@antfu/eslint-config — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

antfu

Keywords

eslint-config

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/index.d.mts	AI (source-diff): Generated .d.mts type declarations have long lines; not obfuscation. Stable for this package.	ai	2026/05/30
source-diff	net-exec-file:dist/index.d.mts	AI (source-diff): Type declaration file; no executable code. False positive on .d.mts content.	ai	2026/05/30
dependencies	unvetted-dep:@vitest/eslint-plugin	AI (dependencies): Official vitest ESLint plugin; legitimate dependency for a well-known ESLint config package.	ai	2026/05/17

Versions (showing 32 of 32)

Version	Deps	Published
9.0.0	36 / 45	2026-05-11
8.3.0	36 / 45	2026-05-11
8.2.0	36 / 43	2026-04-13
8.1.1	36 / 42	2026-04-09
8.1.0	36 / 42	2026-04-08
8.0.0	36 / 42	2026-04-01
7.7.3	36 / 43	2026-03-17
7.7.2	36 / 43	2026-03-12
7.7.0	36 / 43	2026-03-06
7.6.1	35 / 43	2026-02-25
7.6.0	35 / 43	2026-02-25
7.5.0	36 / 43	2026-02-24
7.4.3	36 / 43	2026-02-11
7.4.2	36 / 43	2026-02-10
7.4.1	36 / 43	2026-02-10
7.4.0	36 / 43	2026-02-10
7.3.0	36 / 38	2026-02-07
7.2.0	36 / 38	2026-01-21
7.1.0	36 / 38	2026-01-20
7.0.1	36 / 38	2026-01-15
7.0.0	36 / 38	2026-01-13
6.7.3	36 / 38	2025-12-22
6.7.2	36 / 38	2025-12-21
6.7.1	36 / 38	2025-12-14
6.7.0	36 / 38	2025-12-14
6.6.1	36 / 38	2025-12-10
6.6.0	36 / 38	2025-12-10
6.5.1	36 / 38	2025-12-08
6.5.0	36 / 38	2025-12-08
6.4.2	36 / 38	2025-12-05
6.4.1	36 / 38	2025-12-04
6.3.0	36 / 37	2025-12-03

v9.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.7.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.7.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.7.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.6.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.6.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.4.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.4.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.4.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.7.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.7.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.7.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.7.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.5.1

3 findings

HIGH New obfuscated file: dist/index.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index.d.mts source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.5.0

3 findings

HIGH New obfuscated file: dist/index.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index.d.mts source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.4.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.4.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.