eslint-config-skuba
ESLint config for skuba
4
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
seek-oss-ci
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| bogus-package | bogus-package | AI (bogus-package): eslint-config-skuba is a monorepo sub-package from seek-oss/skuba with 311 versions and 23k+ weekly downloads. Sparse README and no keywords are expected for a focused ESLint config package. | ai | |
| dependencies | unvetted-dep:eslint-plugin-yml | AI (dependencies): eslint-plugin-yml is a standard ESLint plugin; expected dependency for an ESLint config package. | ai | |
| dependencies | unvetted-dep:eslint-config-seek | AI (dependencies): eslint-config-seek is the parent ESLint config from the same seek-oss org; expected first-party dependency. | ai | |
| dependencies | unvetted-dep:eslint-plugin-skuba | AI (dependencies): eslint-plugin-skuba is a first-party plugin from the same seek-oss/skuba monorepo; expected dependency. | ai |
v9.0.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.1.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.0.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.2.1
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.