@trackunit/eslint-plugin-trackunit
A shared ESLint plugin and configuration preset for Trackunit projects. It bundles Trackunit-specific custom rules alongside curated third-party plugin configurations into ready-to-use flat-config presets for ESLint 9+.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:toplevel-fetch | AI (semgrep): fetch() call is inside an ESLint rule's example/test fixture file, not production code — stable false positive for this package. | ai | |
| license | uncommon-license:SEE LICENSE IN LICENSE.txt | AI (license): Custom license file reference is legitimate for proprietary packages. | ai | |
| provenance | no-provenance | AI (provenance): Provenance attestation is a best-practice recommendation, not a security blocker for this package. | ai | |
| dependencies | unvetted-dep:@nx/eslint-plugin | AI (dependencies): Well-known Nx monorepo tooling; stable dependency for this ESLint plugin package. | ai | |
| dependencies | unvetted-dep:eslint-plugin-no-null | AI (dependencies): Established ESLint plugin; no malicious indicators, appropriate for this package's purpose. | ai |
Versions (showing 51 of 60)
| Version | Deps | Published |
|---|---|---|
| 0.6.15 | 16 / 0 | |
| 0.6.14 | 16 / 0 | |
| 0.6.13 | 16 / 0 | |
| 0.6.12 | 16 / 0 | |
| 0.6.11 | 16 / 0 | |
| 0.6.10 | 16 / 0 | |
| 0.6.6 | 16 / 0 | |
| 0.6.4 | 16 / 0 | |
| 0.6.3 | 16 / 0 | |
| 0.6.2 | 16 / 0 | |
| 0.6.1 | 16 / 0 | |
| 0.6.0 | 16 / 0 | |
| 0.5.6 | 16 / 0 | |
| 0.5.5 | 16 / 0 | |
| 0.5.4 | 16 / 0 | |
| 0.5.2 | 16 / 0 | |
| 0.5.1 | 16 / 0 | |
| 0.4.67 | 16 / 0 | |
| 0.4.66 | 16 / 0 | |
| 0.4.65 | 16 / 0 | |
| 0.4.64 | 16 / 0 | |
| 0.4.63 | 16 / 0 | |
| 0.4.62 | 16 / 0 | |
| 0.4.61 | 16 / 0 | |
| 0.4.60 | 16 / 0 | |
| 0.4.59 | 16 / 0 | |
| 0.4.57 | 16 / 0 | |
| 0.4.56 | 16 / 0 | |
| 0.4.55 | 16 / 0 | |
| 0.4.50 | 16 / 0 | |
| 0.4.48 | 16 / 0 | |
| 0.4.47 | 16 / 0 | |
| 0.4.44 | 16 / 0 | |
| 0.4.43 | 16 / 0 | |
| 0.4.42 | 16 / 0 | |
| 0.4.39 | 16 / 0 | |
| 0.4.38 | 16 / 0 | |
| 0.4.37 | 16 / 0 | |
| 0.4.35 | 16 / 0 | |
| 0.4.34 | 16 / 0 | |
| 0.4.33 | 16 / 0 | |
| 0.4.32 | 16 / 0 | |
| 0.4.31 | 16 / 0 | |
| 0.4.30 | 16 / 0 | |
| 0.4.29 | 16 / 0 | |
| 0.4.25 | 16 / 0 | |
| 0.4.22 | 16 / 0 | |
| 0.4.16 | 18 / 0 | |
| 0.4.14 | 18 / 0 | |
| 0.4.11 | 18 / 0 | |
| 0.4.7 | 18 / 0 |
v0.6.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.67
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.66
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.65
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.64
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.63
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.62
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.60
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.59
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.57
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.56
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.55
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.50
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.47
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.44
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.43
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.42
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.39
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.38
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.37
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.35
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.34
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.33
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.32
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.31
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.30
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.29
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.25
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.22
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.