← Home

@typescript-eslint/eslint-plugin

npm Repository Homepage

TypeScript plugin for ESLint

51
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

jameshenrybradzacher

Keywords

eslinteslintplugineslint-plugintypescript

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:typescript-eslint-parser AI (dependencies): typescript-eslint-parser was the legitimate predecessor parser used by this plugin before the @typescript-eslint monorepo reorganization; its use in v0.1.0 is expected and not a security concern. ai
dependencies unvetted-dep:@typescript-eslint/experimental-utils AI (dependencies): This is a sibling package within the same typescript-eslint monorepo, always published at the same version. It is a legitimate internal utility dependency, not a suspicious third-party package. ai
dependencies unvetted-dep:graphemer AI (dependencies): graphemer is a legitimate, narrow-scoped Unicode string segmentation library; stable dependency for this package. ai
provenance slsa-provenance AI (provenance): typescript-eslint publishes via GitHub Actions with SLSA attestation; this is the expected and documented publish flow for this package. ai
source-diff large-new-source-files AI (source-diff): New type definitions and build artifacts are expected in routine TypeScript plugin updates; no bundled/injected code risk. ai
publish-pattern new-deps-added AI (publish-pattern): New dependencies are all legitimate @typescript-eslint and ecosystem packages; no suspicious additions. ai
source-diff source-size-tripled AI (source-diff): 5.2x size increase expected for mature linting plugin with feature expansion; no malware indicators. ai
provenance missing-githead AI (provenance): Automated CI/CD publishing via GitHub Actions does not inject gitHead; SLSA provenance attestation provides stronger commit-level integrity signal. ai
maintainer-change maintainer-added AI (maintainer-change): New maintainer addition to established project is normal; no compromise indicators present. ai
provenance publisher-changed AI (provenance): Publisher transition to GitHub Actions with SLSA attestation is a positive supply chain integrity signal. ai
provenance no-provenance AI (provenance): Provenance attestation is not yet standard for established packages; not a security concern for this mature project. ai
dependencies unvetted-dep:@typescript-eslint/type-utils AI (dependencies): Sibling package from the same typescript-eslint monorepo, pinned to the same version. Legitimate internal dependency. ai
bogus-package bogus-package AI (bogus-package): Legitimate monorepo package from typescript-eslint org; inflated semver reflects coordinated versioning across packages, not spam. Short README defers to official docs site. ai

Versions (showing 51 of 397)

Show 402 prereleases View all versions
Version Deps Published
8.61.1 8 / 23
8.61.0 8 / 23
8.60.1 8 / 23
8.60.0 8 / 22
8.59.4 8 / 22
8.59.3 8 / 22
8.59.2 8 / 22
8.59.1 8 / 22
8.59.0 8 / 22
8.58.2 8 / 22
8.58.1 8 / 22
8.58.0 8 / 22
8.57.2 8 / 22
8.57.1 8 / 22
8.57.0 8 / 22
8.56.1 8 / 22
8.56.0 8 / 22
8.55.0 8 / 22
8.54.0 8 / 20
8.53.1 8 / 20
8.53.0 8 / 20
8.52.0 8 / 20
8.51.0 8 / 20
8.50.1 8 / 21
8.50.0 8 / 21
8.49.0 8 / 21
8.48.1 9 / 21
8.48.0 9 / 21
8.47.0 9 / 21
8.46.4 9 / 21
8.46.3 9 / 21
8.46.2 9 / 21
8.46.1 9 / 21
8.46.0 9 / 21
8.45.0 9 / 21
8.44.1 9 / 21
8.44.0 9 / 21
8.43.0 9 / 21
8.42.0 9 / 21
8.41.0 9 / 21
8.40.0 9 / 21
8.39.1 9 / 21
8.39.0 9 / 21
8.38.0 9 / 21
8.37.0 9 / 21
8.36.0 9 / 21
8.35.1 9 / 20
8.35.0 9 / 21
8.34.1 9 / 21
8.34.0 9 / 21
8.33.1 9 / 21

v8.61.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.61.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.60.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.60.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.59.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.59.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.59.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.48.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.