@phanect/lint
Personal ESLint configuration for Jumpei Ogawa (@phanect)
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | missing-githead | AI (provenance): SLSA provenance attestation present; gitHead absence is cosmetic given Sigstore-backed supply chain integrity. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Calendar-versioned package; gaps between releases are expected and provenance attestation confirms CI/CD publish integrity. | ai | |
| typosquat | typosquat.levenshtein:eslint | AI (typosquat): Scoped ESLint config package; not impersonating eslint. Levenshtein match is coincidental. | ai | |
| typosquat | typosquat.levenshtein:pino | AI (typosquat): No relation to pino; scoped package with clear ESLint config purpose. | ai | |
| phantom-deps | phantom-dep:eslint-import-resolver-typescript | AI (phantom-deps): ESLint resolver plugins are referenced in config objects, not imported directly; stable false positive for this package. | ai |
Versions (showing 4 of 4)
| Version | Deps | Published |
|---|---|---|
| 2026.5.19 | 12 / 6 | |
| 2026.4.28 | 12 / 6 | |
| 2025.11.29 | 12 / 6 | |
| 2025.11.28 | 12 / 6 |
v2026.5.19
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2025.11.29
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2025.11.28
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.