chore(deps): update dependency jest to v30

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
jest (source)	^29.0.0 -> ^30.0.0
@types/jest (source)	^29.0.0 -> ^30.0.0

---

Release Notes

jestjs/jest (jest)

v30.2.0

Compare Source

Chore & Maintenance

• [*] Update example repo for testing React Native projects (#​15832)
• [*] Update jest-watch-typeahead to v3 (#​15830)

v30.1.3

Compare Source

Fixes

• Fix unstable_mockModule with node: prefixed core modules.

v30.1.2

Compare Source

Fixes

• [jest-snapshot-utils] Correct snapshot header regexp to work with newline across OSes (#​15803)

v30.1.1

Compare Source

Fixes

• [jest-snapshot-utils] Fix deprecated goo.gl snapshot warning not handling Windows end-of-line sequences (#​15800)
• [jest-snapshot-utils] Improve messaging about goo.gl snapshot link change (#​15821)

v30.1.0

Compare Source

v30.0.5

Compare Source

Features

• [jest-config] Allow testMatch to take a string value
• [jest-worker] Let workerIdleMemoryLimit accept 0 to always restart worker child processes

Fixes

• [expect] Fix bigint error (#​15702)

v30.0.4

Compare Source

Features

• [expect] The Inverse type is now exported (#​15714)
• [expect] feat: support async functions in toBe (#​15704)

Fixes

• [jest] jest --onlyFailures --listTests now correctly lists only failed tests (#​15700)
• [jest-snapshot] Handle line endings in snapshots (#​15708)

v30.0.3

Compare Source

Fixes

• [jest-config] Fix ESM TS config loading in a CJS project (#​15694)
• [jest-core] jest --onlyFailures --listTests now correctly lists only failed tests(#​15700)

Features

• [jest-diff] Show non-printable control characters to diffs (#​15696)

v30.0.2

Compare Source

Fixes

• [jest-matcher-utils] Make 'deepCyclicCopyObject' safer by setting descriptors to a null-prototype object (#​15689)
• [jest-util] Make garbage collection protection property writable (#​15689)

v30.0.1

Compare Source

Features

• [jest-resolver] Implement the defaultAsyncResolver (#​15679)

Fixes

• [jest-resolver] Resolve builtin modules correctly (#​15683)
• [jest-environment-node, jest-util] Avoid setting globals cleanup protection symbol when feature is off (#​15684)

Chore & Maintenance

• [*] Remove and deprecate jest-repl package (#​15673)
• [jest-resolver] Replace custom isBuiltinModule with node's isBuiltin (#​15685)

v30.0.0

Compare Source

Features

• [*] Renamed globalsCleanupMode to globalsCleanup and --waitNextEventLoopTurnForUnhandledRejectionEvents to --waitForUnhandledRejections
• [expect] Add ArrayOf asymmetric matcher for validating array elements. (#​15567)
• [babel-jest] Add option excludeJestPreset to allow opting out of babel-preset-jest (#​15164)
• [expect] Revert #​15038 to fix expect(fn).toHaveBeenCalledWith(expect.objectContaining(...)) when there are multiple calls (#​15508)
• [jest-circus, jest-cli, jest-config] Add waitNextEventLoopTurnForUnhandledRejectionEvents flag to minimise performance impact of correct detection of unhandled promise rejections introduced in #​14315 (#​14681)
• [jest-circus] Add a waitBeforeRetry option to jest.retryTimes (#​14738)
• [jest-circus] Add a retryImmediately option to jest.retryTimes (#​14696)
• [jest-circus, jest-jasmine2] Allow setupFilesAfterEnv to export an async function (#​10962)
• [jest-circus, jest-test-result] Add startedAt timestamp in TestCaseResultObject within onTestCaseResult (#​15145)
• [jest-cli] Export buildArgv (#​15310)
• [jest-config] [BREAKING] Add mts and cts to default moduleFileExtensions config (#​14369)
• [jest-config] [BREAKING] Update testMatch and testRegex default option for supporting mjs, cjs, mts, and cts (#​14584)
• [jest-config] Loads config file from provided path in package.json (#​14044)
• [jest-config] Allow loading jest.config.cts files (#​14070)
• [jest-config] Show rootDir in error message when a preset fails to load (#​15194)
• [jest-config] Support loading TS config files using esbuild-register via docblock loader (#​15190)
• [jest-config] Allow passing TS config loader options via docblock comment (#​15234)
• [jest-config] If Node is running with type stripping enabled, do not require a TS loader (#​15480)
• [@jest/core] Group together open handles with the same stack trace (#​13417, & #​14789)
• [@jest/core] Add perfStats to surface test setup overhead (#​14622)
• [@jest/core] [BREAKING] Changed --filter to accept an object with shape { filtered: Array<string> } to match documentation (#​13319)
• [@jest/core] Support --outputFile option for --listTests (#​14980)
• [@jest/core] Stringify Errors properly with --json flag (#​15329)
• [@jest/core, @​jest/test-sequencer] [BREAKING] Exposes globalConfig & contexts to TestSequencer (#​14535, & #​14543)
• [jest-each] Introduce %$ option to add number of the test to its title (#​14710)
• [@jest/environment] [BREAKING] Remove deprecated jest.genMockFromModule() (#​15042)
• [@jest/environment] [BREAKING] Remove unnecessary defensive code (#​15045)
• [jest-environment-jsdom] [BREAKING] Upgrade JSDOM to v22 (#​13825)
• [@jest/environment-jsdom-abstract] Introduce new package which abstracts over the jsdom environment, allowing usage of custom versions of JSDOM (#​14717)
• [jest-environment-node] Update jest environment with dispose symbols Symbol (#​14888 & #​14909)
• [expect, @​jest/expect] [BREAKING] Add type inference for function parameters in CalledWith assertions (#​15129)
• [@jest/expect-utils] Properly compare all types of TypedArrays (#​15178)
• [@jest/fake-timers] [BREAKING] Upgrade @sinonjs/fake-timers to v13 (#​14544 & #​15470)
• [@jest/fake-timers] Exposing new modern timers function advanceTimersToFrame() which advances all timers by the needed milliseconds to execute callbacks currently scheduled with requestAnimationFrame (#​14598)
• [jest-matcher-utils] Add SERIALIZABLE_PROPERTIES to allow custom serialization of objects (#​14893)
• [jest-mock] Add support for the Explicit Resource Management proposal to use the using keyword with jest.spyOn(object, methodName) (#​14895)
• [jest-reporters] Add support for DEC mode 2026 (#​15008)
• [jest-resolver] Support file:// URLs as paths (#​15154)
• [jest-resolve,jest-runtime,jest-resolve-dependencies] Pass the conditions when resolving stub modules (#​15489)
• [jest-runtime] Exposing new modern timers function jest.advanceTimersToFrame() from @jest/fake-timers (#​14598)
• [jest-runtime] Support import.meta.filename and import.meta.dirname (available from Node 20.11) (#​14854)
• [jest-runtime] Support import.meta.resolve (#​14930)
• [jest-runtime] [BREAKING] Make it mandatory to pass globalConfig to the Runtime constructor (#​15044)
• [jest-runtime] Add unstable_unmockModule (#​15080)
• [jest-runtime] Add onGenerateMock transformer callback for auto generated callbacks (#​15433 & #​15482)
• [jest-runtime] [BREAKING] Use vm.compileFunction over vm.Script (#​15461)
• [@jest/schemas] Upgrade @sinclair/typebox to v0.34 (#​15450)
• [@jest/types] test.each(): Accept a readonly (as const) table properly (#​14565)
• [@jest/types] Improve argument type inference passed to test and describe callback functions from each tables (#​14920)
• [jest-snapshot] [BREAKING] Add support for Error causes in snapshots (#​13965)
• [jest-snapshot] Support Prettier 3 (#​14566)
• [@jest/util-snapshot] Extract utils used by tooling from jest-snapshot into its own package (#​15095)
• [pretty-format] [BREAKING] Do not render empty string children ('') in React plugin (#​14470)

Fixes

• [expect] Show AggregateError to display (#​15346)
• [*] Replace exit with exit-x (#​15399)
• [babel-plugin-jest-hoist] Use denylist instead of the deprecated blacklist for Babel 8 support (#​14109)
• [babel-plugin-jest-hoist] Do not rely on buggy Babel behaviour (#​15415)
• [expect] Check error instance type for toThrow/toThrowError (#​14576)
• [expect] Improve diff for failing expect.objectContaining (#​15038)
• [expect] Use Array.isArray to check if an array is an Array (#​15101)
• [expect] Fix Error cause assertion errors (#​15339)
• [jest-changed-files] Print underlying errors when VCS commands fail (#​15052)
• [jest-changed-files] Abort sl root call if output resembles a steam locomotive (#​15053)
• [jest-circus] [BREAKING] Prevent false test failures caused by promise rejections handled asynchronously (#​14315)
• [jest-circus] Replace recursive makeTestResults implementation with iterative one (#​14760)
• [jest-circus] Omit expect.hasAssertions() errors if a test already has errors (#​14866)
• [jest-circus, jest-expect, jest-snapshot] Pass test.failing tests when containing failing snapshot matchers (#​14313)
• [jest-circus] Concurrent tests now emit jest circus events at the correct point and in the expected order. (#​15381)
• [jest-cli] [BREAKING] Validate CLI flags that require arguments receives them (#​14783)
• [jest-config] Make sure to respect runInBand option (#​14578)
• [jest-config] Support testTimeout in project config (#​14697)
• [jest-config] Support coverageReporters in project config (#​14697)
• [jest-config] Allow reporters in project config (#​14768)
• [jest-config] Allow Node16/NodeNext/Bundler moduleResolution in project's tsconfig (#​14739)
• [@jest/create-cache-key-function] Correct the return type of createCacheKey (#​15159)
• [jest-each] Allow $keypath templates with null or undefined values (#​14831)
• [@jest/expect-utils] Fix comparison of DataView (#​14408)
• [@jest/expect-utils] [BREAKING] exclude non-enumerable in object matching (#​14670)
• [@jest/expect-utils] Fix comparison of URL (#​14672)
• [@jest/expect-utils] Check Symbol properties in equality (#​14688)
• [@jest/expect-utils] Catch circular references within arrays when matching objects (#​14894)
• [@jest/expect-utils] Fix not addressing to Sets and Maps as objects without keys (#​14873)
• [jest-haste-map] Fix errors or clobbering with multiple hasteImplModulePaths (#​15522)
• [jest-leak-detector] Make leak-detector more aggressive when running GC (#​14526)
• [jest-runtime] Properly handle re-exported native modules in ESM via CJS (#​14589)
• [jest-runtime] Refactor _importCoreModel so required core module is consistent if modified while loading (#​15077)
• [jest-schemas, jest-types] [BREAKING] Fix type of testFailureExitCode config option(#​15232)
• [jest-util] Make sure isInteractive works in a browser (#​14552)
• [pretty-format] [BREAKING] Print ArrayBuffer and DataView correctly (#​14290)
• [pretty-format] Fixed a bug where "anonymous custom elements" were not being printed as expected. (#​15138)
• [jest-cli] When specifying paths on the command line, only match against the relative paths of the test files (#​12519)
  • [BREAKING] Changes testPathPattern configuration option to testPathPatterns, which now takes a list of patterns instead of the regex.
  • [BREAKING] --testPathPattern is now --testPathPatterns
  • [BREAKING] Specifying testPathPatterns when programmatically calling watch must be specified as new TestPathPatterns(patterns), where TestPathPatterns can be imported from @jest/pattern
• [jest-reporters, jest-runner] Unhandled errors without stack get correctly logged to console (#​14619)
• [jest-util] Always load mjs files with import (#​15447)
• [jest-worker] Properly handle a circular reference error when worker tries to send an assertion fails where either the expected or actual value is circular (#​15191)
• [jest-worker] Properly handle a BigInt when worker tries to send an assertion fails where either the expected or actual value is BigInt (#​15191)
• [expect] Resolve issue where ObjectContaining matched non-object values. #​15463.
  • Adds a conditional/check to ensure the argument passed to expect is an object.
  • Add unit tests for new ObjectContaining behavior.
  • Remove invalid/wrong test case assertions for ObjectContaining.
• [jest-worker] Addresses incorrect state on exit (#​15610)

Performance

• [*] [BREAKING] Bundle all of Jest's modules into index.js (#​12348, #​14550 & #​14661)
• [jest-haste-map] Only spawn one process to check for watchman installation (#​14826)
• [jest-runner] Better cleanup source-map-support after test to resolve (minor) memory leak (#​15233)
• [jest-resolver] Migrate resolve and resolve.exports to unrs-resolver (#​15619)
• [jest-circus, jest-environment-node, jest-repl, jest-runner, jest-util] Cleanup global variables on environment teardown to reduce memory leaks (#​15215 & #​15636 & #​15643)

Chore & Maintenance

• [jest-environment-jsdom, jest-environment-jsdom-abstract] Increased version of jsdom to ^26.0.0 (#​15325CVE-2024-37890)
• [*] Increase version of micromatch to ^4.0.7 (#​15082)
• [*] [BREAKING] Drop support for Node.js versions 14, 16, 19, 21 and 23 (#​14460, #​15118, #​15623, #​15640)
• [*] [BREAKING] Drop support for typescript@4.3, minimum version is now 5.4 (#​14542, #​15621)
• [*] Depend on exact versions of monorepo dependencies instead of ^ range (#​14553)
• [*] [BREAKING] Add ESM wrapper for all of Jest's modules (#​14661)
• [*] [BREAKING] Upgrade to glob@10 (#​14509)
• [*] Use TypeError over Error where appropriate (#​14799)
• [docs] Fix typos in CHANGELOG.md and packages/jest-validate/README.md (#​14640)
• [docs] Don't use alias matchers in docs (#​14631)
• [babel-jest, babel-preset-jest] [BREAKING] Increase peer dependency of @babel/core to ^7.11 (#​14109)
• [babel-jest, @​jest/transform] Update babel-plugin-istanbul to v6 (#​15156)
• [babel-plugin-jest-hoist] Move unnecessary dependencies to devDependencies (#​15010)
• [expect] [BREAKING] Remove .toBeCalled(), .toBeCalledTimes(), .toBeCalledWith(), .lastCalledWith(), .nthCalledWith(), .toReturn(), .toReturnTimes(), .toReturnWith(), .lastReturnedWith(), .nthReturnedWith() and .toThrowError() matcher aliases (#​14632)
• [jest-cli, jest-config, @​jest/types] [BREAKING] Remove deprecated --init argument (#​14490)
• [jest-config, @​jest/core, jest-util] Upgrade ci-info (#​14655)
• [jest-mock] [BREAKING] Remove MockFunctionMetadataType, MockFunctionMetadata and SpyInstance types (#​14621)
• [@jest/reporters] Upgrade istanbul-lib-source-maps (#​14924)
• [jest-schemas] Upgrade @sinclair/typebox (#​14775)
• [jest-transform] Upgrade write-file-atomic (#​14274)
• [jest-util] Upgrade picomatch to v4 (#​14653 & #​14885)
• [docs] Append to NODE_OPTIONS, not overwrite ([#​14730](https://redirect.github.com/jestjs/jest/pull/14730))
• [docs] Updated .toHaveBeenCalled() documentation to correctly reflect its functionality (#​14842)
• [docs] Link NestJS documentation on testing with Jest (#​14940)
• [docs] Revised documentation for .toHaveBeenCalled() to accurately depict its functionality. (#​14853)
• [docs] Removed ExpressJS reference link from documentation due to dead link (#​15270)
• [docs] Correct broken links in docs (#​15359)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@babel/helper-validator-identifier	7.28.5	🟢 6.3	Details Check Score Reason Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: InProgress License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 33 existing vulnerabilities detected
npm/@babel/types	7.28.5	🟢 6.3	Details Check Score Reason Code-Review 🟢 8 Found 26/30 approved changesets -- score normalized to 8 Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: InProgress License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 33 existing vulnerabilities detected
npm/@emnapi/core	1.7.1	🟢 4.3	Details Check Score Reason Maintained 🟢 10 15 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@emnapi/runtime	1.7.1	🟢 4.3	Details Check Score Reason Maintained 🟢 10 15 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@emnapi/wasi-threads	1.1.0	🟢 4.3	Details Check Score Reason Maintained 🟢 10 15 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@jest/console	30.2.0	Unknown	Unknown
npm/@jest/core	30.2.0	Unknown	Unknown
npm/@jest/reporters	30.2.0	Unknown	Unknown
npm/@jest/source-map	30.0.1	Unknown	Unknown
npm/@jest/test-result	30.2.0	Unknown	Unknown
npm/@jest/test-sequencer	30.2.0	Unknown	Unknown
npm/@napi-rs/wasm-runtime	0.2.12	🟢 5	Details Check Score Reason Code-Review ⚠️ 1 Found 4/21 approved changesets -- score normalized to 1 Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected License 🟢 9 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 8 2 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@tybys/wasm-util	0.10.1	Unknown	Unknown
npm/@types/babel__core	7.20.5	🟢 6.8	Details Check Score Reason Code-Review 🟢 7 Found 23/29 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/@types/babel__generator	7.27.0	🟢 6.8	Details Check Score Reason Code-Review 🟢 7 Found 23/29 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/@types/babel__template	7.4.4	🟢 6.8	Details Check Score Reason Code-Review 🟢 7 Found 23/29 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/@types/babel__traverse	7.28.0	🟢 6.8	Details Check Score Reason Code-Review 🟢 7 Found 23/29 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/@types/jest	30.0.0	🟢 6.8	Details Check Score Reason Code-Review 🟢 7 Found 23/29 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Fuzzing ⚠️ 0 project is not fuzzed
npm/@unrs/resolver-binding-android-arm-eabi	1.11.1	Unknown	Unknown
npm/@unrs/resolver-binding-android-arm64	1.11.1	Unknown	Unknown
npm/@unrs/resolver-binding-darwin-arm64	1.11.1	Unknown	Unknown
npm/@unrs/resolver-binding-darwin-x64	1.11.1	Unknown	Unknown
npm/@unrs/resolver-binding-freebsd-x64	1.11.1	Unknown	Unknown
npm/@unrs/resolver-binding-linux-arm-gnueabihf	1.11.1	Unknown	Unknown
npm/@unrs/resolver-binding-linux-arm-musleabihf	1.11.1	Unknown	Unknown
npm/@unrs/resolver-binding-linux-arm64-gnu	1.11.1	Unknown	Unknown
npm/@unrs/resolver-binding-linux-arm64-musl	1.11.1	Unknown	Unknown
npm/@unrs/resolver-binding-linux-ppc64-gnu	1.11.1	Unknown	Unknown
npm/@unrs/resolver-binding-linux-riscv64-gnu	1.11.1	Unknown	Unknown
npm/@unrs/resolver-binding-linux-riscv64-musl	1.11.1	Unknown	Unknown
npm/@unrs/resolver-binding-linux-s390x-gnu	1.11.1	Unknown	Unknown
npm/@unrs/resolver-binding-linux-x64-gnu	1.11.1	Unknown	Unknown
npm/@unrs/resolver-binding-linux-x64-musl	1.11.1	Unknown	Unknown
npm/@unrs/resolver-binding-wasm32-wasi	1.11.1	Unknown	Unknown
npm/@unrs/resolver-binding-win32-arm64-msvc	1.11.1	Unknown	Unknown
npm/@unrs/resolver-binding-win32-ia32-msvc	1.11.1	Unknown	Unknown
npm/@unrs/resolver-binding-win32-x64-msvc	1.11.1	Unknown	Unknown
npm/babel-jest	30.2.0	Unknown	Unknown
npm/babel-plugin-jest-hoist	30.2.0	Unknown	Unknown
npm/babel-preset-jest	30.2.0	Unknown	Unknown
npm/ci-info	4.3.1	🟢 4.3	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 1 Found 4/30 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 8 8 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 8 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/cjs-module-lexer	2.1.1	Unknown	Unknown
npm/collect-v8-coverage	1.0.3	🟢 4.4	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 0 Found 1/25 approved changesets -- score normalized to 0 Maintained 🟢 10 19 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/dedent	1.7.0	🟢 3.8	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Code-Review 🟢 3 Found 10/29 approved changesets -- score normalized to 3 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 15 existing vulnerabilities detected
npm/exit-x	0.2.2	Unknown	Unknown
npm/glob	10.5.0	🟢 4.3	Details Check Score Reason Maintained 🟢 10 23 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Code-Review ⚠️ 0 Found 2/29 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 9 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/import-local	3.2.0	🟢 4.2	Details Check Score Reason Code-Review ⚠️ 2 Found 8/30 approved changesets -- score normalized to 2 Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/istanbul-lib-source-maps	5.0.6	🟢 4.7	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 5 Found 11/20 approved changesets -- score normalized to 5 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected License ⚠️ 0 license file not detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/istanbul-reports	3.2.0	🟢 4.7	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 5 Found 11/20 approved changesets -- score normalized to 5 Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected License ⚠️ 0 license file not detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/jest	30.2.0	Unknown	Unknown
npm/jest-changed-files	30.2.0	Unknown	Unknown
npm/jest-circus	30.2.0	Unknown	Unknown
npm/jest-cli	30.2.0	Unknown	Unknown
npm/jest-config	30.2.0	Unknown	Unknown
npm/jest-docblock	30.2.0	Unknown	Unknown
npm/jest-each	30.2.0	Unknown	Unknown
npm/jest-environment-node	30.2.0	Unknown	Unknown
npm/jest-leak-detector	30.2.0	Unknown	Unknown
npm/jest-resolve	30.2.0	Unknown	Unknown
npm/jest-resolve-dependencies	30.2.0	Unknown	Unknown
npm/jest-runner	30.2.0	Unknown	Unknown
npm/jest-runtime	30.2.0	Unknown	Unknown
npm/jest-validate	30.2.0	Unknown	Unknown
npm/jest-watcher	30.2.0	Unknown	Unknown
npm/js-yaml	3.14.2	🟢 5.2	Details Check Score Reason Maintained 🟢 5 5 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5 Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 1 Found 4/30 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/napi-postinstall	0.3.4	Unknown	Unknown
npm/pure-rand	7.0.1	🟢 5	Details Check Score Reason Maintained 🟢 9 11 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 9 Code-Review ⚠️ -1 Found no human activity in the last 30 changesets Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 3 7 existing vulnerabilities detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/tslib	2.8.1	🟢 5.5	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) out of 30 and 1 issue activity out of 30 found in the last 90 days -- score normalized to 0 Code-Review 🟢 7 GitHub code reviews found for 23 commits out of the last 30 -- score normalized to 7 CII-Best-Practices ⚠️ 0 no badge detected Vulnerabilities 🟢 10 no vulnerabilities detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 no published package detected Token-Permissions ⚠️ 0 non read-only tokens detected in GitHub workflows License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Dependency-Update-Tool ⚠️ 0 no update tool detected Fuzzing ⚠️ -1 internal error: internal error: Client.Search.Code: Search.Code: GET https://api.github.com/search/code?q=github.com+microsoft+tslib+repo%3Agoogle%2Foss-fuzz+in%3Afile+filename%3Aproject.yaml: 400 []
npm/unrs-resolver	1.11.1	Unknown	Unknown
npm/v8-to-istanbul	9.3.0	🟢 4.5	Details Check Score Reason Code-Review 🟢 6 Found 8/12 approved changesets -- score normalized to 6 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Vulnerabilities 🟢 3 7 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• package-lock.json

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	jest@​29.7.0 ⏵ 30.2.0	+1		+1
	@​types/​jest@​29.5.14 ⏵ 30.0.0

View full report