eslint-plugin-format No license 8 versions

eslint-plugin-format

npm Repository Homepage

8

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

antfu

Keywords

eslinteslint-pluginformattersprettierdprintoxfmt

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:base64-decode	AI (semgrep): Base64 decode is used to load WASM from data URIs in the dprint worker — standard WebAssembly pattern, not a payload.	ai	2026/04/29
phantom-deps	phantom-dep:@dprint/toml	AI (phantom-deps): Optional formatter dependency loaded dynamically; phantom-dep heuristic is a false positive here.	ai	2026/04/29
phantom-deps	phantom-dep:@dprint/markdown	AI (phantom-deps): Optional formatter dependency loaded dynamically; phantom-dep heuristic is a false positive here.	ai	2026/04/29

Versions (showing 8 of 8)

Version	Deps	Published
2.0.1	9 / 18	2026-02-25
2.0.0	9 / 18	2026-02-24
1.5.0	9 / 19	2026-02-24
1.4.0	8 / 19	2026-02-07
1.3.1	8 / 17	2026-01-14
1.3.0	7 / 17	2026-01-13
1.2.0	7 / 17	2026-01-06
1.1.0	7 / 17	2025-12-04

v2.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.