chore(lambda): bump the nx group in /lambdas with 3 updates

[dependabot]

Bumps the nx group in /lambdas with 3 updates: @nx/eslint, @nx/js and @nx/vite.

Updates @nx/eslint from 22.4.3 to 22.5.0

Release notes

Sourced from @​nx/eslint's releases.

22.5.0 (2026-02-09)

🚀 Features

• core: display batch tasks in the tui (#33695)
• core: add variant 2 to CNW cloud prompts with promo message (#34223)
• core: improve configure-ai-agents to copy nx skills/subagents/plugins (#34176)
• core: add Nx Cloud connect URL to template README (#34249)
• core: add decorative banners for Nx Cloud CNW completion message (#34270)
• core: add initial impl of task io service (#34205)
• core: improve AI agent rules for CLAUDE.md generation (#34304)
• core: add command to download cloud client (#34333)
• core: add AI agent detection and NDJSON output for CNW (#34320)
• core: update cnw messaging (#34364)
• core: eagerly shutdown plugins that don't provide later hooks (#34253)
• gradle: add debug env var to gradle batch executor (#34259)
• js: add NX_PREFER_NODE_STRIP_TYPES to use Node's strip types feature instead of transpilation for TypeScript files (#34202)
• js: bump swc to latest versions (#34215)
• js: update swc/cli to 0.8.0 (#34365)
• maven: load Maven classes at runtime for version-agnostic batch execution (#34180)
• maven: bump maven plugin version to 0.0.13 (#34318)
• nx-dev: add llms-full.txt and HTTP Link headers for LLM discovery (#34232)
• nx-dev: add server-side page view tracking for docs (#34283)
• nx-dev: reformat sidebar into topics (#34265)

🩹 Fixes

• core: clean up daemon workspace data directory on nx reset --onl… (#34174)
• core: move tui to parking lot rwlock to avoid hang (#34187)
• core: handle resizing a bit better for inline_tui (#34006)
• core: consolidate GitHub URL messaging when gh push fails (#34196)
• core: cloud commands are noop when not connected rather than errors (#34193)
• core: fall back to node_modules when tmp has noexec (#34207, #33991)
• core: hide already-installed nx packages from suggestion list during nx import (#34227)
• core: improve plugin worker error messages and lifecycle timeouts (#34251)
• core: do not throw error if worker.stdout is not instanceof socket (#34224)
• core: handle multibyte UTF-8 characters in socket message consumption (#34151)
• core: resolve daemon client reconnect queue deadlock (#34284)
• core: nx should show help for run-one when using project short names (#34303)
• core: prevent command injection in getNpmPackageVersion (#34309)
• core: fix CNW git amend and README marker handling (#34306)
• core: tweak configure-ai-agents messaging (#34307)
• core: handle EPIPE errors gracefully in daemon socket writes (#34311)
• core: allow overriding daemon logging settings (#34324)
• core: preserve task selection when unrelated tasks finish (#34328)
• core: disable ignore filters for outputs expansion (#34316, #32620)
• core: track all task outputs regardless of path depth (#34321)
• core: avoid crash when pane area is out of bounds during resize (#34343)
• core: use picocolors instead of chalk in the nx package (#34305)
• core: only detect flaky tasks for cacheable tasks (#33994)

... (truncated)

Commits

• e3eedf9 docs(misc): update the docs to use more direct language (#34264)
• See full diff in compare view

Updates @nx/js from 22.4.5 to 22.5.0

Release notes

Sourced from @​nx/js's releases.

22.5.0 (2026-02-09)

🚀 Features

• core: display batch tasks in the tui (#33695)
• core: add variant 2 to CNW cloud prompts with promo message (#34223)
• core: improve configure-ai-agents to copy nx skills/subagents/plugins (#34176)
• core: add Nx Cloud connect URL to template README (#34249)
• core: add decorative banners for Nx Cloud CNW completion message (#34270)
• core: add initial impl of task io service (#34205)
• core: improve AI agent rules for CLAUDE.md generation (#34304)
• core: add command to download cloud client (#34333)
• core: add AI agent detection and NDJSON output for CNW (#34320)
• core: update cnw messaging (#34364)
• core: eagerly shutdown plugins that don't provide later hooks (#34253)
• gradle: add debug env var to gradle batch executor (#34259)
• js: add NX_PREFER_NODE_STRIP_TYPES to use Node's strip types feature instead of transpilation for TypeScript files (#34202)
• js: bump swc to latest versions (#34215)
• js: update swc/cli to 0.8.0 (#34365)
• maven: load Maven classes at runtime for version-agnostic batch execution (#34180)
• maven: bump maven plugin version to 0.0.13 (#34318)
• nx-dev: add llms-full.txt and HTTP Link headers for LLM discovery (#34232)
• nx-dev: add server-side page view tracking for docs (#34283)
• nx-dev: reformat sidebar into topics (#34265)

🩹 Fixes

• core: clean up daemon workspace data directory on nx reset --onl… (#34174)
• core: move tui to parking lot rwlock to avoid hang (#34187)
• core: handle resizing a bit better for inline_tui (#34006)
• core: consolidate GitHub URL messaging when gh push fails (#34196)
• core: cloud commands are noop when not connected rather than errors (#34193)
• core: fall back to node_modules when tmp has noexec (#34207, #33991)
• core: hide already-installed nx packages from suggestion list during nx import (#34227)
• core: improve plugin worker error messages and lifecycle timeouts (#34251)
• core: do not throw error if worker.stdout is not instanceof socket (#34224)
• core: handle multibyte UTF-8 characters in socket message consumption (#34151)
• core: resolve daemon client reconnect queue deadlock (#34284)
• core: nx should show help for run-one when using project short names (#34303)
• core: prevent command injection in getNpmPackageVersion (#34309)
• core: fix CNW git amend and README marker handling (#34306)
• core: tweak configure-ai-agents messaging (#34307)
• core: handle EPIPE errors gracefully in daemon socket writes (#34311)
• core: allow overriding daemon logging settings (#34324)
• core: preserve task selection when unrelated tasks finish (#34328)
• core: disable ignore filters for outputs expansion (#34316, #32620)
• core: track all task outputs regardless of path depth (#34321)
• core: avoid crash when pane area is out of bounds during resize (#34343)
• core: use picocolors instead of chalk in the nx package (#34305)
• core: only detect flaky tasks for cacheable tasks (#33994)

... (truncated)

Commits

• b85ac15 feat(js): update swc/cli to 0.8.0 (#34365)
• e3eedf9 docs(misc): update the docs to use more direct language (#34264)
• 2bd8ef3 feat(js): bump swc to latest versions (#34215)
• See full diff in compare view

Updates @nx/vite from 22.4.5 to 22.5.0

Release notes

Sourced from @​nx/vite's releases.

22.5.0 (2026-02-09)

🚀 Features

• core: display batch tasks in the tui (#33695)
• core: add variant 2 to CNW cloud prompts with promo message (#34223)
• core: improve configure-ai-agents to copy nx skills/subagents/plugins (#34176)
• core: add Nx Cloud connect URL to template README (#34249)
• core: add decorative banners for Nx Cloud CNW completion message (#34270)
• core: add initial impl of task io service (#34205)
• core: improve AI agent rules for CLAUDE.md generation (#34304)
• core: add command to download cloud client (#34333)
• core: add AI agent detection and NDJSON output for CNW (#34320)
• core: update cnw messaging (#34364)
• core: eagerly shutdown plugins that don't provide later hooks (#34253)
• gradle: add debug env var to gradle batch executor (#34259)
• js: add NX_PREFER_NODE_STRIP_TYPES to use Node's strip types feature instead of transpilation for TypeScript files (#34202)
• js: bump swc to latest versions (#34215)
• js: update swc/cli to 0.8.0 (#34365)
• maven: load Maven classes at runtime for version-agnostic batch execution (#34180)
• maven: bump maven plugin version to 0.0.13 (#34318)
• nx-dev: add llms-full.txt and HTTP Link headers for LLM discovery (#34232)
• nx-dev: add server-side page view tracking for docs (#34283)
• nx-dev: reformat sidebar into topics (#34265)

🩹 Fixes

• core: clean up daemon workspace data directory on nx reset --onl… (#34174)
• core: move tui to parking lot rwlock to avoid hang (#34187)
• core: handle resizing a bit better for inline_tui (#34006)
• core: consolidate GitHub URL messaging when gh push fails (#34196)
• core: cloud commands are noop when not connected rather than errors (#34193)
• core: fall back to node_modules when tmp has noexec (#34207, #33991)
• core: hide already-installed nx packages from suggestion list during nx import (#34227)
• core: improve plugin worker error messages and lifecycle timeouts (#34251)
• core: do not throw error if worker.stdout is not instanceof socket (#34224)
• core: handle multibyte UTF-8 characters in socket message consumption (#34151)
• core: resolve daemon client reconnect queue deadlock (#34284)
• core: nx should show help for run-one when using project short names (#34303)
• core: prevent command injection in getNpmPackageVersion (#34309)
• core: fix CNW git amend and README marker handling (#34306)
• core: tweak configure-ai-agents messaging (#34307)
• core: handle EPIPE errors gracefully in daemon socket writes (#34311)
• core: allow overriding daemon logging settings (#34324)
• core: preserve task selection when unrelated tasks finish (#34328)
• core: disable ignore filters for outputs expansion (#34316, #32620)
• core: track all task outputs regardless of path depth (#34321)
• core: avoid crash when pane area is out of bounds during resize (#34343)
• core: use picocolors instead of chalk in the nx package (#34305)
• core: only detect flaky tasks for cacheable tasks (#33994)

... (truncated)

Commits

• e3eedf9 docs(misc): update the docs to use more direct language (#34264)
• 86de174 fix(testing): preload vitest/node to prevent race condition on Node 24 (#34261)
• 3d62c8b fix(vite): handle sophisticated vite plugins (#34242)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@nx/devkit	22.5.0	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/devkit	22.5.1	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/eslint	22.5.0	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/js	22.5.0	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/js	22.5.1	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/nx-darwin-arm64	22.5.0	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/nx-darwin-arm64	22.5.1	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/nx-darwin-x64	22.5.0	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/nx-darwin-x64	22.5.1	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/nx-freebsd-x64	22.5.0	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/nx-freebsd-x64	22.5.1	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/nx-linux-arm-gnueabihf	22.5.0	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/nx-linux-arm-gnueabihf	22.5.1	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/nx-linux-arm64-gnu	22.5.0	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/nx-linux-arm64-gnu	22.5.1	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/nx-linux-arm64-musl	22.5.0	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/nx-linux-arm64-musl	22.5.1	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/nx-linux-x64-gnu	22.5.0	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/nx-linux-x64-gnu	22.5.1	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/nx-linux-x64-musl	22.5.0	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/nx-linux-x64-musl	22.5.1	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/nx-win32-arm64-msvc	22.5.0	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/nx-win32-arm64-msvc	22.5.1	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/nx-win32-x64-msvc	22.5.0	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/nx-win32-x64-msvc	22.5.1	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/vite	22.5.1	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/vitest	22.5.1	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/workspace	22.5.0	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/@nx/workspace	22.5.1	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/nx	22.5.0	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8
npm/nx	22.5.1	🟢 7.1	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches SAST 🟢 7 SAST tool detected but not run on all commits Fuzzing ⚠️ 0 project is not fuzzed Binary-Artifacts 🟢 7 binaries present in source code Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8

Scanned Files

• lambdas/yarn.lock