← Home

@cloudflare/vite-plugin

npm Repository Homepage
19
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

dcruz_cfjculveysejokercf-radarcf-ci-writesegments-writethibmeuxortivecf-ci2lvalentaworengathird774jasnellterinjokescelsogregbrimbleg4brymwrangler-publishercf-media-managerdash_service_accountcf-npm-publishsergeychernyshevsimonabadoiucms1919mgirouard-cfmusa-cfvaishakpdineshichernetsky-cfgabivlj-cfganders-cloudflarensharma-cfmikenomitchtlefebvre_cfnafeezcfeduardo-vargasthreepointonextuc

Keywords

cloudflarecloudflare-workersvitevite-pluginworkers

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff net-exec-file:dist/dist-Cr__Sz5N.mjs AI (source-diff): Bundled dist with undici WASM + node:module hooks; expected for a Vite plugin. ai
phantom-deps phantom-dep:ws AI (phantom-deps): Runtime dep used by miniflare proxy, loaded indirectly. ai
source-diff net-exec-file:dist/dist-MawCthRW.mjs AI (source-diff): Bundled dist with undici WASM + Zod; standard for a Vite/miniflare plugin. ai
phantom-deps phantom-dep:unenv AI (phantom-deps): Known implicit runtime dependency for Cloudflare worker env. ai
phantom-deps phantom-dep:@cloudflare/unenv-preset AI (phantom-deps): Framework-scoped package loaded by convention. ai
publish-pattern new-deps-added AI (publish-pattern): defu is a well-known unjs utility; addition is benign for this established Cloudflare package. ai
source-diff net-exec-file:dist/workers/runner-worker/index.js AI (source-diff): Bundled Cloudflare worker using Vite ModuleRunner; expected network+eval pattern for this plugin. ai
source-diff encoded-string-file:dist/index.mjs AI (source-diff): Base64 WASM blob from bundled undici/llhttp; stable pattern for this package. ai

Versions (showing 19 of 122)

Version Deps Published
1.11.0 10 / 13
1.10.2 10 / 13
1.10.1 10 / 13
1.10.0 10 / 13
1.9.6 10 / 12
1.9.5 10 / 12
1.9.4 10 / 12
1.9.3 10 / 12
1.9.2 10 / 12
1.9.1 10 / 12
1.9.0 10 / 12
1.8.0 10 / 12
1.7.5 10 / 12
1.7.4 10 / 12
1.7.3 10 / 12
1.7.2 10 / 12
1.7.1 10 / 12
1.7.0 10 / 12
1.6.0 10 / 12

v1.11.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.10.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.10.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.10.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.9.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.9.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.9.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.9.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.9.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.9.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.9.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.8.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.7.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.7.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.7.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.7.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.7.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.7.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.6.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.