@namics/eslint-config
3
Versions
—
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
ernschtdanielkochdedienele
Keywords
code checkercode lintercode standardscode styleeslint-configeslinteslintconfiglintes2015reactjsxtypescript
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@typescript-eslint/eslint-plugin | AI (phantom-deps): ESLint plugin referenced in config files by convention, not imported directly. Standard pattern for shareable ESLint configs. | ai | |
| phantom-deps | phantom-dep:@types/react | AI (phantom-deps): ESLint config packages reference plugins/parsers in config files, not via direct imports. Declaring as deps ensures consumers have them available. | ai | |
| phantom-deps | phantom-dep:babel-eslint | AI (phantom-deps): ESLint parser referenced in config files by string name, not imported directly. Standard pattern for shareable ESLint configs. | ai | |
| phantom-deps | phantom-dep:@typescript-eslint/parser | AI (phantom-deps): ESLint parser referenced in config files by string name, not imported directly. Standard pattern for shareable ESLint configs. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-react-hooks | AI (phantom-deps): ESLint plugin referenced in config files by convention, not imported directly. Standard pattern for shareable ESLint configs. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-react | AI (phantom-deps): ESLint plugins are referenced in config files, not imported directly. This is expected behavior for an ESLint config package. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-jsx-a11y | AI (phantom-deps): ESLint plugins are referenced in config files, not imported directly. This is expected behavior for an ESLint config package. | ai | |
| provenance | no-provenance | AI (provenance): Package predates Sigstore provenance on npm by years; absence is expected and not a risk signal for this established package. | ai | |
| phantom-deps | phantom-dep:eslint-find-rules | AI (phantom-deps): ESLint config packages reference plugins/tools in config files, not via imports. Phantom dep detection is a stable false positive for this package type. | ai |
v10.0.0
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.0.0
1 finding
INFO
No provenance attestation
provenance
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.0
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.