chore(deps): update dependency @jest/globals to v30 - license-inventory - experimental/license-inventory/package.json

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@jest/globals (source)	^29.7.0 -> ^30.0.2

---

Release Notes

jestjs/jest (@​jest/globals)

v30.0.2

Compare Source

v30.0.1

Compare Source

v30.0.0

Compare Source

Features

• [*] Renamed globalsCleanupMode to globalsCleanup and --waitNextEventLoopTurnForUnhandledRejectionEvents to --waitForUnhandledRejections
• [expect] Add ArrayOf asymmetric matcher for validating array elements. (#​15567)
• [babel-jest] Add option excludeJestPreset to allow opting out of babel-preset-jest (#​15164)
• [expect] Revert #​15038 to fix expect(fn).toHaveBeenCalledWith(expect.objectContaining(...)) when there are multiple calls (#​15508)
• [jest-circus, jest-cli, jest-config] Add waitNextEventLoopTurnForUnhandledRejectionEvents flag to minimise performance impact of correct detection of unhandled promise rejections introduced in #​14315 (#​14681)
• [jest-circus] Add a waitBeforeRetry option to jest.retryTimes (#​14738)
• [jest-circus] Add a retryImmediately option to jest.retryTimes (#​14696)
• [jest-circus, jest-jasmine2] Allow setupFilesAfterEnv to export an async function (#​10962)
• [jest-circus, jest-test-result] Add startedAt timestamp in TestCaseResultObject within onTestCaseResult (#​15145)
• [jest-cli] Export buildArgv (#​15310)
• [jest-config] [BREAKING] Add mts and cts to default moduleFileExtensions config (#​14369)
• [jest-config] [BREAKING] Update testMatch and testRegex default option for supporting mjs, cjs, mts, and cts (#​14584)
• [jest-config] Loads config file from provided path in package.json (#​14044)
• [jest-config] Allow loading jest.config.cts files (#​14070)
• [jest-config] Show rootDir in error message when a preset fails to load (#​15194)
• [jest-config] Support loading TS config files using esbuild-register via docblock loader (#​15190)
• [jest-config] Allow passing TS config loader options via docblock comment (#​15234)
• [jest-config] If Node is running with type stripping enabled, do not require a TS loader (#​15480)
• [@jest/core] Group together open handles with the same stack trace (#​13417, & #​14789)
• [@jest/core] Add perfStats to surface test setup overhead (#​14622)
• [@jest/core] [BREAKING] Changed --filter to accept an object with shape { filtered: Array<string> } to match documentation (#​13319)
• [@jest/core] Support --outputFile option for --listTests (#​14980)
• [@jest/core] Stringify Errors properly with --json flag (#​15329)
• [@jest/core, @​jest/test-sequencer] [BREAKING] Exposes globalConfig & contexts to TestSequencer (#​14535, & #​14543)
• [jest-each] Introduce %$ option to add number of the test to its title (#​14710)
• [@jest/environment] [BREAKING] Remove deprecated jest.genMockFromModule() (#​15042)
• [@jest/environment] [BREAKING] Remove unnecessary defensive code (#​15045)
• [jest-environment-jsdom] [BREAKING] Upgrade JSDOM to v22 (#​13825)
• [@jest/environment-jsdom-abstract] Introduce new package which abstracts over the jsdom environment, allowing usage of custom versions of JSDOM (#​14717)
• [jest-environment-node] Update jest environment with dispose symbols Symbol (#​14888 & #​14909)
• [expect, @​jest/expect] [BREAKING] Add type inference for function parameters in CalledWith assertions (#​15129)
• [@jest/expect-utils] Properly compare all types of TypedArrays (#​15178)
• [@jest/fake-timers] [BREAKING] Upgrade @sinonjs/fake-timers to v13 (#​14544 & #​15470)
• [@jest/fake-timers] Exposing new modern timers function advanceTimersToFrame() which advances all timers by the needed milliseconds to execute callbacks currently scheduled with requestAnimationFrame (#​14598)
• [jest-matcher-utils] Add SERIALIZABLE_PROPERTIES to allow custom serialization of objects (#​14893)
• [jest-mock] Add support for the Explicit Resource Management proposal to use the using keyword with jest.spyOn(object, methodName) (#​14895)
• [jest-reporters] Add support for DEC mode 2026 (#​15008)
• [jest-resolver] Support file:// URLs as paths (#​15154)
• [jest-resolve,jest-runtime,jest-resolve-dependencies] Pass the conditions when resolving stub modules (#​15489)
• [jest-runtime] Exposing new modern timers function jest.advanceTimersToFrame() from @jest/fake-timers (#​14598)
• [jest-runtime] Support import.meta.filename and import.meta.dirname (available from Node 20.11) (#​14854)
• [jest-runtime] Support import.meta.resolve (#​14930)
• [jest-runtime] [BREAKING] Make it mandatory to pass globalConfig to the Runtime constructor (#​15044)
• [jest-runtime] Add unstable_unmockModule (#​15080)
• [jest-runtime] Add onGenerateMock transformer callback for auto generated callbacks (#​15433 & #​15482)
• [jest-runtime] [BREAKING] Use vm.compileFunction over vm.Script (#​15461)
• [@jest/schemas] Upgrade @sinclair/typebox to v0.34 (#​15450)
• [@jest/types] test.each(): Accept a readonly (as const) table properly (#​14565)
• [@jest/types] Improve argument type inference passed to test and describe callback functions from each tables (#​14920)
• [jest-snapshot] [BREAKING] Add support for Error causes in snapshots (#​13965)
• [jest-snapshot] Support Prettier 3 (#​14566)
• [@jest/util-snapshot] Extract utils used by tooling from jest-snapshot into its own package (#​15095)
• [pretty-format] [BREAKING] Do not render empty string children ('') in React plugin (#​14470)

Fixes

• [expect] Show AggregateError to display (#​15346)
• [*] Replace exit with exit-x (#​15399)
• [babel-plugin-jest-hoist] Use denylist instead of the deprecated blacklist for Babel 8 support (#​14109)
• [babel-plugin-jest-hoist] Do not rely on buggy Babel behaviour (#​15415)
• [expect] Check error instance type for toThrow/toThrowError (#​14576)
• [expect] Improve diff for failing expect.objectContaining (#​15038)
• [expect] Use Array.isArray to check if an array is an Array (#​15101)
• [expect] Fix Error cause assertion errors (#​15339)
• [jest-changed-files] Print underlying errors when VCS commands fail (#​15052)
• [jest-changed-files] Abort sl root call if output resembles a steam locomotive (#​15053)
• [jest-circus] [BREAKING] Prevent false test failures caused by promise rejections handled asynchronously (#​14315)
• [jest-circus] Replace recursive makeTestResults implementation with iterative one (#​14760)
• [jest-circus] Omit expect.hasAssertions() errors if a test already has errors (#​14866)
• [jest-circus, jest-expect, jest-snapshot] Pass test.failing tests when containing failing snapshot matchers (#​14313)
• [jest-circus] Concurrent tests now emit jest circus events at the correct point and in the expected order. (#​15381)
• [jest-cli] [BREAKING] Validate CLI flags that require arguments receives them (#​14783)
• [jest-config] Make sure to respect runInBand option (#​14578)
• [jest-config] Support testTimeout in project config (#​14697)
• [jest-config] Support coverageReporters in project config (#​14697)
• [jest-config] Allow reporters in project config (#​14768)
• [jest-config] Allow Node16/NodeNext/Bundler moduleResolution in project's tsconfig (#​14739)
• [@jest/create-cache-key-function] Correct the return type of createCacheKey (#​15159)
• [jest-each] Allow $keypath templates with null or undefined values (#​14831)
• [@jest/expect-utils] Fix comparison of DataView (#​14408)
• [@jest/expect-utils] [BREAKING] exclude non-enumerable in object matching (#​14670)
• [@jest/expect-utils] Fix comparison of URL (#​14672)
• [@jest/expect-utils] Check Symbol properties in equality (#​14688)
• [@jest/expect-utils] Catch circular references within arrays when matching objects (#​14894)
• [@jest/expect-utils] Fix not addressing to Sets and Maps as objects without keys (#​14873)
• [jest-haste-map] Fix errors or clobbering with multiple hasteImplModulePaths (#​15522)
• [jest-leak-detector] Make leak-detector more aggressive when running GC (#​14526)
• [jest-runtime] Properly handle re-exported native modules in ESM via CJS (#​14589)
• [jest-runtime] Refactor _importCoreModel so required core module is consistent if modified while loading (#​15077)
• [jest-schemas, jest-types] [BREAKING] Fix type of testFailureExitCode config option(#​15232)
• [jest-util] Make sure isInteractive works in a browser (#​14552)
• [pretty-format] [BREAKING] Print ArrayBuffer and DataView correctly (#​14290)
• [pretty-format] Fixed a bug where "anonymous custom elements" were not being printed as expected. (#​15138)
• [jest-cli] When specifying paths on the command line, only match against the relative paths of the test files (#​12519)
  • [BREAKING] Changes testPathPattern configuration option to testPathPatterns, which now takes a list of patterns instead of the regex.
  • [BREAKING] --testPathPattern is now --testPathPatterns
  • [BREAKING] Specifying testPathPatterns when programmatically calling watch must be specified as new TestPathPatterns(patterns), where TestPathPatterns can be imported from @jest/pattern
• [jest-reporters, jest-runner] Unhandled errors without stack get correctly logged to console (#​14619)
• [jest-util] Always load mjs files with import (#​15447)
• [jest-worker] Properly handle a circular reference error when worker tries to send an assertion fails where either the expected or actual value is circular (#​15191)
• [jest-worker] Properly handle a BigInt when worker tries to send an assertion fails where either the expected or actual value is BigInt (#​15191)
• [expect] Resolve issue where ObjectContaining matched non-object values. #​15463.
  • Adds a conditional/check to ensure the argument passed to expect is an object.
  • Add unit tests for new ObjectContaining behavior.
  • Remove invalid/wrong test case assertions for ObjectContaining.
• [jest-worker] Addresses incorrect state on exit (#​15610)

Performance

• [*] [BREAKING] Bundle all of Jest's modules into index.js (#​12348, #​14550 & #​14661)
• [jest-haste-map] Only spawn one process to check for watchman installation (#​14826)
• [jest-runner] Better cleanup source-map-support after test to resolve (minor) memory leak (#​15233)
• [jest-resolver] Migrate resolve and resolve.exports to unrs-resolver (#​15619)
• [jest-circus, jest-environment-node, jest-repl, jest-runner, jest-util] Cleanup global variables on environment teardown to reduce memory leaks (#​15215 & #​15636 & #​15643)

Chore & Maintenance

• [jest-environment-jsdom, jest-environment-jsdom-abstract] Increased version of jsdom to ^26.0.0 (#​15325CVE-2024-37890)
• [*] Increase version of micromatch to ^4.0.7 (#​15082)
• [*] [BREAKING] Drop support for Node.js versions 14, 16, 19, 21 and 23 (#​14460, #​15118, #​15623, #​15640)
• [*] [BREAKING] Drop support for [email protected], minimum version is now 5.4 (#​14542, #​15621)
• [*] Depend on exact versions of monorepo dependencies instead of ^ range (#​14553)
• [*] [BREAKING] Add ESM wrapper for all of Jest's modules (#​14661)
• [*] [BREAKING] Upgrade to glob@10 (#​14509)
• [*] Use TypeError over Error where appropriate (#​14799)
• [docs] Fix typos in CHANGELOG.md and packages/jest-validate/README.md (#​14640)
• [docs] Don't use alias matchers in docs (#​14631)
• [babel-jest, babel-preset-jest] [BREAKING] Increase peer dependency of @babel/core to ^7.11 (#​14109)
• [babel-jest, @​jest/transform] Update babel-plugin-istanbul to v6 (#​15156)
• [babel-plugin-jest-hoist] Move unnecessary dependencies to devDependencies (#​15010)
• [expect] [BREAKING] Remove .toBeCalled(), .toBeCalledTimes(), .toBeCalledWith(), .lastCalledWith(), .nthCalledWith(), .toReturn(), .toReturnTimes(), .toReturnWith(), .lastReturnedWith(), .nthReturnedWith() and .toThrowError() matcher aliases (#​14632)
• [jest-cli, jest-config, @​jest/types] [BREAKING] Remove deprecated --init argument (#​14490)
• [jest-config, @​jest/core, jest-util] Upgrade ci-info (#​14655)
• [jest-mock] [BREAKING] Remove MockFunctionMetadataType, MockFunctionMetadata and SpyInstance types (#​14621)
• [@jest/reporters] Upgrade istanbul-lib-source-maps (#​14924)
• [jest-schemas] Upgrade @sinclair/typebox (#​14775)
• [jest-transform] Upgrade write-file-atomic (#​14274)
• [jest-util] Upgrade picomatch to v4 (#​14653 & #​14885)
• [docs] Append to NODE_OPTIONS, not overwrite ([#​14730](https://redirect.github.com/jestjs/jest/pull/14730))
• [docs] Updated .toHaveBeenCalled() documentation to correctly reflect its functionality (#​14842)
• [docs] Link NestJS documentation on testing with Jest (#​14940)
• [docs] Revised documentation for .toHaveBeenCalled() to accurately depict its functionality. (#​14853)
• [docs] Removed ExpressJS reference link from documentation due to dead link (#​15270)
• [docs] Correct broken links in docs (#​15359)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for endearing-brigadeiros-63f9d0 canceled.

Name	Link
🔨 Latest commit	e6a1620
🔍 Latest deploy log	https://app.netlify.com/projects/endearing-brigadeiros-63f9d0/deploys/6853f417ce2d6a0008703a9b

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ✅ 0 package(s) with unknown licenses.
• ⚠️ 1 packages with OpenSSF Scorecard issues.

See the Details below.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@babel/code-frame	7.27.1	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 24/30 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 26 existing vulnerabilities detected
npm/@babel/compat-data	7.27.5	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 24/30 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 26 existing vulnerabilities detected
npm/@babel/core	7.27.4	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 24/30 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 26 existing vulnerabilities detected
npm/@babel/generator	7.27.5	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 24/30 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 26 existing vulnerabilities detected
npm/@babel/helper-compilation-targets	7.27.2	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 24/30 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 26 existing vulnerabilities detected
npm/@babel/helper-module-imports	7.27.1	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 24/30 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 26 existing vulnerabilities detected
npm/@babel/helper-module-transforms	7.27.3	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 24/30 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 26 existing vulnerabilities detected
npm/@babel/helper-plugin-utils	7.27.1	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 24/30 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 26 existing vulnerabilities detected
npm/@babel/helper-string-parser	7.27.1	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 24/30 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 26 existing vulnerabilities detected
npm/@babel/helper-validator-identifier	7.27.1	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 24/30 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 26 existing vulnerabilities detected
npm/@babel/helper-validator-option	7.27.1	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 24/30 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 26 existing vulnerabilities detected
npm/@babel/helpers	7.27.6	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 24/30 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 26 existing vulnerabilities detected
npm/@babel/parser	7.27.5	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 24/30 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 26 existing vulnerabilities detected
npm/@babel/plugin-syntax-jsx	7.27.1	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 24/30 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 26 existing vulnerabilities detected
npm/@babel/plugin-syntax-typescript	7.27.1	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 24/30 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 26 existing vulnerabilities detected
npm/@babel/template	7.27.2	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 24/30 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 26 existing vulnerabilities detected
npm/@babel/traverse	7.27.4	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 24/30 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 26 existing vulnerabilities detected
npm/@babel/types	7.27.6	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 8 Found 24/30 approved changesets -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 10 license file detected Security-Policy 🟢 10 security policy file detected CII-Best-Practices ⚠️ 2 badge detected: InProgress Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 26 existing vulnerabilities detected
npm/@jest/diff-sequences	30.0.1	Unknown	Unknown
npm/@jest/environment	30.0.2	Unknown	Unknown
npm/@jest/expect	30.0.2	Unknown	Unknown
npm/@jest/expect-utils	30.0.2	Unknown	Unknown
npm/@jest/fake-timers	30.0.2	Unknown	Unknown
npm/@jest/get-type	30.0.1	Unknown	Unknown
npm/@jest/globals	30.0.2	Unknown	Unknown
npm/@jest/pattern	30.0.1	Unknown	Unknown
npm/@jest/schemas	30.0.1	Unknown	Unknown
npm/@jest/snapshot-utils	30.0.1	Unknown	Unknown
npm/@jest/transform	30.0.2	Unknown	Unknown
npm/@jest/types	30.0.1	Unknown	Unknown
npm/@pkgr/core	0.2.7	Unknown	Unknown
npm/@sinclair/typebox	0.34.35	🟢 4.2	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 1 Found 4/29 approved changesets -- score normalized to 1 Maintained 🟢 10 8 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 9 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 8 2 existing vulnerabilities detected
npm/@sinonjs/fake-timers	13.0.5	🟢 4.6	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 2 Found 6/28 approved changesets -- score normalized to 2 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 4 6 existing vulnerabilities detected
npm/@ungap/structured-clone	1.3.0	Unknown	Unknown
npm/babel-plugin-istanbul	7.0.0	🟢 4.7	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 2 Found 6/25 approved changesets -- score normalized to 2 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/browserslist	4.25.0	🟢 4.5	Details Check Score Reason Code-Review ⚠️ 2 Found 6/27 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained 🟢 10 10 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
npm/caniuse-lite	1.0.30001723	🟢 4.3	Details Check Score Reason Maintained 🟢 10 16 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 9 1 existing vulnerabilities detected
npm/ci-info	4.2.0	🟢 3.4	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Code-Review ⚠️ 0 Found 2/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/electron-to-chromium	1.5.170	Unknown	Unknown
npm/expect	30.0.2	Unknown	Unknown
npm/jest-diff	30.0.2	Unknown	Unknown
npm/jest-haste-map	30.0.2	Unknown	Unknown
npm/jest-matcher-utils	30.0.2	Unknown	Unknown
npm/jest-message-util	30.0.2	Unknown	Unknown
npm/jest-mock	30.0.2	Unknown	Unknown
npm/jest-regex-util	30.0.1	Unknown	Unknown
npm/jest-snapshot	30.0.2	Unknown	Unknown
npm/jest-util	30.0.2	Unknown	Unknown
npm/jest-worker	30.0.2	Unknown	Unknown
npm/node-releases	2.0.19	🟢 4.1	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 5 6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected SAST ⚠️ 0 no SAST tool detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/picomatch	4.0.2	🟢 5	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST 🟢 7 SAST tool detected but not run on all commits
npm/pirates	4.0.7	🟢 4.2	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 4 5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4 Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 0 Found 2/25 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Packaging 🟢 10 packaging workflow detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Vulnerabilities 🟢 3 7 existing vulnerabilities detected
npm/pretty-format	30.0.2	Unknown	Unknown
npm/semver	7.7.2	🟢 6.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 5 6 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5 Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST 🟢 8 SAST tool detected but not run on all commits
npm/synckit	0.11.8	Unknown	Unknown
npm/update-browserslist-db	1.1.3	⚠️ 2.9	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 1 0 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1 Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 1 Found 3/22 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected
npm/write-file-atomic	5.0.1	🟢 6.2	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 10 all changesets reviewed Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST 🟢 8 SAST tool detected but not run on all commits
npm/@jest/globals	^30.0.2	Unknown	Unknown

Scanned Files

• experimental/license-inventory/package-lock.json
• experimental/license-inventory/package.json

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 69.51%. Comparing base (d13686d) to head (e6a1620).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1058   +/-   ##
=======================================
  Coverage   69.51%   69.51%           
=======================================
  Files          54       54           
  Lines        2227     2227           
  Branches      248      248           
=======================================
  Hits         1548     1548           
  Misses        648      648           
  Partials       31       31           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.