Gathering detailed insights and metrics for @ota-meshi/eslint-plugin-svelte
Gathering detailed insights and metrics for @ota-meshi/eslint-plugin-svelte
Installations
npm install @ota-meshi/eslint-plugin-svelteDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
^12.22.0 || ^14.17.0 || >=16.0.0
Node Version
16.15.1
NPM Version
8.11.0
Releases
183
eslint-plugin-svelte@3.10.1
eslint-plugin-svelte@3.10.1
Updated on Jun 27, 2025
eslint-plugin-svelte@3.10.0
eslint-plugin-svelte@3.10.0
Updated on Jun 26, 2025
eslint-plugin-svelte@3.9.3
eslint-plugin-svelte@3.9.3
Updated on Jun 20, 2025
eslint-plugin-svelte@3.9.2
eslint-plugin-svelte@3.9.2
Updated on Jun 10, 2025
eslint-plugin-svelte@3.9.1
eslint-plugin-svelte@3.9.1
Updated on Jun 01, 2025
eslint-plugin-svelte@3.9.0
eslint-plugin-svelte@3.9.0
Updated on May 21, 2025
Languages
5
TypeScript
Svelte
JavaScript
CSS
HTML
TypeScript (95.92%)
Svelte (1.7%)
JavaScript (1.55%)
CSS (0.72%)
HTML (0.1%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
353 Stars
1,071 Commits
51 Forks
6 Watchers
12 Branches
34 Contributors
Updated on Jul 13, 2025
Sponsor this package
Maintainers
1
Package Meta Information
Latest Version
0.34.1
Package Id
@ota-meshi/eslint-plugin-svelte@0.34.1
Unpacked Size
375.14 kB
Size
62.37 kB
File Count
139
NPM Version
8.11.0
Node Version
16.15.1
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
8
Dev Dependencies
66
@babel/core@babel/eslint-parser@babel/plugin-proposal-function-bind@babel/types@fontsource/fira-mono@ota-meshi/eslint-plugin@ota-meshi/eslint-plugin-svelte@sindresorhus/slugify@sveltejs/adapter-static@sveltejs/kit@types/babel__core@types/eslint@types/eslint-scope@types/eslint-visitor-keys@types/estree@types/less@types/mocha@types/node@types/postcss-safe-parser@types/stylus@typescript-eslint/eslint-plugin@typescript-eslint/parser@typescript-eslint/parser-v4assertenv-cmdesbuildesbuild-registerescape-htmleslinteslint-config-prettiereslint-plugin-eslint-commentseslint-plugin-eslint-plugineslint-plugin-json-schema-validatoreslint-plugin-jsonceslint-plugin-markdowneslint-plugin-nodeeslint-plugin-node-dependencieseslint-plugin-prettiereslint-plugin-regexpeslint-plugin-ymlestree-walkerlesslocate-charactermagic-stringmarkdown-it-anchormarkdown-it-containermarkdown-it-emojimochanycpakopiratespostcss-nestedprettierprettier-plugin-svelteprism-svelteprismjssasssemverstylelintstylelint-config-standardstylussveltesvelte-adapter-ghpagests-nodetypescriptvite-plugin-svelte-md
Introduction
@ota-meshi/eslint-plugin-svelte is ESLint plugin for Svelte.
It provides many unique check rules by using the template AST.
You can check on the Online DEMO.
:name_badge: What is this plugin?
ESLint plugin for Svelte.
It provides many unique check rules using the AST generated by svelte-eslint-parser.
❓ Why?
Svelte has the official ESLint plugin the eslint-plugin-svelte3. The eslint-plugin-svelte3 works well enough to check scripts. However, it does not handle the AST of the template, which makes it very difficult for third parties to create their own the ESLint rules for the Svelte.
The svelte-eslint-parser aims to make it easy to create your own rules for the Svelte by allowing the template AST to be used in the rules.
❗ Attention
The svelte-eslint-parser and the @ota-meshi/eslint-plugin-svelte can not be used with the eslint-plugin-svelte3.
:book: Documentation
See documents.
:cd: Installation
1npm install --save-dev eslint @ota-meshi/eslint-plugin-svelte svelte
Requirements
- ESLint v7.0.0 and above
- Node.js v12.22.x, v14.17.x, v16.x and above
:book: Usage
Configuration
Use .eslintrc.* file to configure rules. See also: https://eslint.org/docs/user-guide/configuring.
Example .eslintrc.js:
1module.exports = { 2 extends: [ 3 // add more generic rule sets here, such as: 4 // 'eslint:recommended', 5 "plugin:@ota-meshi/svelte/recommended", 6 ], 7 rules: { 8 // override/add rules settings here, such as: 9 // '@ota-meshi/svelte/rule-name': 'error' 10 }, 11}
This plugin provides configs:
plugin:@ota-meshi/svelte/base... Configuration to enable correct Svelte parsing.plugin:@ota-meshi/svelte/recommended... Above, plus rules to prevent errors or unintended behavior.
See the rule list to get the rules that this plugin provides.
::: warning ❗ Attention
The @ota-meshi/eslint-plugin-svelte can not be used with the eslint-plugin-svelte3.
If you are using eslint-plugin-svelte3 you need to remove it.
1 "plugins": [ 2- "svelte3" 3 ]
:::
Parser Configuration
If you have specified a parser, you need to configure a parser for .svelte.
For example, if you are using the "@babel/eslint-parser", configure it as follows:
1module.exports = { 2 // ... 3 extends: ["plugin:@ota-meshi/svelte/recommended"], 4 // ... 5 parser: "@babel/eslint-parser", 6 // Add an `overrides` section to add a parser configuration for svelte. 7 overrides: [ 8 { 9 files: ["*.svelte"], 10 parser: "svelte-eslint-parser", 11 }, 12 // ... 13 ], 14 // ... 15}
For example, if you are using the "@typescript-eslint/parser", and if you want to use TypeScript in <script> of .svelte, you need to add more parserOptions configuration.
1module.exports = { 2 // ... 3 extends: ["plugin:@ota-meshi/svelte/recommended"], 4 // ... 5 parser: "@typescript-eslint/parser", 6 parserOptions: { 7 // ... 8 project: "path/to/your/tsconfig.json", 9 extraFileExtensions: [".svelte"], // This is a required setting in `@typescript-eslint/parser` v4.24.0. 10 }, 11 overrides: [ 12 { 13 files: ["*.svelte"], 14 parser: "svelte-eslint-parser", 15 // Parse the `<script>` in `.svelte` as TypeScript by adding the following configuration. 16 parserOptions: { 17 parser: "@typescript-eslint/parser", 18 }, 19 }, 20 // ... 21 ], 22 // ... 23}
If you have a mix of TypeScript and JavaScript in your project, use a multiple parser configuration.
1module.exports = { 2 // ... 3 overrides: [ 4 { 5 files: ["*.svelte"], 6 parser: "svelte-eslint-parser", 7 parserOptions: { 8 parser: { 9 // Specify a parser for each lang. 10 ts: "@typescript-eslint/parser", 11 js: "espree", 12 typescript: "@typescript-eslint/parser", 13 }, 14 }, 15 }, 16 // ... 17 ], 18 // ... 19}
See also https://github.com/ota-meshi/svelte-eslint-parser#readme.
settings["@ota-meshi/svelte"]
You can change the behavior of this plugin with some settings.
ignoreWarnings(optional) ... Specifies an array of rules that ignore reports in the template.
For example, set rules on the template that cannot avoid false positives.compileOptions(optional) ... Specifies options for Svelte compile. Effects rules that use Svelte compile. The target rules are @ota-meshi/svelte/valid-compile and @ota-meshi/svelte/no-unused-svelte-ignore. Note that it has no effect on ESLint's custom parser.postcss(optional) ... Specifies options related to PostCSS. You can disable the PostCSS process by specifyingfalse.configFilePath(optional) ... Specifies the path of the directory containing the PostCSS configuration.
e.g.
1module.exports = { 2 // ... 3 settings: { 4 "@ota-meshi/svelte": { 5 ignoreWarnings: [ 6 "@typescript-eslint/no-unsafe-assignment", 7 "@typescript-eslint/no-unsafe-member-access", 8 ], 9 compileOptions: { 10 postcss: { 11 configFilePath: "./path/to/my/postcss.config.js", 12 }, 13 }, 14 }, 15 }, 16 // ... 17}
Running ESLint from the command line
If you want to run eslint from the command line, make sure you include the .svelte extension using the --ext option or a glob pattern, because ESLint targets only .js files by default.
Examples:
1eslint --ext .js,.svelte src 2eslint "src/**/*.{js,svelte}"
:computer: Editor Integrations
Visual Studio Code
Use the dbaeumer.vscode-eslint extension that Microsoft provides officially.
You have to configure the eslint.validate option of the extension to check .svelte files, because the extension targets only *.js or *.jsx files by default.
Example .vscode/settings.json:
1{ 2 "eslint.validate": ["javascript", "javascriptreact", "svelte"] 3}
:white_check_mark: Rules
The --fix option on the command line automatically fixes problems reported by rules which have a wrench :wrench: below.
The rules with the following star :star: are included in the configs.
Possible Errors
These rules relate to possible syntax or logic errors in Svelte code:
| Rule ID | Description | |
|---|---|---|
| @ota-meshi/svelte/no-dupe-else-if-blocks | disallow duplicate conditions in {#if} / {:else if} chains | :star: |
| @ota-meshi/svelte/no-dupe-style-properties | disallow duplicate style properties | :star: |
| @ota-meshi/svelte/no-dynamic-slot-name | disallow dynamic slot name | :star::wrench: |
| @ota-meshi/svelte/no-not-function-handler | disallow use of not function in event handler | :star: |
| @ota-meshi/svelte/no-object-in-text-mustaches | disallow objects in text mustache interpolation | :star: |
| @ota-meshi/svelte/no-shorthand-style-property-overrides | disallow shorthand style properties that override related longhand properties | :star: |
| @ota-meshi/svelte/no-unknown-style-directive-property | disallow unknown style:property | :star: |
| @ota-meshi/svelte/valid-compile | disallow warnings when compiling. | :star: |
Security Vulnerability
These rules relate to security vulnerabilities in Svelte code:
| Rule ID | Description | |
|---|---|---|
| @ota-meshi/svelte/no-at-html-tags | disallow use of {@html} to prevent XSS attack | :star: |
| @ota-meshi/svelte/no-target-blank | disallow target="_blank" attribute without rel="noopener noreferrer" |
Best Practices
These rules relate to better ways of doing things to help you avoid problems:
| Rule ID | Description | |
|---|---|---|
| @ota-meshi/svelte/button-has-type | disallow usage of button without an explicit type attribute | |
| @ota-meshi/svelte/no-at-debug-tags | disallow the use of {@debug} | :star: |
| @ota-meshi/svelte/no-unused-svelte-ignore | disallow unused svelte-ignore comments | :star: |
| @ota-meshi/svelte/no-useless-mustaches | disallow unnecessary mustache interpolations | :wrench: |
| @ota-meshi/svelte/require-optimized-style-attribute | require style attributes that can be optimized |
Stylistic Issues
These rules relate to style guidelines, and are therefore quite subjective:
| Rule ID | Description | |
|---|---|---|
| @ota-meshi/svelte/first-attribute-linebreak | enforce the location of first attribute | :wrench: |
| @ota-meshi/svelte/html-quotes | enforce quotes style of HTML attributes | :wrench: |
| @ota-meshi/svelte/indent | enforce consistent indentation | :wrench: |
| @ota-meshi/svelte/max-attributes-per-line | enforce the maximum number of attributes per line | :wrench: |
| @ota-meshi/svelte/mustache-spacing | enforce unified spacing in mustache | :wrench: |
| @ota-meshi/svelte/prefer-class-directive | require class directives instead of ternary expressions | :wrench: |
| @ota-meshi/svelte/prefer-style-directive | require style directives instead of style attribute | :wrench: |
| @ota-meshi/svelte/shorthand-attribute | enforce use of shorthand syntax in attribute | :wrench: |
| @ota-meshi/svelte/shorthand-directive | enforce use of shorthand syntax in directives | :wrench: |
| @ota-meshi/svelte/spaced-html-comment | enforce consistent spacing after the <!-- and before the --> in a HTML comment | :wrench: |
Extension Rules
These rules extend the rules provided by ESLint itself to work well in Svelte:
| Rule ID | Description | |
|---|---|---|
| @ota-meshi/svelte/no-inner-declarations | disallow variable or function declarations in nested blocks | :star: |
System
These rules relate to this plugin works:
| Rule ID | Description | |
|---|---|---|
| @ota-meshi/svelte/comment-directive | support comment-directives in HTML template | :star: |
| @ota-meshi/svelte/system | system rule for working this plugin | :star: |
Deprecated
- :warning: We're going to remove deprecated rules in the next major release. Please migrate to successor/new rules.
- :innocent: We don't fix bugs which are in deprecated rules since we don't have enough resources.
| Rule ID | Replaced by |
|---|---|
| @ota-meshi/svelte/dollar-prefixed-store-uses-vars | (no replacement) |
| @ota-meshi/svelte/no-non-optimized-style-attributes | @ota-meshi/svelte/require-optimized-style-attribute |
:beers: Contributing
Welcome contributing!
Please use GitHub's Issues/PRs.
Development Tools
npm testruns tests and measures coverage.npm run updateruns in order to update readme and recommended configuration.
Working With Rules
This plugin uses svelte-eslint-parser for the parser. Check here to find out about AST.
:lock: License
See the LICENSE file for license rights and limitations (MIT).
No vulnerabilities found.
Reason
30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
0 existing vulnerabilities detected
Reason
no binaries found in the repo
Reason
Found 9/21 approved changesets -- score normalized to 4
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'main'
- Info: 'force pushes' disabled on branch 'main'
- Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'
- Warn: could not determine whether codeowners review is allowed
- Warn: no status checks found to merge onto branch 'main'
- Warn: PRs are not required to make changes on branch 'main'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/GHPages.yml:10
- Warn: no topLevel permission defined: .github/workflows/NodeCI.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/Release.yml:9
- Warn: no topLevel permission defined: .github/workflows/pkg.pr.new.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/GHPages.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/GHPages.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/GHPages.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/GHPages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/GHPages.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/GHPages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/GHPages.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/GHPages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/GHPages.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/GHPages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/GHPages.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/GHPages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/NodeCI.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/NodeCI.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/NodeCI.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/NodeCI.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/NodeCI.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/NodeCI.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Release.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/Release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/Release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/Release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Release.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/Release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/Release.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/Release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pkg.pr.new-comment.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/pkg.pr.new-comment.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pkg.pr.new-comment.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/pkg.pr.new-comment.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pkg.pr.new-comment.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/pkg.pr.new-comment.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pkg.pr.new.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/pkg.pr.new.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pkg.pr.new.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/pkg.pr.new.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pkg.pr.new.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/pkg.pr.new.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pkg.pr.new.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/pkg.pr.new.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pkg.pr.new.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/pkg.pr.new.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/eslint-plugin-svelte/stale.yml/main?enable=pin
- Info: 0 out of 27 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 10 third-party GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
5
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More