gatsby-plugin-eslint — Greenflagged

Gatsby plugin to add support for ESLint

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

mongkuen

Keywords

gatsbygatsby-plugineslint

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	source-size-tripled	AI (source-diff): Size increase from 589B to 3KB is explained by the addition of webpack-merge integration logic; total size remains tiny and consistent with the plugin's purpose.	ai	2026/04/24
dependencies	unvetted-dep:webpack-merge	AI (dependencies): webpack-merge is a well-known, widely-used webpack ecosystem package; its use in a Gatsby webpack config plugin is expected and legitimate across all versions.	ai	2026/04/23

Versions (showing 18 of 18)

Version	Deps	Published
4.0.4	1 / 7	2023-03-25
4.0.3	1 / 7	2022-11-14
4.0.2	1 / 7	2021-11-11
4.0.1	1 / 7	2021-10-28
4.0.0	1 / 7	2021-08-18
3.0.0	0 / 6	2021-01-31
2.0.8	0 / 6	2019-11-05
2.0.7	0 / 6	2019-11-04
2.0.6	0 / 6	2019-11-04
2.0.5	0 / 6	2019-04-28
2.0.4	0 / 6	2019-01-28
2.0.3	0 / 6	2019-01-14
2.0.2	0 / 6	2019-01-14
2.0.1	0 / 6	2018-08-16
2.0.0	0 / 6	2018-08-16
1.0.3	0 / 3	2018-04-25
1.0.2	0 / 3	2018-04-23
1.0.0	1 / 1	2018-04-23