@typescript-eslint/eslint-plugin

TypeScript plugin for ESLint

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

jameshenrybradzacher

Keywords

eslinteslintplugineslint-plugintypescript

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:typescript-eslint-parser	AI (dependencies): typescript-eslint-parser was the legitimate predecessor parser used by this plugin before the @typescript-eslint monorepo reorganization; its use in v0.1.0 is expected and not a security concern.	ai	2026/04/22
dependencies	unvetted-dep:@typescript-eslint/experimental-utils	AI (dependencies): This is a sibling package within the same typescript-eslint monorepo, always published at the same version. It is a legitimate internal utility dependency, not a suspicious third-party package.	ai	2026/04/22
dependencies	unvetted-dep:graphemer	AI (dependencies): graphemer is a legitimate, narrow-scoped Unicode string segmentation library; stable dependency for this package.	ai	2026/04/22
provenance	slsa-provenance	AI (provenance): typescript-eslint publishes via GitHub Actions with SLSA attestation; this is the expected and documented publish flow for this package.	ai	2026/04/22
source-diff	large-new-source-files	AI (source-diff): New type definitions and build artifacts are expected in routine TypeScript plugin updates; no bundled/injected code risk.	ai	2026/04/22
publish-pattern	new-deps-added	AI (publish-pattern): New dependencies are all legitimate @typescript-eslint and ecosystem packages; no suspicious additions.	ai	2026/04/22
source-diff	source-size-tripled	AI (source-diff): 5.2x size increase expected for mature linting plugin with feature expansion; no malware indicators.	ai	2026/04/22
provenance	missing-githead	AI (provenance): Automated CI/CD publishing via GitHub Actions does not inject gitHead; SLSA provenance attestation provides stronger commit-level integrity signal.	ai	2026/04/22
maintainer-change	maintainer-added	AI (maintainer-change): New maintainer addition to established project is normal; no compromise indicators present.	ai	2026/04/22
provenance	publisher-changed	AI (provenance): Publisher transition to GitHub Actions with SLSA attestation is a positive supply chain integrity signal.	ai	2026/04/22
provenance	no-provenance	AI (provenance): Provenance attestation is not yet standard for established packages; not a security concern for this mature project.	ai	2026/04/22
dependencies	unvetted-dep:@typescript-eslint/type-utils	AI (dependencies): Sibling package from the same typescript-eslint monorepo, pinned to the same version. Legitimate internal dependency.	ai	2026/04/21
bogus-package	bogus-package	AI (bogus-package): Legitimate monorepo package from typescript-eslint org; inflated semver reflects coordinated versioning across packages, not spam. Short README defers to official docs site.	ai	2026/04/21

Versions (showing 100 of 799)

Hide prereleases

Version	Deps	Published
8.61.1	8 / 23	2026-06-15
8.61.0	8 / 23	2026-06-08
8.60.1	8 / 23	2026-06-01
8.60.0	8 / 22	2026-05-25
8.59.4	8 / 22	2026-05-18
8.59.3	8 / 22	2026-05-11
8.59.2	8 / 22	2026-05-04
8.59.1	8 / 22	2026-04-27
8.59.0	8 / 22	2026-04-20
8.58.2	8 / 22	2026-04-13
8.58.1	8 / 22	2026-04-08
8.58.0	8 / 22	2026-03-30
8.57.2	8 / 22	2026-03-23
8.57.1	8 / 22	2026-03-16
8.57.0	8 / 22	2026-03-09
8.56.1	8 / 22	2026-02-23
8.56.0	8 / 22	2026-02-16
8.55.0	8 / 22	2026-02-09
8.54.0	8 / 20	2026-01-26
8.53.1	8 / 20	2026-01-19
8.53.0	8 / 20	2026-01-12
8.52.0	8 / 20	2026-01-05
8.51.0	8 / 20	2025-12-29
8.50.1	8 / 21	2025-12-22
8.50.0	8 / 21	2025-12-15
8.49.0	8 / 21	2025-12-08
8.48.1	9 / 21	2025-12-02
8.48.0	9 / 21	2025-11-24
8.47.0	9 / 21	2025-11-17
8.46.4	9 / 21	2025-11-10
8.46.3	9 / 21	2025-11-03
8.46.2	9 / 21	2025-10-20
8.46.1	9 / 21	2025-10-13
8.46.0	9 / 21	2025-10-06
8.45.0	9 / 21	2025-09-29
8.44.1	9 / 21	2025-09-22
8.44.0	9 / 21	2025-09-15
8.43.0	9 / 21	2025-09-08
8.42.0	9 / 21	2025-09-02
8.41.0	9 / 21	2025-08-25
8.40.0	9 / 21	2025-08-18
8.39.1	9 / 21	2025-08-11
8.39.0	9 / 21	2025-08-04
8.38.0	9 / 21	2025-07-21
8.37.0	9 / 21	2025-07-14
8.36.0	9 / 21	2025-07-07
8.35.1	9 / 20	2025-06-30
8.35.0	9 / 21	2025-06-23
8.34.1	9 / 21	2025-06-16
8.34.0	9 / 21	2025-06-09
8.33.1	9 / 21	2025-06-02
8.33.0	9 / 21	2025-05-27
8.32.1	9 / 21	2025-05-12
8.32.0	9 / 22	2025-05-05
8.31.1	9 / 22	2025-04-28
8.31.0	9 / 22	2025-04-21
8.30.1	9 / 24	2025-04-14
8.30.0	9 / 24	2025-04-14
8.29.1	9 / 24	2025-04-07
8.29.0	9 / 24	2025-03-31
8.28.0	9 / 24	2025-03-24
8.27.0	9 / 24	2025-03-20
8.26.1	9 / 24	2025-03-10
8.26.0	9 / 24	2025-03-03
8.25.0	9 / 24	2025-02-24
8.24.1	9 / 24	2025-02-17
8.24.0	9 / 24	2025-02-10
8.23.0	9 / 24	2025-02-03
8.22.0	9 / 24	2025-01-27
8.21.0	9 / 24	2025-01-20
8.20.0	9 / 24	2025-01-13
8.19.1	9 / 24	2025-01-06
8.19.0	9 / 24	2024-12-30
8.18.2	9 / 24	2024-12-23
8.18.1	9 / 24	2024-12-16
8.18.0	9 / 24	2024-12-09
8.17.0	9 / 24	2024-12-02
8.16.0	9 / 24	2024-11-25
8.15.0	9 / 24	2024-11-18
8.14.0	9 / 24	2024-11-11
8.13.0	9 / 24	2024-11-04
8.12.2	9 / 24	2024-10-29
8.12.1	9 / 24	2024-10-28
8.12.0	9 / 24	2024-10-28
8.11.0	9 / 24	2024-10-21
8.10.0	9 / 24	2024-10-17
8.9.0	9 / 24	2024-10-14
8.8.1	9 / 24	2024-10-07
8.8.0	9 / 24	2024-09-30
8.7.0	9 / 24	2024-09-23
8.6.0	9 / 24	2024-09-16
8.5.0	9 / 24	2024-09-09
8.4.0	9 / 24	2024-09-02
8.3.0	9 / 24	2024-08-26
8.2.0	9 / 24	2024-08-19
8.1.0	9 / 24	2024-08-12
8.0.1	9 / 24	2024-08-05
8.0.0	9 / 24	2024-07-31
7.18.0	9 / 25	2024-07-29
7.17.0	9 / 25	2024-07-22

Showing 100 of 799 Next page →

v8.61.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.61.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.60.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.60.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.59.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.59.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.59.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.48.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.