chore(deps): update dependency vanilla-jsoneditor to v3

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
vanilla-jsoneditor	^0.23.0 -> ^3.0.0

---

Release Notes

josdejong/svelte-jsoneditor (vanilla-jsoneditor)

v3.1.1

Compare Source

v3.1.0

Compare Source

Features

• implement createAjvValidatorAsync (#​522) (24cea1a)
• update dependencies (b267409)

v3.0.0

Compare Source

⚠ BREAKING CHANGES

• Dropped support for Svelte 3 and 4, the library requires Svelte 5 now.
• Dropped support for jsonpath-plus v9.
• most public methods changed from asynchronous to synchronous.

Features

• Change methods set, update, patch, select, expand, collapse, acceptAutoRepair, focus, updateProps from asynchronous to synchronous, fixing #​499 (#​524) (6dd69cd)

Bug Fixes

• #​512 prevent browser addons from reacting to keydown events like shift+arrow down (eef40ad)
• #​518 convert all Svelte examples to Svelte 5 (0c3f3ae)
• upgrade to the latest version of jsonpath-plus, fixing a security vulnerability (#​523) (393c76b)

v2.4.0

Compare Source

Features

• enable pasting via the context menu in tree and table mode (6c12e3b)

2.3.3 (2024-12-11)

Bug Fixes

• esm-env warning in vanilla-jsoneditor bundle (#​507) (11daf16)
• suppress [svelte] reactive_declaration_non_reactive_property warnings during development (5e05768)

2.3.2 (2024-12-05)

Bug Fixes

• #​506 modal closing when the mouse ends outside it after selecting text in Chrome (bbb7d83)
• update dependencies (1df771f)

2.3.1 (2024-11-27)

Bug Fixes

• no history being created when clicking action buttons such as format and compact (a8c329c)

v2.3.3

Compare Source

v2.3.2

Compare Source

v2.3.1

Compare Source

v2.3.0

Compare Source

Features

• update dependencies (most notably jsonrepair) (d84c394)

2.2.1 (2024-11-27)

Bug Fixes

• flush any pending changes before undo/redo (81783f4)

v2.2.1

Compare Source

v2.2.0

Compare Source

Features

• keep history when switching mode (#​504) (b5f11ca)

v2.1.0

Compare Source

Features

• implement quick key Ctrl+D to duplicate the current row in table mode (deef105)

Bug Fixes

• exclude the sass dependency from the vanilla package (e3bcddb)
• update dependencies (jsonpath-plus, @jsonquerylang/jsonquery and others) (b69e9bf)

2.0.2 (2024-11-05)

Bug Fixes

• cannot sort a nested object inside an array (5ebe9fc)
• more efficient patch operation for the undo action of moving an item inside an object (187e994)
• only expand JSON after sort, transform and expand when isn't expanded already (5d84af0)
• performance issue of sorting the keys of large objects (3708998)

2.0.1 (2024-11-01)

Bug Fixes

• #​498 pressing enter when editing a value submits form (e8c814f)

v2.0.2

Compare Source

v2.0.1

Compare Source

v2.0.0

Compare Source

⚠ BREAKING CHANGES

• The library is upgraded to Svelte 5. Everything is backward compatible and works in Svelte 3, 4, and 5. There may be subtle breaking changes in specific edge cases though, hence the release as a new major version.

Features

• upgrade to Svelte 5 (#​490) (588caa5)

1.1.2 (2024-10-25)

Bug Fixes

• method patch not working in tree and table mode when the content is text (5f1c8a5)

1.1.1 (2024-10-22)

Bug Fixes

• list svelte ^3.54.0 as compatible peerDependency alongside 4.0.0 (ba2aee5)
• upgrade to [email protected] (5fe2588)

v1.1.2

Compare Source

v1.1.1

Compare Source

v1.1.0

Compare Source

Features

• upgrade to [email protected] (acb6976)

1.0.8 (2024-10-14)

Bug Fixes

• upgrade dependencies (13e7cef)

1.0.7 (2024-10-09)

Bug Fixes

• #​488 types JsonEditor and CreateJSONEditorProps not exported in vanilla-jsoneditor (337c33b)
• #​489 anchor styling defined in the TransformModal affecting the global style (a213583)

1.0.6 (2024-09-30)

Bug Fixes

• type definition of createJSONEditor not exported in the vanilla-jsoneditor library (e0aee3e)

1.0.5 (2024-09-30)

Bug Fixes

• key not rendered when the value contains search results and vice versa (0c41c79)

1.0.4 (2024-09-27)

Bug Fixes

• #​486 naming conflict for argument isMac in the type definitions (9fac7a3)

1.0.3 (2024-09-26)

Bug Fixes

• invalid JSONPath query options could crash the Transform Modal (c90a54c)

1.0.2 (2024-09-26)

Bug Fixes

• more robust positioning of the modal by adding margin: auto, see #​384 (2302436)

1.0.1 (2024-09-25)

Bug Fixes

• handle createQuery throwing an exception in the TransformModal (4b1f3f6)

v1.0.8

Compare Source

v1.0.7

Compare Source

v1.0.6

Compare Source

v1.0.5

Compare Source

v1.0.4

Compare Source

v1.0.3

Compare Source

v1.0.2

Compare Source

v1.0.1

Compare Source

v1.0.0

Compare Source

⚠ BREAKING CHANGES

• The internal state is refactored. This should not give any issues except when
  relying on some internal or undocumented features.
• Changed the API to consistently use undefined instead of null. This involves
  properties selection, onChange (properties contentErrors and patchResult), onRenderContextMenu(propertyselection), onSelect, and methods validate, and select`.
• Old deprecation messages are removed.
• The API of the expand function is changed from expand(callback) to
  expand(path, callback), and can't be used anymore for collapsing nodes. Instead,
  se the collapse(path) method for that.
• The property edit is removed from the types KeySelection and ValueSelection,
  and two new types EditKeySelection and EditValueSelection are added.
• The helper functions createKeySelection and createValueSelection are changed,
  argument edit is removed, and two new helper functions createEditKeySelection
  and createEditValueSelection are added.
• The API of the component EditableValue requires an additional property selection.
• Some of the class names related to selection highlighting are moved/changed.
• The default query language is changed to jsonquery.
• The vanilla editor needs to be instantiated using createJSONEditor(...) instead
  of new JSONEditor(...) in preparation for the upgrade to Svelte 5.

Features

• change the constructor of the vanilla library from new JSONEditor(...) into createJSONEditor(...) in preparation
  for an upgrade to Svelte 5.
• implemented a powerful API for expand and collapse (#​458)
• replace the default query language with a new query language jsonquery (#​469)
• implement support for the query language JSONPath (#​470)
• export more utility functions (#​461)
• change the API to consistently use undefined instead of null (#​453).
• replaced svelte-simple-modal with native HTML <dialog /> (#​462)
• the property edit is removed from the types KeySelection and ValueSelection,
  and two new types EditKeySelection and EditValueSelection are added.
• internal refactor of the data structure holding state like expanded nodes and search results.

Bug Fixes

• shortcut keys Ctrl+F and Ctrl+H not working in table mode whilst editing a value
• the do you want to format message popped up after clicking the "Compact" button
• define svelte@4 as a peer dependency
• a lot of small bugfixes.

0.23.8 (2024-07-26)

Bug Fixes

• revert the "text mode loads partially scrolled down" fix (#​471) (38e7dd9)

0.23.7 (2024-06-06)

Bug Fixes

• search and replace in table mode not working (3f8a398)

0.23.6 (2024-06-05)

Features

• update dependencies codemirror, codemirror-indentation-markers, ajv, sass (1eb5c0b)

Bug Fixes

• #​436 Ctrl+Click (Cmd+Click) not working on Mac (7142783)

0.23.5 (2024-05-30)

Features

• upgrade dependencies codemirror, ajv, jsonrepair, and update dev dependencies (999acfc)

Bug Fixes

• cleanup wrong classname jse-readonly-password attached to all values (eabbeb2)
• make platform detection more robust and future proof (#​435) (776ff70)

0.23.4 (2024-05-09)

Bug Fixes

• cannot use middle mouse button to scroll (d0e7f4c)
• update jsonrepair and other dependencies (7b9063f)

0.23.3 (2024-05-06)

Features

• update codemirror, ajv, fontawesome, jsonrepair, and dev dependencies (7bd08e7)

Bug Fixes

• text mode loads partially scrolled down (56e18ee)

0.23.2 (2024-04-17)

Bug Fixes

• #​423 error about an invalid selection in text mode when clearing the contents (5ed8a86)
• change text "fullscreen" to "full screen" (a56415f)
• editor not getting focus when clicking in an empty area in table mode (0e74043)

0.23.1 (2024-03-28)

Features

• fullscreen support for modals (#​420) (160a739)
• pass validation severity into UI (#​416) (6cd6af9), closes #​369 #​148 #​150
• update dependencies (codemirror, sass, and dev dependencies) (abf0468)

Bug Fixes

• support pressing Esc to close the CopyPasteModal (fb77efe)
• update dependency vanilla-picker and update devDependencies (b0ba13f)

---

Configuration

📅 Schedule: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
unleash-monorepo-frontend	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 15, 2025 5:44pm

1 Skipped Deployment

Name	Status	Preview	Comments	Updated (UTC)
unleash-docs	⬜️ Ignored (Inspect)	Visit Preview		Apr 15, 2025 5:44pm

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ❌ 2 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ✅ 0 package(s) with unknown licenses.
• ⚠️ 1 packages with OpenSSF Scorecard issues.

See the Details below.

License Issues

frontend/yarn.lock

Package	Version	License	Issue Type
@fortawesome/free-regular-svg-icons	6.7.2	(CC-BY-4.0 AND MIT)	Incompatible License
@fortawesome/free-solid-svg-icons	6.7.2	CC-BY-4.0 AND MIT AND OFL-1.1	Incompatible License

Allowed Licenses: Apache-2.0, MIT, BSD-2-Clause, BSD-3-Clause, ISC, 0BSD, CC0-1.0, Unlicense, BlueOak-1.0.0, CC-BY-4.0, Artistic-2.0

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/vanilla-jsoneditor	^3.0.0	🟢 4.9	Details Check Score Reason Code-Review ⚠️ 0 Found 2/30 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 License 🟢 9 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 8 2 existing vulnerabilities detected
npm/@codemirror/autocomplete	6.18.6	🟢 3.9	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Maintained 🟢 5 7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@codemirror/commands	6.8.1	🟢 3.6	Details Check Score Reason Maintained ⚠️ 2 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected SAST ⚠️ 0 no SAST tool detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
npm/@codemirror/language	6.11.0	🟢 3.5	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected SAST ⚠️ 0 no SAST tool detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
npm/@codemirror/lint	6.8.5	🟢 3.5	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 no SAST tool detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
npm/@codemirror/view	6.36.5	🟢 4.4	Details Check Score Reason SAST ⚠️ 0 no SAST tool detected Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 17 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
npm/@fortawesome/fontawesome-common-types	6.7.2	🟢 3.9	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 3 0 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 3 Code-Review 🟢 4 Found 13/27 approved changesets -- score normalized to 4 Token-Permissions ⚠️ -1 No tokens found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ -1 no workflows found Security-Policy ⚠️ 0 security policy file not detected License 🟢 9 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/@fortawesome/free-regular-svg-icons	6.7.2	🟢 3.9	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 3 0 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 3 Code-Review 🟢 4 Found 13/27 approved changesets -- score normalized to 4 Token-Permissions ⚠️ -1 No tokens found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ -1 no workflows found Security-Policy ⚠️ 0 security policy file not detected License 🟢 9 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/@fortawesome/free-solid-svg-icons	6.7.2	🟢 3.9	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 3 0 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 3 Code-Review 🟢 4 Found 13/27 approved changesets -- score normalized to 4 Token-Permissions ⚠️ -1 No tokens found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow ⚠️ -1 no workflows found Security-Policy ⚠️ 0 security policy file not detected License 🟢 9 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ -1 no dependencies found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/@jsonquerylang/jsonquery	4.1.1	Unknown	Unknown
npm/@lezer/highlight	1.2.1	🟢 3	Details Check Score Reason Dangerous-Workflow ⚠️ -1 no workflows found SAST ⚠️ 0 no SAST tool detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ -1 No tokens found Pinned-Dependencies ⚠️ -1 no dependencies found Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
npm/@replit/codemirror-indentation-markers	6.5.3	Unknown	Unknown
npm/@sveltejs/acorn-typescript	1.0.5	Unknown	Unknown
npm/@types/estree	1.0.7	🟢 6.9	Details Check Score Reason Code-Review 🟢 8 Found 26/29 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 9 license file detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/acorn	8.14.1	🟢 4.9	Details Check Score Reason Maintained 🟢 6 5 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 6 Code-Review 🟢 3 Found 10/26 approved changesets -- score normalized to 3 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License ⚠️ 0 license file not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/ajv	8.17.1	🟢 5.6	Details Check Score Reason Code-Review 🟢 9 Found 29/30 approved changesets -- score normalized to 9 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Maintained ⚠️ 1 0 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 2 badge detected: InProgress Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/aria-query	5.3.2	🟢 5.3	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 3 Found 9/23 approved changesets -- score normalized to 3 Security-Policy 🟢 9 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/axobject-query	4.1.0	🟢 5.1	Details Check Score Reason Code-Review ⚠️ 1 Found 3/16 approved changesets -- score normalized to 1 Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/esm-env	1.2.2	Unknown	Unknown
npm/esrap	1.4.6	Unknown	Unknown
npm/fast-uri	3.0.6	Unknown	Unknown
npm/is-reference	3.0.3	⚠️ 2.9	Details Check Score Reason Pinned-Dependencies ⚠️ -1 no dependencies found Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow ⚠️ -1 no workflows found Token-Permissions ⚠️ -1 No tokens found Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 2 Found 6/21 approved changesets -- score normalized to 2 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License ⚠️ 0 license file not detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/jsonrepair	3.12.0	🟢 3.6	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 8 7 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 8 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 0/28 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 4 6 existing vulnerabilities detected
npm/svelte	5.27.0	🟢 5.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 7 Found 17/22 approved changesets -- score normalized to 7 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 8 SAST tool is not run on all commits -- score normalized to 8 Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected
npm/vanilla-jsoneditor	3.3.1	🟢 4.9	Details Check Score Reason Code-Review ⚠️ 0 Found 2/30 approved changesets -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 License 🟢 9 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 8 2 existing vulnerabilities detected
npm/zimmerframe	1.1.2	Unknown	Unknown

Scanned Files

• frontend/package.json
• frontend/yarn.lock