← Home

@vitus-labs/tools-lint

npm Repository Homepage

Shared [Biome](https://biomejs.dev) configuration for formatting and linting.

19
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

vitbokisch

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@biomejs/biome AI (phantom-deps): Package exports a biome config file; @biomejs/biome is correctly declared as a dep, just not imported in JS code. ai
phantom-deps phantom-dep:lodash-es AI (phantom-deps): Config/tooling package; lodash-es referenced in config, not directly imported. ai
phantom-deps phantom-dep:stylelint AI (phantom-deps): Stylelint config package; stylelint referenced in config files, not directly imported. ai
phantom-deps phantom-dep:eslint-plugin-jest AI (phantom-deps): ESLint plugin referenced in config, not directly imported. Expected for lint tooling packages. ai
phantom-deps phantom-dep:eslint-plugin-react AI (phantom-deps): ESLint plugin referenced in config, not directly imported. ai
phantom-deps phantom-dep:eslint-config-airbnb AI (phantom-deps): ESLint config referenced in config, not directly imported. ai
phantom-deps phantom-dep:eslint-plugin-import AI (phantom-deps): ESLint plugin referenced in config, not directly imported. ai
phantom-deps phantom-dep:eslint-plugin-graphql AI (phantom-deps): ESLint plugin referenced in config, not directly imported. ai
phantom-deps phantom-dep:eslint-config-prettier AI (phantom-deps): ESLint config referenced in config, not directly imported. ai
phantom-deps phantom-dep:eslint-plugin-jsx-a11y AI (phantom-deps): ESLint plugin referenced in config, not directly imported. ai
phantom-deps phantom-dep:eslint AI (phantom-deps): Lint config package; eslint and all plugins are referenced in config files, not imported directly. Expected pattern. ai
phantom-deps phantom-dep:eslint-plugin-prettier AI (phantom-deps): ESLint plugin referenced in config, not directly imported. ai
phantom-deps phantom-dep:eslint-plugin-storybook AI (phantom-deps): ESLint plugin referenced in config, not directly imported. ai
phantom-deps phantom-dep:@typescript-eslint/parser AI (phantom-deps): TypeScript ESLint parser referenced in config, not directly imported. ai
phantom-deps phantom-dep:eslint-plugin-react-hooks AI (phantom-deps): ESLint plugin referenced in config, not directly imported. ai
phantom-deps phantom-dep:stylelint-config-prettier AI (phantom-deps): Stylelint config referenced in config, not directly imported. ai
phantom-deps phantom-dep:stylelint-config-recommended AI (phantom-deps): Stylelint config referenced in config, not directly imported. ai
phantom-deps phantom-dep:@typescript-eslint/eslint-plugin AI (phantom-deps): TypeScript ESLint plugin referenced in config, not directly imported. ai
phantom-deps phantom-dep:eslint-import-resolver-typescript AI (phantom-deps): ESLint resolver referenced in config, not directly imported. ai
phantom-deps phantom-dep:stylelint-config-styled-components AI (phantom-deps): Stylelint config referenced in config, not directly imported. ai
phantom-deps phantom-dep:eslint-plugin-markdown AI (phantom-deps): ESLint plugin referenced in config, not directly imported. ai

Versions (showing 19 of 19)

Version Deps Published
2.4.0 1 / 0
2.3.1 1 / 0
2.3.0 1 / 0
2.2.0 1 / 0
2.1.0 1 / 0
2.0.0 1 / 0
1.15.5 1 / 0
1.15.3 1 / 0
1.15.2 1 / 0
1.15.0 1 / 0
1.14.0 1 / 0
1.13.0 1 / 0
1.12.0 1 / 0
1.11.0 1 / 0
1.10.0 1 / 0
1.9.0 1 / 0
1.7.0 1 / 0
1.6.0 1 / 0
1.5.1 22 / 4

v2.4.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.3.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.3.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.15.3

2 findings
HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.15.2

2 findings
HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.15.0

2 findings
HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.14.0

2 findings
HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.13.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.12.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.11.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.10.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.9.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.