@ui5/linter Apache-2.0 23 versions

@ui5/linter

npm Repository Homepage

A static code analysis tool for UI5

23

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

sap-ospo-admin

Keywords

openui5sapui5ui5developmentlinter

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	new-deps-added	AI (publish-pattern): New dep is `semver`, a canonical well-vetted package; no risk.	ai	2026/05/23
maintainer-change	maintainer-takeover	AI (maintainer-change): sap-ospo-admin is SAP's OSS admin account; consolidation of SAP UI5 tooling maintainers is expected org-level housekeeping.	ai	2026/05/13
maintainer-change	maintainer-added	AI (maintainer-change): sap-ospo-admin addition is consistent with SAP org-level maintainer consolidation.	ai	2026/05/13
maintainer-change	maintainer-removed	AI (maintainer-change): Removal of ui5-bot/flovogt aligns with SAP centralizing OSS admin under sap-ospo-admin.	ai	2026/05/13
dependencies	unvetted-dep:@ui5/fs	AI (dependencies): Core UI5 ecosystem dependency; expected for this tooling package.	ai	2026/05/04
dependencies	unvetted-dep:data-with-position	AI (dependencies): Utility for position-aware data structures; standard linting tooling dependency.	ai	2026/05/04
dependencies	unvetted-dep:@ui5/logger	AI (dependencies): Core UI5 ecosystem dependency; expected for this tooling package.	ai	2026/05/04
dependencies	unvetted-dep:@ui5/project	AI (dependencies): Core UI5 ecosystem dependency; expected for this tooling package.	ai	2026/05/04
dependencies	unvetted-dep:sax-wasm	AI (dependencies): SAX parser WASM binding; standard dependency for XML/HTML linting tooling.	ai	2026/05/04

Versions (showing 23 of 23)

Version	Deps	Published
1.21.1	20 / 32	2026-05-13
1.21.0	20 / 32	2026-05-11
1.20.18	20 / 31	2026-04-02
1.20.17	20 / 31	2026-03-31
1.20.16	20 / 31	2026-03-25
1.20.13	20 / 31	2026-03-06
1.20.11	20 / 31	2026-02-17
1.20.9	20 / 31	2026-01-30
1.20.8	20 / 31	2026-01-23
1.20.7	20 / 31	2025-12-29
1.20.6	20 / 31	2025-12-12
1.20.5	20 / 31	2025-11-18
1.20.4	20 / 31	2025-11-17
1.20.3	20 / 31	2025-11-10
1.20.1	20 / 31	2025-09-18
1.20.0	20 / 31	2025-09-11
1.18.1	19 / 29	2025-08-22
1.18.0	19 / 29	2025-08-19
1.17.0	19 / 29	2025-07-22
1.16.0	19 / 29	2025-07-03
1.15.0	19 / 29	2025-07-03
1.14.0	19 / 29	2025-06-27
1.13.1	18 / 29	2025-05-12

v1.21.1

2 findings

HIGH Complete maintainer takeover detected maintainer-change

All previous maintainers (ui5-bot, flovogt) were replaced by new maintainers (sap-ospo-admin). This is a strong signal of a potential package hijack and requires careful review.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.21.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.20.18

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.20.17

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.20.16

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.20.13

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.20.11

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.20.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.20.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.20.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.20.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.20.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.20.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.20.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.20.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.20.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.18.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.18.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.17.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.16.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.15.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.14.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.13.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.