@baseplate-dev/tools
Shared dev configurations for linting, formatting, and testing Baseplate projects
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): New deps are legitimate ESLint plugins consistent with this shared linting config package's purpose. | ai | |
| phantom-deps | phantom-dep:prettier-plugin-packagejson | AI (phantom-deps): Config-file reference in prettier config; stable pattern for shared tool packages. | ai | |
| dependencies | unvetted-dep:@tsconfig/vite-react | AI (dependencies): Standard tsconfig preset package; no security risk for a dev-tooling config package. | ai | |
| dependencies | unvetted-dep:@vitest/eslint-plugin | AI (dependencies): Official vitest ESLint plugin; well-known tooling package with no malware indicators. | ai | |
| dependencies | unvetted-dep:eslint-plugin-better-tailwindcss | AI (dependencies): ESLint plugin for Tailwind CSS; appropriate dependency for a shared linting config package. | ai | |
| phantom-deps | phantom-dep:prettier-plugin-tailwindcss | AI (phantom-deps): Declared as dep for consumers to use via prettier config re-export, not directly imported. | ai | |
| phantom-deps | phantom-dep:@tsconfig/vite-react | AI (phantom-deps): Config-only package; tsconfig files are referenced in JSON exports, not imported in JS. | ai | |
| phantom-deps | phantom-dep:eslint-import-resolver-typescript | AI (phantom-deps): Used as eslint resolver config value, not a direct JS import. | ai | |
| phantom-deps | phantom-dep:@tsconfig/node22 | AI (phantom-deps): Config-only package; tsconfig files are referenced in JSON exports, not imported in JS. | ai |
Versions (showing 10 of 10)
| Version | Deps | Published |
|---|---|---|
| 1.0.7 | 20 / 6 | |
| 0.6.9 | 20 / 6 | |
| 0.6.8 | 20 / 6 | |
| 0.6.7 | 20 / 6 | |
| 0.6.4 | 20 / 6 | |
| 0.4.0 | 18 / 5 | |
| 0.3.1 | 17 / 5 | |
| 0.1.3 | 16 / 5 | |
| 0.1.2 | 16 / 5 | |
| 0.1.1 | 16 / 5 |
v1.0.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.