@cdklabs/eslint-plugin Apache-2.0 24 versions

@cdklabs/eslint-plugin

npm Repository Homepage

eslint rules published by the CDK team. Contains CDK rules and others.

24

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

cdklabs-automationaws-cdk-teamamzn-oss

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:lib/rules/no-unconditional-token-allocation.js	AI (source-diff): Compiled TypeScript ESLint rule; long lines are bundled JS, not obfuscation. Pattern stable for this package.	ai	2026/05/19
source-diff	obfuscated-file:lib/rules/no-evaluating-typeguard.js	AI (source-diff): Long lines are from inline JSDoc strings and TS-compiled output, not obfuscation. Readable source visible in sample.	ai	2026/05/16
phantom-deps	phantom-dep:fs-extra	AI (phantom-deps): fs-extra is a declared runtime dependency; phantom-dep heuristic fires because it's used indirectly via config files.	ai	2026/05/16

Versions (showing 24 of 24)

Version	Deps	Published
2.0.7	3 / 24	2026-05-25
2.0.6	3 / 24	2026-05-18
2.0.5	3 / 24	2026-05-11
2.0.4	3 / 24	2026-05-04
2.0.3	3 / 24	2026-04-27
2.0.2	3 / 24	2026-04-20
2.0.1	3 / 24	2026-04-13
2.0.0	3 / 24	2026-04-13
1.5.10	3 / 21	2026-03-30
1.5.9	3 / 21	2026-03-23
1.5.8	3 / 21	2026-03-16
1.5.7	3 / 21	2026-03-09
1.5.6	3 / 21	2026-03-02
1.5.5	3 / 21	2026-02-23
1.5.4	3 / 21	2026-02-17
1.5.3	3 / 21	2026-02-09
1.5.2	3 / 21	2026-01-26
1.5.1	3 / 21	2026-01-19
1.5.0	3 / 21	2026-01-14
1.4.3	3 / 21	2026-01-12
1.4.2	3 / 21	2026-01-09
1.4.1	3 / 21	2026-01-09
1.4.0	2 / 21	2026-01-09
1.3.6	1 / 20	2025-12-22

v2.0.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.9

2 findings

HIGH New obfuscated file: lib/rules/no-unconditional-token-allocation.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.8

2 findings

HIGH New obfuscated file: lib/rules/no-unconditional-token-allocation.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.7

2 findings

HIGH New obfuscated file: lib/rules/no-unconditional-token-allocation.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.6

2 findings

HIGH New obfuscated file: lib/rules/no-unconditional-token-allocation.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.5

2 findings

HIGH New obfuscated file: lib/rules/no-unconditional-token-allocation.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.4

2 findings

HIGH New obfuscated file: lib/rules/no-unconditional-token-allocation.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.3

2 findings

HIGH New obfuscated file: lib/rules/no-unconditional-token-allocation.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.2

2 findings

HIGH New obfuscated file: lib/rules/no-unconditional-token-allocation.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.1

2 findings

HIGH New obfuscated file: lib/rules/no-unconditional-token-allocation.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.0

2 findings

HIGH New obfuscated file: lib/rules/no-unconditional-token-allocation.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.2

2 findings

HIGH New obfuscated file: lib/rules/no-evaluating-typeguard.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.1

2 findings

HIGH New obfuscated file: lib/rules/no-evaluating-typeguard.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.