@icebreakers/eslint-config
ESLint preset from Icebreaker's dev-configs
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@typescript-eslint/rule-tester | AI (phantom-deps): Used for testing ESLint rules; declared as dep for bundling, not directly imported at runtime. | ai | |
| phantom-deps | phantom-dep:@vue/compiler-sfc | AI (phantom-deps): ESLint config for Vue; loaded by convention via antfu eslint-config, not directly imported. | ai | |
| source-diff | net-exec-file:dist/lib-Du7EF351.js | AI (source-diff): False positive on bundled eslint plugin ESM; no dropper behavior. | ai | |
| source-diff | net-exec-file:dist/dist-D2WUqnUR.cjs | AI (source-diff): Network/exec pattern fires on bundled jiti/eslint plugin code; no actual dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/lib-VdWhDy2o.cjs | AI (source-diff): Bundled eslint-plugin-jsx-a11y source; no malicious content. | ai | |
| source-diff | net-exec-file:dist/lib-VdWhDy2o.cjs | AI (source-diff): False positive on bundled eslint plugin; no dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/dist-3Yuo5ZWh.js | AI (source-diff): ESM equivalent of dist-D2WUqnUR.cjs; same bundled ESLint plugin content. | ai | |
| source-diff | obfuscated-file:dist/dist-D2WUqnUR.cjs | AI (source-diff): Bundled ESLint plugin source (tsdown); long lines are minified but readable, no malicious content. | ai | |
| phantom-deps | phantom-dep:@typescript-eslint/typescript-estree | AI (phantom-deps): TypeScript ESTree parser; bundled dependency for ESLint config, not directly imported. | ai | |
| source-diff | net-exec-file:dist/dist-3Yuo5ZWh.js | AI (source-diff): False positive; bundled ESLint plugin code, no malicious network/exec. | ai | |
| source-diff | obfuscated-file:dist/lib-Du7EF351.js | AI (source-diff): ESM equivalent of lib-VdWhDy2o.cjs; bundled eslint plugin, no malicious content. | ai | |
| source-diff | net-exec-file:dist/lib-gbm6XY5m.cjs | AI (source-diff): Network/exec pattern from bundled ESLint plugin internals, not malicious. | ai | |
| source-diff | obfuscated-file:dist/dist-Br-vKI2G.cjs | AI (source-diff): Bundled third-party ESLint plugin code with readable source comments; not obfuscated. | ai | |
| source-diff | net-exec-file:dist/dist-Br-vKI2G.cjs | AI (source-diff): Network/exec pattern is from bundled jiti/ESLint plugin internals, not malicious dropper logic. | ai | |
| source-diff | obfuscated-file:dist/jiti-rvW1Nngq.cjs | AI (source-diff): Bundled jiti runtime; minified but readable and from known upstream package. | ai | |
| source-diff | obfuscated-file:dist/lib-gbm6XY5m.cjs | AI (source-diff): Bundled eslint-plugin-jsx-a11y with clear source region comments; not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/dist-Dk5MjvLV.js | AI (source-diff): ESM counterpart of dist-Br-vKI2G.cjs; same bundled plugin content. | ai | |
| source-diff | net-exec-file:dist/dist-Dk5MjvLV.js | AI (source-diff): Same bundled plugin internals as CJS counterpart; not malicious. | ai | |
| source-diff | obfuscated-file:dist/jiti-DflBE4I9.js | AI (source-diff): ESM counterpart of jiti-rvW1Nngq.cjs; bundled jiti runtime. | ai | |
| source-diff | obfuscated-file:dist/lib-DS3f4hEx.js | AI (source-diff): ESM counterpart of lib-gbm6XY5m.cjs; bundled ESLint plugin. | ai | |
| source-diff | net-exec-file:dist/lib-DS3f4hEx.js | AI (source-diff): Same bundled plugin internals; not malicious. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase explained by switching to bundled dist that inlines third-party ESLint plugins. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-react-refresh | AI (phantom-deps): ESLint config packages declare plugins as deps for consumers; not directly imported in source is expected. | ai | |
| phantom-deps | phantom-dep:@eslint-react/eslint-plugin | AI (phantom-deps): ESLint config packages declare plugins as deps for consumers; not directly imported in source is expected. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-react-hooks | AI (phantom-deps): ESLint config packages declare plugins as deps for consumers; not directly imported in source is expected. | ai | |
| phantom-deps | phantom-dep:@typescript-eslint/utils | AI (phantom-deps): ESLint config packages declare plugins as deps for consumers; not directly imported in source is expected. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-format | AI (phantom-deps): eslint-plugin-format is a declared runtime dep used in config files; phantom-dep heuristic is a false positive here. | ai |
Versions (showing 51 of 59)
| Version | Deps | Published |
|---|---|---|
| 5.0.1 | 14 / 0 | |
| 5.0.0 | 14 / 0 | |
| 4.0.11 | 14 / 0 | |
| 4.0.10 | 12 / 0 | |
| 4.0.9 | 12 / 0 | |
| 4.0.8 | 12 / 0 | |
| 4.0.7 | 12 / 0 | |
| 4.0.6 | 11 / 0 | |
| 4.0.5 | 11 / 0 | |
| 4.0.4 | 11 / 0 | |
| 4.0.3 | 11 / 0 | |
| 4.0.2 | 11 / 0 | |
| 4.0.1 | 11 / 0 | |
| 4.0.0 | 11 / 0 | |
| 3.0.1 | 11 / 0 | |
| 3.0.0 | 11 / 0 | |
| 2.1.2 | 11 / 0 | |
| 2.1.1 | 7 / 0 | |
| 2.1.0 | 13 / 0 | |
| 2.0.3 | 13 / 0 | |
| 2.0.2 | 13 / 0 | |
| 2.0.1 | 13 / 0 | |
| 2.0.0 | 11 / 0 | |
| 1.6.33 | 11 / 0 | |
| 1.6.31 | 11 / 0 | |
| 1.6.30 | 11 / 0 | |
| 1.6.29 | 11 / 0 | |
| 1.6.28 | 11 / 0 | |
| 1.6.27 | 11 / 0 | |
| 1.6.26 | 11 / 0 | |
| 1.6.25 | 11 / 0 | |
| 1.6.24 | 11 / 0 | |
| 1.6.23 | 11 / 0 | |
| 1.6.22 | 11 / 0 | |
| 1.6.21 | 11 / 0 | |
| 1.6.20 | 11 / 0 | |
| 1.6.19 | 11 / 0 | |
| 1.6.18 | 11 / 0 | |
| 1.6.17 | 11 / 0 | |
| 1.6.16 | 11 / 0 | |
| 1.6.15 | 11 / 0 | |
| 1.6.14 | 11 / 0 | |
| 1.6.13 | 11 / 0 | |
| 1.6.12 | 11 / 0 | |
| 1.6.11 | 11 / 0 | |
| 1.6.10 | 11 / 0 | |
| 1.6.9 | 11 / 0 | |
| 1.6.8 | 11 / 0 | |
| 1.6.7 | 11 / 0 | |
| 1.6.6 | 11 / 0 | |
| 1.6.5 | 11 / 0 |
v5.0.1
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.0
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.11
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.1.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.33
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.31
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.30
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.29
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.28
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.27
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.26
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.25
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.24
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.23
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.22
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.21
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.