5 Thanks @​regseb! - Support RegExp in the import-x/ignore setting and the ignore option of the no-unresolved rule.

Patch Changes

• #494 1c84235 Thanks @​morgan-coded! - Fixed no-unresolved crashing when case-sensitive path checks encounter EACCES or EPERM on an ancestor directory.

• #481 3e13121 Thanks @​B4nan! - fix: memoize legacyNodeResolve resolver to avoid native memory leak

• #484 9a07009 Thanks @​sairus2k! - Make the extensions rule check Node.js subpath imports (specifiers starting with #, e.g. #utils/helper). Previously parsePath treated a leading # as a URL hash fragment, so the rule skipped extension validation for these imports.

  Note: single-segment subpath imports without a slash (e.g. #dep) are still skipped by the existing external-root-module classification; fixing that is deferred to avoid expanding scope.

• #468 240ed58 Thanks @​silverwind! - Make extensions handle .d.ts correctly

• #479 e3cc7e4 Thanks @​mrginglymus! - fix: strip querystrings and hash fragments when checking for file existence

• #476 fce29b1 Thanks @​nbouvrette! - fix(deps): replace @​package-json/types with an inline minimal type

Commits

• 7578513 chore: release eslint-plugin-import-x (#472)
• e3cc7e4 fix: strip querystrings and hash fragments when checking for file existence (...
• 9a07009 fix: make extensions rule check Node.js subpath imports (#484)
• 3e13121 fix: memoize legacyNodeResolve resolver to avoid native memory leak (#481)
• fce29b1 fix(deps): replace @​package-json/types with an inline minimal type (#476)
• 1c84235 fix: handle access errors during case checks (#494)
• 96222bf chore: drop unused tmp (#487)
• 4b2c0c5 feat: support RegExp in ignore (#474)
• 240ed58 fix: make extensions rule handle .d.ts correctly (#468)
• See full diff in compare view

Updates knip from 6.17.1 to 6.18.0

Release notes

Sourced from knip's releases.

Release 6.18.0

• Update dependencies (pin oxc-resolver) (7dda4eccc65c6d61ef2546442eb752b2a73edab9)
• Resolve tsconfig paths for non-TS importers independent of oxc ownership (3b71565e72107d43cbd6d2ddec7ab2fbbf65c001)
• Format (64865f8247b8956def52f1a387234562fbddd667)
• Fix false positive for Vitest mocks (#1802) (ec93e2013deb53902b406463b30fa6386445f9c9) - thanks @​remcohaszing!
• Mark npx-run binaries optional unless --no-install (resolve #1803) (203c31e1b2bd77eb9c94f82121f353fbf0671c67)
• Ignore pnpm [WARN] lines in ecosystem snapshots (392835a39b9429a3d85d712025da4c6531b8ece6)
• Update slonik snapshot (62d802bf8d53d7790f6322f481a290e09812cbcc)
• Update Jest entry patterns for Jest 30 (#1808) (d2caeddf32ba99ca12e5c26e891b7974392f981a) - thanks @​gwagjiug!
• Report stale workspaces configuration keys as configuration hints (#1807) (9083c16b3313fbebf5cb3cd11cadf45ac773bc3d) - thanks @​WooWan!

Release 6.17.2

• Fix up jest plugin (63dbd653b6e1be08a36401f5f728b351ab69e81b)
• Detect coverage provider from bare vitest --coverage flag (#1800) (dc11d9fc5458e6e1f734013eb82403eab07af2c1) - thanks @​WooWan!
• Don't disable configuration hints in workspace-scoped runs (#1791) (8ce1ec8160a786dad90903e43c3ef646ffba9464) - thanks @​WooWan!
• Detect react-email v6 packages from non-numeric version ranges (resolve #1798) (27a1caeb1bff6abcccd7140c7e92e4a57197ad47)
• Discover workspaces included after a negated pattern (resolve #1797) (630e152f6f687d9404cc25ffa01f0d49737d9229)

Commits

• 7bfd556 Release knip@6.18.0
• 9083c16 Report stale workspaces configuration keys as configuration hints (#1807)
• d2caedd Update Jest entry patterns for Jest 30 (#1808)
• 203c31e Mark npx-run binaries optional unless --no-install (resolve #1803)
• ec93e20 Fix false positive for Vitest mocks (#1802)
• 64865f8 Format
• 3b71565 Resolve tsconfig paths for non-TS importers independent of oxc ownership
• 7dda4ec Update dependencies (pin oxc-resolver)
• 4198053 Release knip@6.17.2
• 630e152 Discover workspaces included after a negated pattern (resolve #1797)
• Additional commits viewable in compare view

Updates lint-staged from 17.0.7 to 17.0.8

Release notes

Sourced from lint-staged's releases.

v17.0.8

Patch Changes

• #1809 179b437 - Fix lint-staged discarding the ongoing merge conflict status (.git/MERGE_HEAD) when using the --hide-unstaged or --hide-all options.

• #1811 3d0b2c0 - Fix issues with Git commands that are successful but also emit warnings to stderr, by ignoring the stderr output completely when the process exits with code 0. This was the behavior when using nano-spawn and execa, but when switching to tinyexec in 16.3.0 both stdout and stderr were used as interleaved output.

Changelog

Sourced from lint-staged's changelog.

17.0.8

Patch Changes

• #1809 179b437 - Fix lint-staged discarding the ongoing merge conflict status (.git/MERGE_HEAD) when using the --hide-unstaged or --hide-all options.

• #1811 3d0b2c0 - Fix issues with Git commands that are successful but also emit warnings to stderr, by ignoring the stderr output completely when the process exits with code 0. This was the behavior when using nano-spawn and execa, but when switching to tinyexec in 16.3.0 both stdout and stderr were used as interleaved output.

Commits

• 5f3b8f2 Merge pull request #1812 from lint-staged/changeset-release/main
• 43a9b8d chore(changeset): release
• 630e2f6 Merge pull request #1809 from lint-staged/restore-merge-status
• 179b437 fix: restore Git merge status after creating backup stash
• 6bae2e2 Merge pull request #1811 from lint-staged/exec-git-ignore-stderr
• b82a830 ci: run npm audit omitting dev, including prod dependencies
• 0b19b80 build(deps): update dependencies
• 3d0b2c0 fix: ignore stderr when doing Git operations
• See full diff in compare view

Updates typescript-eslint from 8.61.1 to 8.62.0

Release notes

Sourced from typescript-eslint's releases.

v8.62.0

8.62.0 (2026-06-22)

🚀 Features

• remove redundant package.json "files" (#12444)

🩹 Fixes

• add "files" to rule-schema-to-typescript-types (#12441)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.62.0 (2026-06-22)

🚀 Features

• remove redundant package.json "files" (#12444)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 54e2857 chore(release): publish 8.62.0
• 81e4c26 feat: remove redundant package.json "files" (#12444)
• See full diff in compare view

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@emnapi/core	1.11.1	🟢 3.4	Details Check Score Reason Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Maintained 🟢 10 27 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@emnapi/core	1.11.0	🟢 3.4	Details Check Score Reason Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Maintained 🟢 10 27 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@emnapi/runtime	1.11.1	🟢 3.4	Details Check Score Reason Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Maintained 🟢 10 27 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@emnapi/runtime	1.11.0	🟢 3.4	Details Check Score Reason Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Maintained 🟢 10 27 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@emnapi/wasi-threads	1.2.2	🟢 3.4	Details Check Score Reason Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Maintained 🟢 10 27 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@napi-rs/wasm-runtime	1.1.6	Unknown	Unknown
npm/@oxc-parser/binding-android-arm-eabi	0.137.0	Unknown	Unknown
npm/@oxc-parser/binding-android-arm64	0.137.0	Unknown	Unknown
npm/@oxc-parser/binding-darwin-arm64	0.137.0	Unknown	Unknown
npm/@oxc-parser/binding-darwin-x64	0.137.0	Unknown	Unknown
npm/@oxc-parser/binding-freebsd-x64	0.137.0	Unknown	Unknown
npm/@oxc-parser/binding-linux-arm-gnueabihf	0.137.0	Unknown	Unknown
npm/@oxc-parser/binding-linux-arm-musleabihf	0.137.0	Unknown	Unknown
npm/@oxc-parser/binding-linux-arm64-gnu	0.137.0	Unknown	Unknown
npm/@oxc-parser/binding-linux-arm64-musl	0.137.0	Unknown	Unknown
npm/@oxc-parser/binding-linux-ppc64-gnu	0.137.0	Unknown	Unknown
npm/@oxc-parser/binding-linux-riscv64-gnu	0.137.0	Unknown	Unknown
npm/@oxc-parser/binding-linux-riscv64-musl	0.137.0	Unknown	Unknown
npm/@oxc-parser/binding-linux-s390x-gnu	0.137.0	Unknown	Unknown
npm/@oxc-parser/binding-linux-x64-gnu	0.137.0	Unknown	Unknown
npm/@oxc-parser/binding-linux-x64-musl	0.137.0	Unknown	Unknown
npm/@oxc-parser/binding-openharmony-arm64	0.137.0	Unknown	Unknown
npm/@oxc-parser/binding-wasm32-wasi	0.137.0	Unknown	Unknown
npm/@oxc-parser/binding-win32-arm64-msvc	0.137.0	Unknown	Unknown
npm/@oxc-parser/binding-win32-ia32-msvc	0.137.0	Unknown	Unknown
npm/@oxc-parser/binding-win32-x64-msvc	0.137.0	Unknown	Unknown
npm/@oxc-project/types	0.137.0	Unknown	Unknown
npm/@oxc-resolver/binding-android-arm-eabi	11.21.3	Unknown	Unknown
npm/@oxc-resolver/binding-android-arm64	11.21.3	Unknown	Unknown
npm/@oxc-resolver/binding-darwin-arm64	11.21.3	Unknown	Unknown
npm/@oxc-resolver/binding-darwin-x64	11.21.3	Unknown	Unknown
npm/@oxc-resolver/binding-freebsd-x64	11.21.3	Unknown	Unknown
npm/@oxc-resolver/binding-linux-arm-gnueabihf	11.21.3	Unknown	Unknown
npm/@oxc-resolver/binding-linux-arm-musleabihf	11.21.3	Unknown	Unknown
npm/@oxc-resolver/binding-linux-arm64-gnu	11.21.3	Unknown	Unknown
npm/@oxc-resolver/binding-linux-arm64-musl	11.21.3	Unknown	Unknown
npm/@oxc-resolver/binding-linux-ppc64-gnu	11.21.3	Unknown	Unknown
npm/@oxc-resolver/binding-linux-riscv64-gnu	11.21.3	Unknown	Unknown
npm/@oxc-resolver/binding-linux-riscv64-musl	11.21.3	Unknown	Unknown
npm/@oxc-resolver/binding-linux-s390x-gnu	11.21.3	Unknown	Unknown
npm/@oxc-resolver/binding-linux-x64-gnu	11.21.3	Unknown	Unknown
npm/@oxc-resolver/binding-linux-x64-musl	11.21.3	Unknown	Unknown
npm/@oxc-resolver/binding-openharmony-arm64	11.21.3	Unknown	Unknown
npm/@oxc-resolver/binding-wasm32-wasi	11.21.3	Unknown	Unknown
npm/@oxc-resolver/binding-win32-arm64-msvc	11.21.3	Unknown	Unknown
npm/@oxc-resolver/binding-win32-x64-msvc	11.21.3	Unknown	Unknown
npm/@playwright/test	1.61.1	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) out of 30 and 6 issue activity out of 30 found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 GitHub code reviews found for 29 commits out of the last 30 -- score normalized to 9 CII-Best-Practices ⚠️ 0 no badge detected Vulnerabilities 🟢 10 no vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 no published package detected Token-Permissions ⚠️ 0 non read-only tokens detected in GitHub workflows Binary-Artifacts 🟢 6 binaries present in source code Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches
npm/@tybys/wasm-util	0.10.3	Unknown	Unknown
npm/@typescript-eslint/eslint-plugin	8.62.0	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 26/29 approved changesets -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/parser	8.62.0	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 26/29 approved changesets -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/project-service	8.62.0	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 26/29 approved changesets -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/scope-manager	8.62.0	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 26/29 approved changesets -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/tsconfig-utils	8.62.0	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 26/29 approved changesets -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/type-utils	8.62.0	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 26/29 approved changesets -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/types	8.62.0	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 26/29 approved changesets -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/typescript-estree	8.62.0	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 26/29 approved changesets -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/utils	8.62.0	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 26/29 approved changesets -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/visitor-keys	8.62.0	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 26/29 approved changesets -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/eslint-plugin-import-x	4.17.0	Unknown	Unknown
npm/knip	6.18.0	Unknown	Unknown
npm/lint-staged	17.0.8	Unknown	Unknown
npm/oxc-parser	0.137.0	Unknown	Unknown
npm/oxc-resolver	11.21.3	Unknown	Unknown
npm/playwright	1.61.1	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) out of 30 and 6 issue activity out of 30 found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 GitHub code reviews found for 29 commits out of the last 30 -- score normalized to 9 CII-Best-Practices ⚠️ 0 no badge detected Vulnerabilities 🟢 10 no vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 no published package detected Token-Permissions ⚠️ 0 non read-only tokens detected in GitHub workflows Binary-Artifacts 🟢 6 binaries present in source code Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches
npm/playwright-core	1.61.1	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) out of 30 and 6 issue activity out of 30 found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 GitHub code reviews found for 29 commits out of the last 30 -- score normalized to 9 CII-Best-Practices ⚠️ 0 no badge detected Vulnerabilities 🟢 10 no vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 no published package detected Token-Permissions ⚠️ 0 non read-only tokens detected in GitHub workflows Binary-Artifacts 🟢 6 binaries present in source code Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches
npm/typescript-eslint	8.62.0	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 26/29 approved changesets -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• package-lock.json