@dword-design/base-config-nuxt
<!-- TITLE/ --> # @dword-design/base-config-nuxt <!-- /TITLE -->
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Transition to GitHub Actions CI publishing with SLSA provenance attestation; legitimate automation change for this package. | ai | |
| dependencies | unvetted-dep:vite-plugin-eslint2 | AI (dependencies): Legitimate Vite ESLint plugin; expected for a Nuxt base config tool. | ai | |
| dependencies | unvetted-dep:@dword-design/nuxt-page-title | AI (dependencies): Publisher's own scoped package; same org as this package, expected dependency. | ai | |
| dependencies | unvetted-dep:@dword-design/stylelint-config | AI (dependencies): Publisher's own scoped stylelint config; same org as this package, expected dependency. | ai | |
| dependencies | unvetted-dep:nuxt-basic-authentication-module | AI (dependencies): Legitimate Nuxt module for basic auth; expected optional feature in a Nuxt base config. | ai | |
| phantom-deps | phantom-dep:nuxt | AI (phantom-deps): Nuxt is referenced in config files but not directly imported; normal for a Nuxt configuration package. | ai | |
| phantom-deps | phantom-dep:@dword-design/nuxt-i18n | AI (phantom-deps): Same org scoped package used as a Nuxt module; phantom dep pattern is expected for config packages. | ai | |
| phantom-deps | phantom-dep:babel-plugin-module-resolver | AI (phantom-deps): Referenced in config files; expected pattern for a base config package providing Babel config. | ai | |
| phantom-deps | phantom-dep:nuxt-basic-authentication-module | AI (phantom-deps): Referenced in config files as a Nuxt module; phantom dep pattern expected for config packages. | ai | |
| phantom-deps | phantom-dep:babel-plugin-add-import-extension | AI (phantom-deps): Referenced in config files; expected for a base config package providing Babel configuration. | ai | |
| dependencies | unvetted-dep:@nuxt/eslint | AI (dependencies): Official Nuxt ESLint integration package; expected dependency for a Nuxt base config tool. | ai | |
| dependencies | unvetted-dep:vite-svg-loader | AI (dependencies): Well-known Vite plugin for SVG loading; legitimate dependency for a Nuxt config package. | ai | |
| dependencies | unvetted-dep:depcheck-bin-name | AI (dependencies): Utility package for depcheck tooling; expected in a base config/tooling package. | ai | |
| dependencies | unvetted-dep:@dword-design/nuxt-i18n | AI (dependencies): Publisher's own scoped package; same org as this package, expected dependency. | ai | |
| dependencies | unvetted-dep:@nuxtjs/stylelint-module | AI (dependencies): Official NuxtJS stylelint module; expected for a Nuxt base config tool. | ai | |
| phantom-deps | phantom-dep:@dword-design/nuxt-page-title | AI (phantom-deps): Same-org Nuxt module loaded by convention. Expected pattern for this base config package. | ai | |
| phantom-deps | phantom-dep:@dword-design/stylelint-config | AI (phantom-deps): Same-org stylelint config referenced in config files by convention, not direct import. | ai | |
| phantom-deps | phantom-dep:sass | AI (phantom-deps): sass is a build-time dependency referenced in config files; phantom detection is a false positive for this config package. | ai | |
| phantom-deps | phantom-dep:stylelint | AI (phantom-deps): stylelint referenced in config files by convention; expected for a base config package that configures stylelint. | ai | |
| phantom-deps | phantom-dep:vite-plugin-eslint2 | AI (phantom-deps): Vite plugin referenced in config files by convention, not direct import. Expected for a Nuxt/Vite base config package. | ai | |
| phantom-deps | phantom-dep:@nuxt/eslint | AI (phantom-deps): Framework-scoped Nuxt module loaded by convention, not direct import. Expected pattern for a Nuxt base config package. | ai | |
| phantom-deps | phantom-dep:@nuxtjs/stylelint-module | AI (phantom-deps): Nuxt module loaded by convention in config files, not direct import. Expected for a Nuxt base config package. | ai |
Versions (showing 9 of 9)
| Version | Deps | Published |
|---|---|---|
| 9.0.22 | 20 / 11 | |
| 9.0.16 | 20 / 11 | |
| 9.0.15 | 20 / 11 | |
| 9.0.11 | 20 / 11 | |
| 9.0.10 | 20 / 11 | |
| 9.0.0 | 26 / 13 | |
| 8.1.7 | 29 / 15 | |
| 8.1.6 | 29 / 15 | |
| 8.1.5 | 29 / 15 |
v9.0.22
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v9.0.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v9.0.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v9.0.10
2 findingsThis version was published by a different npm account than previous versions on 2026-01-03. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v9.0.0
2 findingsThis version was published by a different npm account than previous versions on 2025-12-05. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.1.7
2 findingsThis version was published by a different npm account than previous versions on 2025-11-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.1.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.