← Home

eslint-config-universe

npm Repository Homepage

Shared ESLint configs for internal Expo projects.

81
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

idebrentvatneevanbaconexpoadminexponentbycedrickudochienalanhughestsapetaexpo-botphilplwschurman

Keywords

eslint-configexporeact-native

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@typescript-eslint/eslint-plugin AI (phantom-deps): ESLint config packages reference plugins by string name in config objects, not via require(). This is the standard pattern; not a real phantom dep. ai
phantom-deps phantom-dep:eslint-plugin-prettier AI (phantom-deps): ESLint config packages reference plugins by string name in config objects, not via require(). This is the standard pattern; not a real phantom dep. ai
phantom-deps phantom-dep:@typescript-eslint/parser AI (phantom-deps): ESLint config packages reference parsers by string name in config objects, not via require(). This is the standard pattern; not a real phantom dep. ai
phantom-deps phantom-dep:eslint-plugin-react-hooks AI (phantom-deps): ESLint config packages reference plugins by string name in config objects, not via require(). This is the standard pattern; not a real phantom dep. ai
phantom-deps phantom-dep:eslint-plugin-react AI (phantom-deps): ESLint config packages reference plugins by string name in config objects, not via require(). This is the standard pattern; not a real phantom dep. ai
phantom-deps phantom-dep:eslint-plugin-import AI (phantom-deps): ESLint config packages reference plugins by string name in config objects, not via require(). This is the standard pattern; not a real phantom dep. ai
provenance publisher-changed AI (provenance): Both simek and kadikraman are Expo team members; kadikraman has strong track record (5859 approved). Routine org-internal maintainer rotation. ai
phantom-deps phantom-dep:eslint-config-prettier AI (phantom-deps): ESLint config packages reference configs by name in config objects rather than direct imports; this is expected behavior for eslint-config-universe. ai
phantom-deps phantom-dep:eslint-plugin-node AI (phantom-deps): ESLint config packages reference plugins in config objects rather than direct imports; this is expected behavior for eslint-config-universe. ai

Versions (showing 81 of 81)

Hide prereleases
Version Deps Published
15.2.0 10 / 6
15.1.1 10 / 6
15.1.0 10 / 6
15.0.4 10 / 5
15.0.3 10 / 5
15.0.2 10 / 5
15.0.1 10 / 5
15.0.0 10 / 5
14.3.0 10 / 5
14.2.0 8 / 4
14.1.0 8 / 4
14.0.0 8 / 4
13.0.0 8 / 4
12.1.0 8 / 4
12.0.1 8 / 4
12.0.0 8 / 4
11.3.0 8 / 4
11.2.0 8 / 4
11.1.1 8 / 4
11.1.0 8 / 4
11.0.0 8 / 4
10.0.0 10 / 5
9.0.0 9 / 5
8.0.0 9 / 5
7.0.1 9 / 5
7.0.0 9 / 5
6.0.1 9 / 5
6.0.0 9 / 5
5.0.0 9 / 4
4.0.0 9 / 4
3.0.2 8 / 4
3.0.1 8 / 4
3.0.0 8 / 4
2.3.0 9 / 4
2.2.0 9 / 4
2.1.1 9 / 4
2.1.0 9 / 4
2.0.0 7 / 6
1.0.7 7 / 4
1.0.6 7 / 4
1.0.5 7 / 4
1.0.4 7 / 4
1.0.3 7 / 4
1.0.2 7 / 4
1.0.1 7 / 4
1.0.0 7 / 4
15.0.4-canary-20260420-2ac87c0 10 / 6
15.0.4-canary-20260417-141204f 10 / 6
15.0.4-canary-20260414-e3dbafd 10 / 6
15.0.4-canary-20260409-6fc2991 10 / 6
15.0.4-canary-20260402-9da566b 10 / 5
15.0.4-canary-20260402-87c5ce2 10 / 5
15.0.4-canary-20260401-5e87ef7 10 / 5
15.0.4-canary-20260328-bdc6273 10 / 5
15.0.4-canary-20260328-2049187 10 / 5
15.0.4-canary-20260327-0789fbc 10 / 5
15.0.4-canary-20260305-5163746 10 / 5
15.0.4-canary-20260223-05214f1 10 / 5
15.0.4-canary-20260212-4f61309 10 / 5
15.0.4-canary-20260128-67ce8d5 10 / 5
15.0.4-canary-20260121-a63c0dd 10 / 5
15.0.4-canary-20260120-bb71700 10 / 5
15.0.4-canary-20260119-70f7c28 10 / 5
15.0.4-canary-20260119-17896bf 10 / 5
15.0.4-canary-20260114-d8e19f5 10 / 5
15.0.4-canary-20260105-6b962e6 10 / 5
15.0.4-canary-20251230-fc48ddc 10 / 5
15.0.4-canary-20251223-b83b31e 10 / 5
15.0.4-canary-20251216-6e1f9a7 10 / 5
15.0.4-canary-20251216-3f01dbf 10 / 5
15.0.4-canary-20251212-acb11f2 10 / 5
15.0.4-canary-20251211-7da85ea 10 / 5
15.0.4-canary-20251210-1f163e3 10 / 5
15.0.4-canary-20251206-615dec1 10 / 5
15.0.4-canary-20251205-a1dedc6 10 / 5
15.0.4-canary-20251205-756eb7a 10 / 5
15.0.4-canary-20251127-587bc53 10 / 5
15.0.4-canary-20251120-e46b3cc 10 / 5
15.0.4-canary-20251119-961a032 10 / 5
15.0.4-canary-20251118-8f7ee64 10 / 5
15.0.4-canary-20251031-b135dff 10 / 5

v15.2.0

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: brentvatne → alanhughes (on 2026-05-20) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-20. This could indicate a legitimate maintainer transition or an account compromise.

v15.1.1

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: alanhughes → brentvatne (on 2026-05-14) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-14. This could indicate a legitimate maintainer transition or an account compromise.

v15.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v15.0.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v15.0.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v15.0.2

2 findings
HIGH Publisher changed: kadikraman → brentvatne (on 2025-04-23) provenance

This version was published by a different npm account than previous versions on 2025-04-23. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v15.0.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v15.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v14.3.0

2 findings
HIGH Publisher changed: simek → kadikraman (on 2025-04-23) provenance

This version was published by a different npm account than previous versions on 2025-04-23. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v14.2.0

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: brentvatne → simek (on 2025-04-09) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2025-04-09. This could indicate a legitimate maintainer transition or an account compromise.

v14.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v14.0.0

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: simek → brentvatne (on 2024-10-22) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2024-10-22. This could indicate a legitimate maintainer transition or an account compromise.

v13.0.0

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: brentvatne → simek (on 2024-05-30) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2024-05-30. This could indicate a legitimate maintainer transition or an account compromise.