@umijs/lint — Greenflagged

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

sorryccchenshuai2144kuitospeachscriptxiaohuoniyifankakaxixierenyuanxusd320zoomdong07

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@typescript-eslint/eslint-plugin	AI (phantom-deps): ESLint plugin loaded by config convention, not directly imported.	ai	2026/04/30
phantom-deps	phantom-dep:postcss	AI (phantom-deps): Lint config package; postcss loaded by convention via stylelint, not directly imported.	ai	2026/04/30
phantom-deps	phantom-dep:@babel/core	AI (phantom-deps): Framework-scoped; loaded by babel-eslint-parser convention, not directly imported.	ai	2026/04/30
phantom-deps	phantom-dep:postcss-syntax	AI (phantom-deps): Referenced in config files by convention, not directly imported.	ai	2026/04/30
phantom-deps	phantom-dep:eslint-plugin-jest	AI (phantom-deps): ESLint plugin loaded by config convention, not directly imported.	ai	2026/04/30
phantom-deps	phantom-dep:eslint-plugin-react	AI (phantom-deps): ESLint plugin loaded by config convention, not directly imported.	ai	2026/04/30
phantom-deps	phantom-dep:eslint-plugin-react-hooks	AI (phantom-deps): ESLint plugin loaded by config convention, not directly imported.	ai	2026/04/30
typosquat	typosquat.levenshtein:eslint	AI (typosquat): Scoped @umijs/ package; not a typosquat of eslint.	ai	2026/04/29
typosquat	typosquat.levenshtein:pino	AI (typosquat): Scoped @umijs/ package; not a typosquat of pino.	ai	2026/04/29
semgrep	semgrep:dynamic-require	AI (semgrep): Fires in compiled/@rushstack/eslint-patch bundle; legitimate eslint config resolution pattern.	ai	2026/04/29
semgrep	semgrep:base64-decode	AI (semgrep): Fires in compiled/postcss-less minified bundle; no malicious payload.	ai	2026/04/29
semgrep	semgrep:new-function-constructor	AI (semgrep): Fires in compiled/postcss-less minified bundle; standard parser pattern.	ai	2026/04/29
semgrep	semgrep:env-bulk-read	AI (semgrep): Fires in compiled stylelint plugin bundle; config library pattern.	ai	2026/04/29
semgrep	semgrep:api-obfuscation-reflect	AI (semgrep): Fires in compiled stylelint plugin bundle; not obfuscation.	ai	2026/04/29

Versions (showing 51 of 57)

View all versions

Version	Deps	Published
4.6.57	12 / 5	2026-05-27
4.6.56	12 / 5	2026-05-25
4.6.55	12 / 5	2026-05-15
4.6.54	12 / 5	2026-05-14
4.6.53	12 / 5	2026-05-11
4.6.52	12 / 5	2026-05-11
4.6.51	12 / 5	2026-05-06
4.6.50	12 / 5	2026-05-06
4.6.49	12 / 5	2026-04-29
4.6.48	12 / 5	2026-04-27
4.6.45	12 / 5	2026-04-16
4.6.42	12 / 5	2026-04-10
4.6.41	12 / 5	2026-04-10
4.6.39	12 / 5	2026-04-01
4.6.36	12 / 5	2026-03-26
4.6.35	12 / 5	2026-03-23
4.6.34	12 / 5	2026-03-19
4.6.33	12 / 5	2026-03-13
4.6.32	12 / 5	2026-03-12
4.6.31	12 / 5	2026-03-04
4.6.30	12 / 5	2026-03-02
4.6.29	12 / 5	2026-02-25
4.6.28	12 / 5	2026-02-10
4.6.27	12 / 5	2026-02-09
4.6.26	12 / 5	2026-02-03
4.6.25	12 / 5	2026-01-27
4.6.24	12 / 5	2026-01-20
4.6.23	12 / 5	2026-01-13
4.6.22	12 / 5	2026-01-08
4.6.21	12 / 5	2026-01-07
4.6.20	12 / 5	2026-01-07
4.6.19	12 / 5	2026-01-05
4.6.18	12 / 5	2025-12-31
4.6.17	12 / 5	2025-12-30
4.6.16	12 / 5	2025-12-30
4.6.15	12 / 5	2025-12-26
4.6.14	12 / 5	2025-12-24
4.6.13	12 / 5	2025-12-23
4.6.12	12 / 5	2025-12-22
4.6.11	12 / 5	2025-12-22
4.6.10	12 / 5	2025-12-22
4.6.9	12 / 5	2025-12-19
4.6.8	12 / 5	2025-12-18
4.6.7	12 / 5	2025-12-11
4.6.6	12 / 5	2025-12-10
4.6.5	12 / 5	2025-12-05
4.6.4	12 / 5	2025-12-03
4.6.3	12 / 5	2025-12-03
4.6.2	12 / 5	2025-12-02
4.6.1	12 / 5	2025-12-02
4.6.0	12 / 5	2025-11-24