build: add package-lock #5

ali-hosseini-deriv · 2024-06-05T05:39:26Z

Added package-lock file.

github-actions · 2024-06-05T05:39:59Z

Dependency Review

The following issues were found:

❌ 3 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
✅ 0 package(s) with unknown licenses.
⚠️ 10 packages with OpenSSF Scorecard issues.

See the Details below.

Vulnerabilities

package-lock.json

Name	Version	Vulnerability	Severity
jsdom	11.12.0	Insufficient Granularity of Access Control in JSDom	moderate
request	2.88.2	Server-Side Request Forgery in Request	moderate
tough-cookie	2.5.0	tough-cookie Prototype Pollution vulnerability	moderate

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/jsdom

11.12.0

🟢 7.1

Details

Check	Score	Reason
Code-Review	🟢 3	Found 10/26 approved changesets -- score normalized to 3
Maintained	🟢 10	8 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3

npm/request

2.88.2

🟢 4.5

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	🟢 7	Found 20/28 approved changesets -- score normalized to 7
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ -1	No tokens found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies	⚠️ -1	no dependencies found
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/tough-cookie

2.5.0

🟢 7.6

Details

Check	Score	Reason
Maintained	🟢 10	15 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 9	Found 13/14 approved changesets -- score normalized to 9
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 9	security policy file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/abab

2.0.6

🟢 4

Details

Check	Score	Reason
Maintained	⚠️ 0	project is archived
Code-Review	🟢 4	Found 9/19 approved changesets -- score normalized to 4
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	⚠️ -1	no workflows found
Pinned-Dependencies	⚠️ -1	no dependencies found
License	⚠️ 0	license file not detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/acorn

6.4.2

🟢 5.2

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 6/30 approved changesets -- score normalized to 2
Maintained	🟢 10	8 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
License	⚠️ 0	license file not detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed

npm/acorn

5.7.4

🟢 5.2

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 6/30 approved changesets -- score normalized to 2
Maintained	🟢 10	8 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
License	⚠️ 0	license file not detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed

npm/acorn-globals

4.3.4

🟢 4.1

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	🟢 3	Found 10/29 approved changesets -- score normalized to 3
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/acorn-walk

6.2.0

🟢 5.2

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 6/30 approved changesets -- score normalized to 2
Maintained	🟢 10	8 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
License	⚠️ 0	license file not detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed

npm/ajv

6.12.6

🟢 6.4

Details

Check	Score	Reason
Code-Review	🟢 8	Found 22/26 approved changesets -- score normalized to 8
Maintained	🟢 10	17 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 2	badge detected: InProgress
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/array-equal

1.0.2

🟢 4.4

Details

Check	Score	Reason
Code-Review	🟢 4	Found 3/7 approved changesets -- score normalized to 4
Maintained	⚠️ 0	1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Packaging	⚠️ -1	packaging workflow not detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

npm/asn1

0.2.6

Unknown

npm/assert-plus

1.0.0

Unknown

npm/async-limiter

1.0.1

Unknown

npm/asynckit

0.4.0

🟢 3

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	⚠️ 0	Found 0/24 approved changesets -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
SAST	⚠️ 0	no SAST tool detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
Security-Policy	⚠️ 0	security policy file not detected

npm/aws-sign2

0.7.0

🟢 3.3

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	⚠️ 2	Found 7/24 approved changesets -- score normalized to 2
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	⚠️ -1	no workflows found
Pinned-Dependencies	⚠️ -1	no dependencies found
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/aws4

1.13.0

🟢 4.4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/27 approved changesets -- score normalized to 0
Maintained	🟢 10	10 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
License	🟢 10	license file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/bcrypt-pbkdf

1.0.2

🟢 3.8

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 1/4 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	⚠️ -1	no workflows found
Pinned-Dependencies	⚠️ -1	no dependencies found
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	⚠️ 0	security policy file not detected

npm/browser-process-hrtime

1.0.0

🟢 3.2

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/21 approved changesets -- score normalized to 1
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
License	🟢 10	license file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Pinned-Dependencies	⚠️ -1	no dependencies found
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ -1	No tokens found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/caseless

0.12.0

🟢 3.3

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 6/30 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	⚠️ -1	no workflows found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/combined-stream

1.0.8

🟢 3.2

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/24 approved changesets -- score normalized to 1
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/core-util-is

1.0.2

⚠️ 1.7

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 2/24 approved changesets -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
Token-Permissions	⚠️ -1	No tokens found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	10 existing vulnerabilities detected

npm/cssom

0.3.8

🟢 3.2

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 5/30 approved changesets -- score normalized to 1
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
Pinned-Dependencies	⚠️ -1	no dependencies found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/cssstyle

1.4.0

🟢 4.3

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/21 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

npm/dashdash

1.14.1

⚠️ 2.7

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Vulnerabilities	⚠️ 0	11 existing vulnerabilities detected

npm/data-urls

1.1.0

🟢 4.2

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 2/26 approved changesets -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/deep-is

0.1.4

🟢 3

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/23 approved changesets -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/delayed-stream

1.0.0

🟢 3

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 2/29 approved changesets -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	⚠️ -1	no dependencies found
Dangerous-Workflow	⚠️ -1	no workflows found
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ -1	No tokens found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/domexception

1.0.1

🟢 3.5

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/18 approved changesets -- score normalized to 0
Maintained	⚠️ 0	project is archived
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	⚠️ -1	no workflows found
Token-Permissions	⚠️ -1	No tokens found
Pinned-Dependencies	⚠️ -1	no dependencies found
License	⚠️ 0	license file not detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/ecc-jsbn

0.1.2

🟢 3.2

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	⚠️ 1	Found 2/17 approved changesets -- score normalized to 1
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Token-Permissions	⚠️ -1	No tokens found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/escodegen

1.14.3

🟢 3.6

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	🟢 4	Found 13/30 approved changesets -- score normalized to 4
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	⚠️ 0	security policy file not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed

npm/esprima

4.0.1

⚠️ 2.9

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	🟢 3	Found 11/29 approved changesets -- score normalized to 3
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
License	🟢 10	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	44 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2

npm/estraverse

4.3.0

🟢 3.7

Details

Check	Score	Reason
Code-Review	🟢 5	Found 13/26 approved changesets -- score normalized to 5
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Dangerous-Workflow	⚠️ -1	no workflows found
Pinned-Dependencies	⚠️ -1	no dependencies found
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/esutils

2.0.3

🟢 3.3

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 6/27 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
Token-Permissions	⚠️ -1	No tokens found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/extend

3.0.2

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 2/30 approved changesets -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
License	🟢 10	license file detected
Security-Policy	🟢 9	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

npm/extsprintf

1.3.0

Unknown

npm/fast-deep-equal

3.1.3

🟢 3.3

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 3/13 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/fast-json-stable-stringify

2.1.0

🟢 3.3

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/22 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Token-Permissions	⚠️ -1	No tokens found
Pinned-Dependencies	⚠️ -1	no dependencies found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/fast-levenshtein

2.0.6

🟢 3.3

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 6/25 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
License	🟢 10	license file detected
Pinned-Dependencies	⚠️ -1	no dependencies found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/forever-agent

0.6.1

🟢 3.3

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 7/25 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
License	🟢 10	license file detected
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	⚠️ -1	no dependencies found
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ -1	No tokens found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/form-data

2.3.3

🟢 4.7

Details

Check	Score	Reason
Code-Review	🟢 8	Found 13/16 approved changesets -- score normalized to 8
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Pinned-Dependencies	⚠️ -1	no dependencies found
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	⚠️ -1	no workflows found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/getpass

0.1.7

🟢 3

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/15 approved changesets -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Packaging	⚠️ -1	packaging workflow not detected
SAST	⚠️ 0	no SAST tool detected
Pinned-Dependencies	⚠️ -1	no dependencies found
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	⚠️ -1	no workflows found
Token-Permissions	⚠️ -1	No tokens found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	⚠️ 0	security policy file not detected

npm/har-schema

2.0.0

🟢 3.5

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	⚠️ 0	Found 1/19 approved changesets -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Token-Permissions	⚠️ -1	No tokens found
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	⚠️ -1	no dependencies found
Dangerous-Workflow	⚠️ -1	no workflows found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/har-validator

5.1.5

🟢 4.9

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	⚠️ 0	Found 0/13 approved changesets -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	⚠️ -1	no dependencies found
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 7	3 existing vulnerabilities detected

npm/html-encoding-sniffer

1.0.2

🟢 4.3

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 2/17 approved changesets -- score normalized to 1
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/http-signature

1.2.0

Unknown

npm/iconv-lite

0.4.24

🟢 3.2

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 5/30 approved changesets -- score normalized to 1
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/is-typedarray

1.0.0

🟢 3.3

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	⚠️ 2	Found 1/4 approved changesets -- score normalized to 2
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
License	🟢 9	license file detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
Pinned-Dependencies	⚠️ -1	no dependencies found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected

npm/isstream

0.1.2

🟢 3.2

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	⚠️ 1	Found 1/10 approved changesets -- score normalized to 1
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/jsbn

0.1.1

🟢 3.1

Details

Check	Score	Reason
Code-Review	🟢 4	Found 10/24 approved changesets -- score normalized to 4
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Pinned-Dependencies	⚠️ -1	no dependencies found
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
Vulnerabilities	🟢 7	3 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/json-schema

0.4.0

🟢 4.3

Details

Check	Score	Reason
Code-Review	🟢 3	Found 9/23 approved changesets -- score normalized to 3
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
License	🟢 9	license file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Token-Permissions	⚠️ -1	No tokens found
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	🟢 10	security policy file detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Pinned-Dependencies	⚠️ -1	no dependencies found
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/json-schema-traverse

0.4.1

🟢 3.6

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/22 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

npm/json-stringify-safe

5.0.1

🟢 3.5

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
License	🟢 10	license file detected
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	⚠️ -1	no dependencies found
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	⚠️ -1	no workflows found
SAST	⚠️ 0	no SAST tool detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected

npm/jsprim

1.4.2

Unknown

npm/left-pad

1.3.0

Unknown

npm/levn

0.3.0

⚠️ 2.9

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/19 approved changesets -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

npm/lodash

4.17.21

🟢 6.5

Details

Check	Score	Reason
Code-Review	🟢 6	Found 20/30 approved changesets -- score normalized to 6
Maintained	🟢 7	1 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 7
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	🟢 10	project is fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/lodash.sortby

4.7.0

🟢 6.5

Details

Check	Score	Reason
Code-Review	🟢 6	Found 20/30 approved changesets -- score normalized to 6
Maintained	🟢 7	1 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 7
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	🟢 10	project is fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/mime-db

1.52.0

🟢 3.8

Details

Check	Score	Reason
Maintained	⚠️ 2	3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2
Code-Review	⚠️ 1	Found 4/30 approved changesets -- score normalized to 1
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2

npm/mime-types

2.1.35

🟢 3.8

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/30 approved changesets -- score normalized to 1
Maintained	⚠️ 1	2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2

npm/nwsapi

2.2.10

🟢 3.2

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/27 approved changesets -- score normalized to 1
Maintained	🟢 10	18 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	⚠️ 0	binaries present in source code
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ -1	no dependencies found
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed

npm/oauth-sign

0.9.0

🟢 3.4

Details

Check	Score	Reason
Code-Review	🟢 3	Found 8/26 approved changesets -- score normalized to 3
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ -1	No tokens found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/optionator

0.8.3

🟢 3.4

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 2/18 approved changesets -- score normalized to 1
Maintained	⚠️ 2	2 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 2
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ -1	No tokens found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/parse5

4.0.0

🟢 7.1

Details

Check	Score	Reason
Code-Review	⚠️ -1	Found no human activity in the last 30 changesets
Maintained	🟢 10	28 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected
Pinned-Dependencies	🟢 4	dependency not pinned by hash detected -- score normalized to 4

npm/performance-now

2.1.0

⚠️ 2.6

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/1 approved changesets -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
SAST	⚠️ 0	no SAST tool detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Pinned-Dependencies	⚠️ -1	no dependencies found
Dangerous-Workflow	⚠️ -1	no workflows found
License	⚠️ 0	license file not detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
Signed-Releases	⚠️ -1	no releases found

npm/pn

1.1.0

⚠️ 2.6

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/22 approved changesets -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
SAST	⚠️ 0	no SAST tool detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Dangerous-Workflow	⚠️ -1	no workflows found
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
License	⚠️ 0	license file not detected
Pinned-Dependencies	⚠️ -1	no dependencies found
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected

npm/prelude-ls

1.1.2

⚠️ 2.4

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	⚠️ 1	Found 2/12 approved changesets -- score normalized to 1
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Pinned-Dependencies	⚠️ -1	no dependencies found
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 4	6 existing vulnerabilities detected

npm/psl

1.9.0

🟢 3.8

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/29 approved changesets -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

npm/punycode

2.3.1

🟢 3.8

Details

Check	Score	Reason
Code-Review	🟢 4	Found 13/30 approved changesets -- score normalized to 4
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

npm/qs

6.5.3

🟢 6.6

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 5/28 approved changesets -- score normalized to 1
Maintained	🟢 10	9 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 9	security policy file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

npm/request-promise-core

1.1.4

🟢 3

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 2/28 approved changesets -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	⚠️ -1	no workflows found
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/request-promise-native

1.0.9

🟢 3.3

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/24 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
License	🟢 10	license file detected
Pinned-Dependencies	⚠️ -1	no dependencies found
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/safe-buffer

5.1.2

🟢 3.6

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/23 approved changesets -- score normalized to 1
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
License	🟢 10	license file detected
Pinned-Dependencies	⚠️ -1	no dependencies found
Dangerous-Workflow	⚠️ -1	no workflows found
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	⚠️ 0	security policy file not detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/safer-buffer

2.1.2

🟢 3.2

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 4/30 approved changesets -- score normalized to 1
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	⚠️ -1	no workflows found
Pinned-Dependencies	⚠️ -1	no dependencies found
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/sax

1.4.1

🟢 3.3

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 6/25 approved changesets -- score normalized to 2
Maintained	🟢 5	7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 2	8 existing vulnerabilities detected

npm/source-map

0.6.1

🟢 5

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	⚠️ 2	2 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 2
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 9	binaries present in source code
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 8	2 existing vulnerabilities detected
Pinned-Dependencies	🟢 4	dependency not pinned by hash detected -- score normalized to 4

npm/sshpk

1.18.0

Unknown

npm/stealthy-require

1.1.1

🟢 3

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/27 approved changesets -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	⚠️ -1	no workflows found
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/symbol-tree

3.2.4

🟢 3.9

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/23 approved changesets -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ -1	No tokens found
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/tr46

1.0.1

🟢 4.3

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 4/22 approved changesets -- score normalized to 1
Maintained	⚠️ 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3

npm/tunnel-agent

0.6.0

🟢 3.3

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	⚠️ 2	Found 8/28 approved changesets -- score normalized to 2
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Pinned-Dependencies	⚠️ -1	no dependencies found
Token-Permissions	⚠️ -1	No tokens found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/tweetnacl

0.14.5

⚠️ 2.3

Details

Check	Score	Reason
Maintained	🟢 3	2 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 3
Code-Review	⚠️ 2	Found 5/24 approved changesets -- score normalized to 2
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Token-Permissions	⚠️ -1	No tokens found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Pinned-Dependencies	⚠️ -1	no dependencies found
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	19 existing vulnerabilities detected

npm/type-check

0.3.2

⚠️ 2.7

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 2/10 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	⚠️ -1	no workflows found
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 5	5 existing vulnerabilities detected

npm/uri-js

4.4.1

⚠️ 2.1

Details

Check	Score	Reason
Code-Review	🟢 3	Found 8/22 approved changesets -- score normalized to 3
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	⚠️ -1	no dependencies found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	14 existing vulnerabilities detected

npm/uuid

3.4.0

🟢 4

Details

Check	Score	Reason
Code-Review	🟢 8	Found 25/30 approved changesets -- score normalized to 8
Maintained	⚠️ 1	0 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 3	security policy file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 1	SAST tool is not run on all commits -- score normalized to 1
Pinned-Dependencies	⚠️ 1	dependency not pinned by hash detected -- score normalized to 1
Vulnerabilities	⚠️ 0	11 existing vulnerabilities detected

npm/verror

1.10.0

Unknown

npm/w3c-hr-time

1.0.2

🟢 3.5

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 2/23 approved changesets -- score normalized to 0
Maintained	⚠️ 0	project is archived
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ -1	no dependencies found
Token-Permissions	⚠️ -1	No tokens found
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Dangerous-Workflow	⚠️ -1	no workflows found
License	⚠️ 0	license file not detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/webidl-conversions

4.0.2

🟢 3.9

Details

Check	Score	Reason
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review	⚠️ 2	Found 8/27 approved changesets -- score normalized to 2
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 2	8 existing vulnerabilities detected

npm/whatwg-encoding

1.0.5

🟢 4.3

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 4/25 approved changesets -- score normalized to 1
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3

npm/whatwg-mimetype

2.3.0

🟢 4.2

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/27 approved changesets -- score normalized to 0
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/whatwg-url

7.1.0

🟢 4.5

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 2/23 approved changesets -- score normalized to 0
Maintained	🟢 3	1 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2

npm/whatwg-url

6.5.0

🟢 4.5

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 2/23 approved changesets -- score normalized to 0
Maintained	🟢 3	1 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2

npm/word-wrap

1.2.5

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 5/18 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	🟢 10	packaging workflow detected
Security-Policy	⚠️ 0	security policy file not detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

npm/ws

5.2.3

🟢 6

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 4/30 approved changesets -- score normalized to 1
Maintained	🟢 10	12 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

npm/xml-name-validator

3.0.0

🟢 4.3

Details

Check	Score	Reason
Code-Review	⚠️ 1	Found 3/25 approved changesets -- score normalized to 1
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

Scanned Manifest Files

package-lock.json

ejs@2.5.9
minimist@0.0.10
glob-parent@3.1.0
lodash.template@4.5.0
google-closure-library@20190121.0.0
jsdom@11.12.0
request@2.88.2
tough-cookie@2.5.0
@babel/code-frame@7.24.6
@babel/helper-validator-identifier@7.24.6
@babel/highlight@7.24.6
abab@2.0.6
acorn@6.4.2
acorn@5.7.4
acorn-globals@4.3.4
acorn-jsx@5.3.2
acorn-walk@6.2.0
ajv@6.12.6
ansi-colors@1.1.0
ansi-cyan@0.1.1
ansi-escapes@3.2.0
ansi-gray@0.1.1
ansi-red@0.1.1
ansi-regex@3.0.1
ansi-regex@2.1.1
ansi-regex@4.1.1
ansi-styles@3.2.1
ansi-styles@2.2.1
ansi-wrap@0.1.0
anymatch@2.0.0
append-buffer@1.0.2
archiver@2.1.1
archiver-utils@1.3.0
archy@1.0.0
argparse@1.0.10
arr-diff@4.0.0
arr-diff@1.1.0
arr-filter@1.1.2
arr-flatten@1.1.0
arr-map@2.0.2
arr-union@2.1.0
arr-union@3.1.0
array-each@1.0.1
array-equal@1.0.2
array-initial@1.1.0
array-last@1.3.0
array-slice@1.1.0
array-slice@0.2.3
array-sort@1.0.0
array-unique@0.3.2
asn1@0.2.6
assert-plus@1.0.0
assign-symbols@1.0.0
astral-regex@1.0.0
async@2.6.4
async-done@1.3.2
async-each@1.0.6
async-limiter@1.0.1
async-settle@1.0.0
asynckit@0.4.0
atob@2.1.2
aws-sign2@0.7.0
aws4@1.13.0
babel-runtime@6.26.0
bach@1.2.0
balanced-match@1.0.2
base@0.11.2
base64-js@1.5.1
bcrypt-pbkdf@1.0.2
binary-extensions@1.13.1
bindings@1.5.0
bl@1.2.3
brace-expansion@1.1.11
braces@2.3.2
browser-process-hrtime@1.0.0
buffer@5.7.1
buffer-alloc@1.2.0
buffer-alloc-unsafe@1.1.0
buffer-crc32@0.2.13
buffer-equal@1.0.1
buffer-fill@1.0.0
buffer-from@1.1.2
cache-base@1.0.1
call-bind@1.0.7
callsites@3.1.0
camelcase@3.0.0
caseless@0.12.0
chalk@2.4.2
chalk@1.1.3
chardet@0.7.0
chardet@0.4.2
chokidar@2.1.8
class-utils@0.3.6
cli@1.0.1
cli-cursor@2.1.0
cli-width@2.2.1
cliui@3.2.0
clone@2.1.2
clone-buffer@1.0.0
clone-stats@1.0.0
cloneable-readable@1.1.3
code-point-at@1.1.0
collection-map@1.0.0
collection-visit@1.0.0
color-convert@1.9.3
color-name@1.1.3
color-support@1.1.3
combined-stream@1.0.8
component-emitter@1.3.1
compress-commons@1.2.2
concat-map@0.0.1
concat-stream@1.6.2
concat-with-sourcemaps@1.1.0
console-browserify@1.1.0
convert-source-map@1.9.0
copy-descriptor@0.1.1
copy-props@2.0.5
core-js@2.6.12
core-util-is@1.0.3
core-util-is@1.0.2
crc@3.8.0
crc32-stream@2.0.0
cross-spawn@6.0.5
css@2.2.4
css-parse@2.0.0
css-value@0.0.1
cssom@0.3.8
cssstyle@1.4.0
d@1.0.2
dashdash@1.14.1
data-urls@1.1.0
date-now@0.1.4
debug@4.3.4
debug@2.6.9
decamelize@1.2.0
decode-uri-component@0.2.2
deep-is@0.1.4
deepmerge@2.0.1
default-compare@1.0.0
default-resolution@2.0.0
define-data-property@1.1.4
define-properties@1.2.1
define-property@1.0.0
define-property@0.2.5
define-property@2.0.2
delayed-stream@1.0.0
detect-file@1.0.0
doctrine@3.0.0
dom-serializer@0.2.2
domelementtype@2.3.0
domelementtype@1.3.1
domexception@1.0.1
domhandler@2.3.0
domutils@1.5.1
duplexify@3.7.1
each-props@1.3.2
ecc-jsbn@0.1.2
emoji-regex@7.0.3
end-of-stream@1.4.4
entities@2.2.0
entities@1.0.0
error-ex@1.3.2
es-define-property@1.0.0
es-errors@1.3.0
es5-ext@0.10.64
es6-iterator@2.0.3
es6-symbol@3.1.4
es6-weak-map@2.0.3
escape-string-regexp@1.0.5
escodegen@1.14.3
eslint@5.16.0
eslint-scope@4.0.3
eslint-utils@1.4.3
eslint-visitor-keys@1.3.0
esniff@2.0.1
espree@5.0.1
esprima@4.0.1
esquery@1.5.0
esrecurse@4.3.0
estraverse@5.3.0
estraverse@4.3.0
esutils@2.0.3
event-emitter@0.3.5
exit@0.1.2
expand-brackets@2.1.4
expand-tilde@2.0.2
ext@1.7.0
extend@3.0.2
extend-shallow@2.0.1
extend-shallow@3.0.2
extend-shallow@1.1.4
external-editor@3.1.0
external-editor@2.2.0
extglob@2.0.4
extsprintf@1.3.0
fancy-log@1.3.3
fast-deep-equal@3.1.3
fast-json-stable-stringify@2.1.0
fast-levenshtein@2.0.6
fast-levenshtein@1.1.4
figures@2.0.0
file-entry-cache@5.0.1
file-uri-to-path@1.0.0
fill-range@4.0.0
find-up@1.1.2
findup-sync@3.0.0
findup-sync@2.0.0
fined@1.2.0
flagged-respawn@1.0.1
flat-cache@2.0.1
flatted@2.0.2
flush-write-stream@1.1.1
for-in@1.0.2
for-own@1.0.0
forever-agent@0.6.1
form-data@2.3.3
fragment-cache@0.2.1
fs-constants@1.0.0
fs-mkdirp-stream@1.0.0
fs.realpath@1.0.0
fsevents@1.2.13
function-bind@1.1.2
functional-red-black-tree@1.0.1
gaze@1.1.3
get-caller-file@1.0.3
get-intrinsic@1.2.4
get-value@2.0.6
getpass@0.1.7
glob@7.2.3
glob@7.1.7
glob-stream@6.1.0
glob-watcher@5.0.5
global-modules@1.0.0
global-prefix@1.0.2
globals@11.12.0
globule@1.3.4
glogg@1.0.2
google-closure-compiler@20190121.0.0
google-closure-compiler-java@20190121.0.0
google-closure-compiler-js@20190121.0.0
google-closure-compiler-linux@20190121.0.0
google-closure-compiler-osx@20190121.0.0
gopd@1.0.1
graceful-fs@4.2.11
grapheme-splitter@1.0.4
gulp@4.0.2
gulp-cli@2.3.0
gulp-concat@2.6.1
gulp-insert@0.5.0
gulp-series@1.0.2
gulp-shell@0.6.5
gulplog@1.0.0
har-schema@2.0.0
har-validator@5.1.5
has-ansi@2.0.0
has-flag@3.0.0
has-flag@2.0.0
has-property-descriptors@1.0.2
has-proto@1.0.3
has-symbols@1.0.3
has-value@1.0.0
has-value@0.3.1
has-values@1.0.0
has-values@0.1.4
hasown@2.0.2
homedir-polyfill@1.0.3
hosted-git-info@2.8.9
html-encoding-sniffer@1.0.2
htmlparser2@3.8.3
http-signature@1.2.0
iconv-lite@0.4.24
ieee754@1.2.1
ignore@4.0.6
import-fresh@3.3.0
imurmurhash@0.1.4
inflight@1.0.6
inherits@2.0.4
ini@1.3.8
inquirer@6.5.2
inquirer@3.3.0
interpret@1.4.0
invert-kv@1.0.0
is-absolute@1.0.0
is-accessor-descriptor@1.0.1
is-arrayish@0.2.1
is-binary-path@1.0.1
is-buffer@1.1.6
is-core-module@2.13.1
is-data-descriptor@1.0.1
is-descriptor@0.1.7
is-descriptor@1.0.3
is-extendable@0.1.1
is-extendable@1.0.1
is-extglob@2.1.1
is-fullwidth-code-point@1.0.0
is-fullwidth-code-point@2.0.0
is-glob@3.1.0
is-glob@4.0.3
is-negated-glob@1.0.0
is-number@4.0.0
is-number@3.0.0
is-plain-object@2.0.4
is-plain-object@5.0.0
is-relative@1.0.0
is-typedarray@1.0.0
is-unc-path@1.0.0
is-utf8@0.2.1
is-valid-glob@1.0.0
is-windows@1.0.2
isarray@0.0.1
isarray@1.0.0
isexe@2.0.0
isobject@3.0.1
isobject@2.1.0
isstream@0.1.2
js-tokens@4.0.0
js-yaml@3.14.1
jsbn@0.1.1
jshint@2.13.6
json-schema@0.4.0
json-schema-traverse@0.4.1
json-stable-stringify-without-jsonify@1.0.1
json-stringify-safe@5.0.1
jsprim@1.4.2
just-debounce@1.1.0
kind-of@4.0.0
kind-of@3.2.2
kind-of@5.1.0
kind-of@6.0.3
kind-of@1.1.0
last-run@1.1.1
lazystream@1.0.1
lcid@1.0.0
lead@1.0.0
left-pad@1.3.0
levn@0.3.0
liftoff@3.1.0
load-json-file@1.1.0
lodash@4.17.21
lodash._reinterpolate@3.0.0
lodash.sortby@4.7.0
lodash.templatesettings@4.2.0
make-iterator@1.0.1
map-cache@0.2.2
map-visit@1.0.0
matchdep@2.0.0
micromatch@3.1.10
mime-db@1.52.0
mime-types@2.1.35
mimic-fn@1.2.0
minimatch@3.0.8
minimatch@3.1.2
minimist@1.2.8
mixin-deep@1.3.2
mkdirp@0.5.6
ms@2.0.0
ms@2.1.2
mute-stdout@1.0.1
mute-stream@0.0.7
nan@2.19.0
nanomatch@1.2.13
natural-compare@1.4.0
next-tick@1.1.0
nice-try@1.0.5
normalize-package-data@2.5.0
normalize-path@2.1.1
normalize-path@3.0.0
now-and-later@2.0.1
npm-install-package@2.1.0
number-is-nan@1.0.1
nwsapi@2.2.10
oauth-sign@0.9.0
object-copy@0.1.0
object-inspect@1.13.1
object-keys@1.1.1
object-visit@1.0.1
object.assign@4.1.5
object.defaults@1.1.0
object.map@1.0.1
object.pick@1.3.0
object.reduce@1.0.1
once@1.4.0
onetime@2.0.1
optimist@0.6.1
optionator@0.8.3
ordered-read-streams@1.0.1
os-locale@1.4.0
os-tmpdir@1.0.2
parent-module@1.0.1
parse-filepath@1.0.2
parse-json@2.2.0
parse-node-version@1.0.1
parse-passwd@1.0.0
parse5@4.0.0
pascalcase@0.1.1
path-dirname@1.0.2
path-exists@2.1.0
path-is-absolute@1.0.1
path-is-inside@1.0.2
path-key@2.0.1
path-parse@1.0.7
path-root@0.1.1
path-root-regex@0.1.2
path-type@1.1.0
performance-now@2.1.0
picocolors@1.0.1
pify@2.3.0
pinkie@2.0.4
pinkie-promise@2.0.1
plugin-error@0.1.2
pn@1.1.0
posix-character-classes@0.1.1
prelude-ls@1.1.2
pretty-hrtime@1.0.3
process-nextick-args@2.0.1
progress@2.0.3
psl@1.9.0
pump@2.0.1
pumpify@1.5.1
punycode@2.3.1
punycode@1.4.1
q@1.5.1
qs@6.5.3
qs@6.12.1
read-pkg@1.1.0
read-pkg-up@1.0.1
readable-stream@1.1.14
readable-stream@2.3.8
readdirp@2.2.1
rechoir@0.6.2
regenerator-runtime@0.11.1
regex-not@1.0.2
regexpp@2.0.1
remove-bom-buffer@3.0.0
remove-bom-stream@1.2.0
remove-trailing-separator@1.1.0
repeat-element@1.1.4
repeat-string@1.6.1
replace-ext@1.0.1
replace-homedir@1.0.0
request-promise-core@1.1.4
request-promise-native@1.0.9
require-directory@2.1.1
require-main-filename@1.0.1
resolve@1.22.8
resolve-dir@1.0.1
resolve-from@4.0.0
resolve-options@1.1.0
resolve-url@0.2.1
restore-cursor@2.0.0
ret@0.1.15
rgb2hex@0.1.10
rimraf@2.6.3
run-async@2.4.1
rx-lite@4.0.8
rx-lite-aggregates@4.0.8
rxjs@6.6.7
safe-buffer@5.1.2
safe-regex@1.1.0
safer-buffer@2.1.2
sax@1.4.1
semver@5.7.2
semver-greatest-satisfied-range@1.1.0
set-blocking@2.0.0
set-function-length@1.2.2
set-value@2.0.1
shebang-command@1.2.0
shebang-regex@1.0.0
side-channel@1.0.6
signal-exit@3.0.7
slice-ansi@2.1.0
snapdragon@0.8.2
snapdragon-node@2.1.1
snapdragon-util@3.0.1
source-map@0.5.7
source-map@0.6.1
source-map-resolve@0.5.3
source-map-url@0.4.1
sparkles@1.0.1
spdx-correct@3.2.0
spdx-exceptions@2.5.0
spdx-expression-parse@3.0.1
spdx-license-ids@3.0.18
split-string@3.1.0
sprintf-js@1.0.3
sshpk@1.18.0
stack-trace@0.0.10
static-extend@0.1.2
stealthy-require@1.1.1
stream-exhaust@1.0.2
stream-shift@1.0.3
streamqueue@0.0.6
string-width@1.0.2
string-width@2.1.1
string-width@3.1.0
string_decoder@0.10.31
string_decoder@1.1.1
strip-ansi@3.0.1
strip-ansi@5.2.0
strip-ansi@4.0.0
strip-bom@2.0.0
strip-json-comments@1.0.4
strip-json-comments@2.0.1
supports-color@2.0.0
supports-color@5.5.0
supports-color@5.0.1
supports-preserve-symlinks-flag@1.0.0
sver-compat@1.5.0
symbol-tree@3.2.4
table@5.4.6
tar-stream@1.6.2
text-table@0.2.0
through@2.3.8
through2@2.0.5
through2-filter@3.0.0
time-stamp@1.1.0
tmp@0.0.33
to-absolute-glob@2.0.2
to-buffer@1.1.1
to-object-path@0.3.0
to-regex@3.0.2
to-regex-range@2.1.1
to-through@2.0.0
tr46@1.0.1
tslib@1.14.1
tunnel-agent@0.6.0
tweetnacl@0.14.5
type@2.7.2
type-check@0.3.2
typedarray@0.0.6
unc-path-regex@0.1.2
undertaker@1.3.0
undertaker-registry@1.0.1
union-value@1.0.1
unique-stream@2.3.1
unset-value@1.0.0
upath@1.2.0
uri-js@4.4.1
urix@0.1.0
url@0.11.3
use@3.1.1
util-deprecate@1.0.2
uuid@3.4.0
v8flags@3.2.0
validate-npm-package-license@3.0.4
value-or-function@3.0.0
verror@1.10.0
vinyl@2.2.1
vinyl-fs@3.0.3
vinyl-sourcemap@1.1.0
vinyl-sourcemaps-apply@0.2.1
w3c-hr-time@1.0.2
wdio-dot-reporter@0.0.10
webdriverio@4.14.4
webidl-conversions@4.0.2
wgxpath@1.0.0
whatwg-encoding@1.0.5
whatwg-mimetype@2.3.0
whatwg-url@7.1.0
whatwg-url@6.5.0
which@1.3.1
which-module@1.0.0
word-wrap@1.2.5
wordwrap@0.0.3
wrap-ansi@2.1.0
wrappy@1.0.2
write@1.0.3
ws@5.2.3
xml-name-validator@3.0.0
xtend@4.0.2
y18n@3.2.2
yargs@7.1.2
yargs-parser@5.0.1
zip-stream@1.2.0

build: add package-lock

af72be5

sandeep-deriv approved these changes Jun 5, 2024

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build: add package-lock #5

build: add package-lock #5

Uh oh!

ali-hosseini-deriv commented Jun 5, 2024

Uh oh!

github-actions bot commented Jun 5, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

build: add package-lock #5

Are you sure you want to change the base?

build: add package-lock #5

Uh oh!

Conversation

ali-hosseini-deriv commented Jun 5, 2024

Uh oh!

github-actions bot commented Jun 5, 2024

Dependency Review

Vulnerabilities

package-lock.json

OpenSSF Scorecard

Scanned Manifest Files

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants