@estjs/eslint-config
[](https://www.npmjs.com/package/@estjs/eslint-config) [](https://www.npmjs.com/package/@estjs/eslint-config) [![li
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:eslint-plugin-biome | AI (dependencies): eslint-plugin-biome is a legitimate ESLint plugin for Biome integration; consistent with this package's purpose. | ai | |
| phantom-deps | phantom-dep:@eslint/compat | AI (phantom-deps): Framework-scoped package loaded by convention in ESLint config aggregators; stable false positive for this package. | ai | |
| dependencies | unvetted-dep:@prettier/plugin-oxc | AI (dependencies): Official Prettier org plugin; legitimate dependency for an ESLint/Prettier config package. | ai | |
| dependencies | unvetted-dep:@unocss/eslint-plugin | AI (dependencies): Official UnoCSS eslint plugin; legitimate dependency for an ESLint config package. | ai | |
| dependencies | unvetted-dep:eslint-plugin-pnpm | AI (dependencies): Known pnpm linting plugin; legitimate dependency for an ESLint config package. | ai | |
| dependencies | unvetted-dep:eslint-plugin-command | AI (dependencies): Known ESLint plugin (antfu); legitimate dependency for an ESLint config package. | ai | |
| dependencies | unvetted-dep:eslint-plugin-sort-keys | AI (dependencies): Known ESLint plugin; legitimate dependency for an ESLint config package. | ai | |
| dependencies | unvetted-dep:@vitest/eslint-plugin | AI (dependencies): Official Vitest eslint plugin; legitimate dependency for an ESLint config package. | ai | |
| dependencies | unvetted-dep:@eslint/markdown | AI (dependencies): Official ESLint org package; legitimate dependency for an ESLint config package. | ai | |
| phantom-deps | phantom-dep:deepmerge-ts | AI (phantom-deps): ESLint config packages commonly use dependencies indirectly through config objects rather than direct ES imports; not a security concern for this package. | ai | |
| phantom-deps | phantom-dep:@prettier/plugin-oxc | AI (phantom-deps): ESLint config packages commonly reference plugins indirectly in config objects; @prettier/plugin-oxc is a legitimate official Prettier org package. | ai |
Versions (showing 11 of 11)
| Version | Deps | Published |
|---|---|---|
| 2.3.0 | 29 / 13 | |
| 2.2.4 | 29 / 13 | |
| 2.2.3 | 30 / 13 | |
| 2.2.1 | 30 / 12 | |
| 2.1.6 | 29 / 12 | |
| 2.1.5 | 31 / 13 | |
| 2.1.4 | 30 / 13 | |
| 2.1.3 | 30 / 13 | |
| 2.1.1 | 30 / 13 | |
| 2.0.4 | 30 / 13 | |
| 2.0.3 | 29 / 13 |
v2.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.