eslint-plugin-github
1
Versions
—
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
manuelpuyoljonrohanbroccoliniprimer-csskeithamusgraceparkjibrangarciaareliacolebemissmocklesimuraikhiga8dustin.greifsrt32githubbotjfuchsandrialexandroubteng22dustin.saverymdomschoeningkoddssonmislavemilybrick
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:child-process-import | AI (semgrep): CLI bin script runs eslint subprocess; documented and intentional, not malicious. | ai | |
| phantom-deps | phantom-dep:prettier | AI (phantom-deps): ESLint plugin re-exports configs referencing peer tools; phantom-dep is a stable false positive here. | ai | |
| phantom-deps | phantom-dep:@eslint/js | AI (phantom-deps): Framework-scoped package loaded by ESLint convention; stable false positive. | ai | |
| phantom-deps | phantom-dep:typescript | AI (phantom-deps): Referenced in config files for TS support; stable false positive for this plugin. | ai | |
| phantom-deps | phantom-dep:@eslint/eslintrc | AI (phantom-deps): Framework-scoped ESLint package; stable false positive. | ai | |
| phantom-deps | phantom-dep:eslint-config-prettier | AI (phantom-deps): Referenced in config exports; stable false positive for this plugin. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-filenames | AI (phantom-deps): Referenced in config files; stable false positive for this plugin. | ai | |
| phantom-deps | phantom-dep:@typescript-eslint/parser | AI (phantom-deps): Referenced in TS config exports; stable false positive. | ai | |
| phantom-deps | phantom-dep:@github/browserslist-config | AI (phantom-deps): Referenced in browserslist config; stable false positive. | ai | |
| phantom-deps | phantom-dep:@typescript-eslint/eslint-plugin | AI (phantom-deps): Referenced in TS config exports; stable false positive. | ai |
Versions (showing 1 of 1)
| Version | Deps | Published |
|---|---|---|
| 6.0.0 | 23 / 7 |
v6.0.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.