eslint-plugin-lit No license 2 versions

eslint-plugin-lit

npm Repository Homepage

Versions

—

License

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

43081j

Keywords

eslinteslintpluginlit-htmllit-element

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
email-domain	unclaimed-email:https://github.com/43081j	AI (email-domain): Author field contains a GitHub URL, not an email address; domain check is a false positive for this package.	ai	2026/04/29

Versions (showing 2 of 2)

Version	Deps	Published
2.3.1	2 / 18	2026-05-11
2.2.1	2 / 21	2026-02-09

v2.3.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.1

2 findings

HIGH Unclaimed maintainer email domain: https://github.com/43081j email-domain

Maintainer email 'https://github.com/43081j' uses domain 'https://github.com/43081j' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.