@ttsc/lint
Reference ttsc plugin: ESLint-style lint rules hosted in the same Program/Checker as the type-check pass.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:env-spread | AI (semgrep): Used in nodeConfigLoaderEnv to read env vars for config path resolution, not exfiltration; stable pattern for this package. | ai | |
| typosquat | typosquat.levenshtein:eslint | AI (typosquat): Scoped package @ttsc/lint is a lint plugin for ttsc, not a typosquat of eslint. | ai | |
| typosquat | typosquat.levenshtein:pino | AI (typosquat): Scoped package @ttsc/lint has no relation to pino; Levenshtein match is coincidental. | ai |
Versions (showing 20 of 20)
| Version | Deps | Published |
|---|---|---|
| 0.13.1 | 0 / 4 | |
| 0.13.0 | 0 / 4 | |
| 0.12.4 | 0 / 4 | |
| 0.12.3 | 0 / 4 | |
| 0.12.2 | 0 / 4 | |
| 0.12.1 | 0 / 4 | |
| 0.12.0 | 0 / 4 | |
| 0.11.0 | 0 / 4 | |
| 0.10.2 | 0 / 4 | |
| 0.10.1 | 0 / 4 | |
| 0.10.0 | 0 / 4 | |
| 0.9.0 | 0 / 4 | |
| 0.8.1 | 0 / 4 | |
| 0.8.0 | 0 / 4 | |
| 0.7.3 | 0 / 4 | |
| 0.7.2 | 0 / 4 | |
| 0.7.1 | 0 / 4 | |
| 0.7.0 | 0 / 4 | |
| 0.6.0 | 0 / 4 | |
| 0.5.0 | 0 / 0 |
v0.13.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.0
3 findingsSpreading entire process.env into an object — may capture all secrets 629 | } 630 | function nodeConfigLoaderEnv(configPath) { > 631 | const env = { ...process.env }; 632 | const parts = []; 633 | const nodeModules = findNearestNodeModules(node_path_1.default.dirname(configPath));
Spreading entire process.env into an object — may capture all secrets 811 | 812 | function nodeConfigLoaderEnv(configPath: string): NodeJS.ProcessEnv { > 813 | const env: NodeJS.ProcessEnv = { ...process.env }; 814 | const parts: string[] = []; 815 | const nodeModules = findNearestNodeModules(path.dirname(configPath));
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.