eslint-plugin-es-x — Greenflagged

ESLint plugin about ECMAScript syntactic features.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

michaeldeboeyeslint-community-bot

Keywords

eslintplugineslintplugin

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Publisher change is from eslint-community-bot to GitHub Actions — both are CI/CD automation accounts for the eslint-community org. SLSA provenance attestation confirms release integrity. This is a legitimate pipeline migration.	ai	2026/04/23

Versions (showing 42 of 42)

Version	Deps	Published
9.6.0	3 / 31	2026-03-22
9.5.0	3 / 25	2026-02-22
9.4.1	3 / 25	2026-02-19
9.4.0	3 / 25	2026-02-07
9.3.0	3 / 25	2025-12-04
9.2.0	3 / 25	2025-11-22
9.1.2	3 / 25	2025-10-21
9.1.1	3 / 25	2025-10-11
9.1.0	3 / 25	2025-08-26
9.0.0	3 / 25	2025-07-10
8.7.0	3 / 23	2025-06-06
8.6.2	3 / 22	2025-04-29
8.6.1	3 / 22	2025-03-19
8.6.0	3 / 22	2025-03-18
8.5.0	3 / 22	2025-02-19
8.4.1	3 / 22	2024-11-21
8.4.0	3 / 22	2024-11-20
8.3.1	3 / 22	2024-11-18
8.3.0	3 / 22	2024-11-18
8.2.0	3 / 23	2024-11-17
8.1.0	3 / 23	2024-11-01
8.0.0	3 / 23	2024-07-01
7.8.0	3 / 23	2024-07-01
7.7.0	3 / 24	2024-06-07
7.6.0	3 / 24	2024-03-22
7.5.0	3 / 24	2023-11-30
7.4.0	3 / 24	2023-11-21
7.3.0	2 / 24	2023-11-02
7.2.0	2 / 24	2023-07-22
7.1.0	2 / 24	2023-05-20
7.0.0	2 / 24	2023-05-19
6.2.1	2 / 24	2023-05-19
6.2.0	2 / 24	2023-05-19
6.1.0	2 / 24	2023-04-03
6.0.0	2 / 24	2023-02-04
5.4.0	2 / 21	2022-11-19
5.3.1	2 / 21	2022-08-31
5.3.0	2 / 21	2022-08-31
5.2.1	2 / 21	2022-05-19
5.2.0	2 / 22	2022-03-16
5.1.0	2 / 22	2022-03-14
5.0.0	2 / 23	2022-03-12

v9.6.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.4.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.1.2

2 findings

HIGH Publisher changed: eslint-community-bot → GitHub Actions (on 2025-10-21) provenance

This version was published by a different npm account than previous versions on 2025-10-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.