← Home

eslint-config-universe

npm Repository Homepage

Shared ESLint configs for internal Expo projects.

46
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

idebrentvatneevanbaconexpoadminexponentbycedrickudochienalanhughestsapetaexpo-botphilplwschurman

Keywords

eslint-configexporeact-native

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@typescript-eslint/eslint-plugin AI (phantom-deps): ESLint config packages reference plugins by string name in config objects, not via require(). This is the standard pattern; not a real phantom dep. ai
phantom-deps phantom-dep:eslint-plugin-prettier AI (phantom-deps): ESLint config packages reference plugins by string name in config objects, not via require(). This is the standard pattern; not a real phantom dep. ai
phantom-deps phantom-dep:@typescript-eslint/parser AI (phantom-deps): ESLint config packages reference parsers by string name in config objects, not via require(). This is the standard pattern; not a real phantom dep. ai
phantom-deps phantom-dep:eslint-plugin-react-hooks AI (phantom-deps): ESLint config packages reference plugins by string name in config objects, not via require(). This is the standard pattern; not a real phantom dep. ai
phantom-deps phantom-dep:eslint-plugin-react AI (phantom-deps): ESLint config packages reference plugins by string name in config objects, not via require(). This is the standard pattern; not a real phantom dep. ai
phantom-deps phantom-dep:eslint-plugin-import AI (phantom-deps): ESLint config packages reference plugins by string name in config objects, not via require(). This is the standard pattern; not a real phantom dep. ai
provenance publisher-changed AI (provenance): Both simek and kadikraman are Expo team members; kadikraman has strong track record (5859 approved). Routine org-internal maintainer rotation. ai
phantom-deps phantom-dep:eslint-config-prettier AI (phantom-deps): ESLint config packages reference configs by name in config objects rather than direct imports; this is expected behavior for eslint-config-universe. ai
phantom-deps phantom-dep:eslint-plugin-node AI (phantom-deps): ESLint config packages reference plugins in config objects rather than direct imports; this is expected behavior for eslint-config-universe. ai

Versions (showing 46 of 46)

Show 35 prereleases
Version Deps Published
15.2.0 10 / 6
15.1.1 10 / 6
15.1.0 10 / 6
15.0.4 10 / 5
15.0.3 10 / 5
15.0.2 10 / 5
15.0.1 10 / 5
15.0.0 10 / 5
14.3.0 10 / 5
14.2.0 8 / 4
14.1.0 8 / 4
14.0.0 8 / 4
13.0.0 8 / 4
12.1.0 8 / 4
12.0.1 8 / 4
12.0.0 8 / 4
11.3.0 8 / 4
11.2.0 8 / 4
11.1.1 8 / 4
11.1.0 8 / 4
11.0.0 8 / 4
10.0.0 10 / 5
9.0.0 9 / 5
8.0.0 9 / 5
7.0.1 9 / 5
7.0.0 9 / 5
6.0.1 9 / 5
6.0.0 9 / 5
5.0.0 9 / 4
4.0.0 9 / 4
3.0.2 8 / 4
3.0.1 8 / 4
3.0.0 8 / 4
2.3.0 9 / 4
2.2.0 9 / 4
2.1.1 9 / 4
2.1.0 9 / 4
2.0.0 7 / 6
1.0.7 7 / 4
1.0.6 7 / 4
1.0.5 7 / 4
1.0.4 7 / 4
1.0.3 7 / 4
1.0.2 7 / 4
1.0.1 7 / 4
1.0.0 7 / 4

v15.2.0

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: brentvatne → alanhughes (on 2026-05-20) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-20. This could indicate a legitimate maintainer transition or an account compromise.

v15.1.1

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: alanhughes → brentvatne (on 2026-05-14) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-14. This could indicate a legitimate maintainer transition or an account compromise.

v15.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v15.0.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v15.0.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v15.0.2

2 findings
HIGH Publisher changed: kadikraman → brentvatne (on 2025-04-23) provenance

This version was published by a different npm account than previous versions on 2025-04-23. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v15.0.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v15.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v14.3.0

2 findings
HIGH Publisher changed: simek → kadikraman (on 2025-04-23) provenance

This version was published by a different npm account than previous versions on 2025-04-23. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v14.2.0

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: brentvatne → simek (on 2025-04-09) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2025-04-09. This could indicate a legitimate maintainer transition or an account compromise.

v14.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v14.0.0

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: simek → brentvatne (on 2024-10-22) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2024-10-22. This could indicate a legitimate maintainer transition or an account compromise.

v13.0.0

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: brentvatne → simek (on 2024-05-30) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2024-05-30. This could indicate a legitimate maintainer transition or an account compromise.