@typescript-eslint/utils
Utilities for working with TypeScript + ESLint together
51
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
jameshenrybradzacher
Keywords
eslinttypescriptestree
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | missing-githead | AI (provenance): Package has SLSA provenance attestation which supersedes gitHead as a supply chain integrity signal. Migration to GitHub Actions CI publishing explains the absence. | ai | |
| provenance | publisher-changed | AI (provenance): Transition from jameshenry to GitHub Actions is a legitimate CI/CD automation migration for the typescript-eslint monorepo, confirmed by SLSA attestation. | ai | |
| phantom-deps | phantom-dep:@types/json-schema | AI (phantom-deps): @types/json-schema is a framework-scoped type package loaded by convention; expected for JSON schema utilities. | ai | |
| phantom-deps | phantom-dep:semver | AI (phantom-deps): semver is a legitimate runtime dependency used indirectly; phantom-dep finding is expected for utility re-exports. | ai | |
| phantom-deps | phantom-dep:@types/semver | AI (phantom-deps): @types/semver is a framework-scoped type package loaded by convention; expected for TypeScript utilities. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Monorepo package with intentionally minimal README and version pinned to monorepo release; not spam. | ai | |
| dependencies | unvetted-dep:@typescript-eslint/typescript-estree | AI (dependencies): Sibling package within typescript-eslint monorepo, pinned to same version; expected and safe. | ai |
Versions (showing 51 of 645)
| Version | Deps | Published |
|---|---|---|
| 8.60.0 | 4 / 5 | |
| 8.59.4 | 4 / 5 | |
| 8.59.3 | 4 / 5 | |
| 8.59.2 | 4 / 5 | |
| 8.59.1 | 4 / 5 | |
| 8.59.0 | 4 / 5 | |
| 8.58.2 | 4 / 5 | |
| 8.58.1 | 4 / 5 | |
| 8.58.0 | 4 / 5 | |
| 8.57.2 | 4 / 5 | |
| 8.57.1 | 4 / 5 | |
| 8.57.0 | 4 / 5 | |
| 8.56.1 | 4 / 5 | |
| 8.56.0 | 4 / 5 | |
| 8.55.0 | 4 / 5 | |
| 8.54.0 | 4 / 5 | |
| 8.53.1 | 4 / 5 | |
| 8.53.0 | 4 / 5 | |
| 8.52.0 | 4 / 5 | |
| 8.51.0 | 4 / 5 | |
| 8.50.1 | 4 / 5 | |
| 8.50.0 | 4 / 5 | |
| 8.49.0 | 4 / 5 | |
| 8.48.1 | 4 / 5 | |
| 8.48.0 | 4 / 5 | |
| 8.47.0 | 4 / 5 | |
| 8.46.4 | 4 / 5 | |
| 8.46.3 | 4 / 5 | |
| 8.46.2 | 4 / 5 | |
| 8.46.1 | 4 / 5 | |
| 8.46.0 | 4 / 5 | |
| 8.45.0 | 4 / 5 | |
| 8.44.1 | 4 / 5 | |
| 8.44.0 | 4 / 5 | |
| 8.43.0 | 4 / 5 | |
| 8.42.0 | 4 / 5 | |
| 8.41.0 | 4 / 5 | |
| 8.40.0 | 4 / 5 | |
| 8.39.1 | 4 / 5 | |
| 8.39.0 | 4 / 5 | |
| 8.38.0 | 4 / 5 | |
| 8.37.0 | 4 / 5 | |
| 8.36.0 | 4 / 5 | |
| 8.35.1 | 4 / 4 | |
| 8.35.0 | 4 / 4 | |
| 8.34.1 | 4 / 4 | |
| 8.34.0 | 4 / 4 | |
| 8.33.1 | 4 / 4 | |
| 8.33.0 | 4 / 4 | |
| 8.32.1 | 4 / 5 | |
| 8.32.0 | 4 / 5 |
v8.60.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.59.4
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.59.3
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.59.2
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.