@formkit/vue — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

justin-schroederboydlnguyen-braiddevoidofgenius

Keywords

vueformsinputsvalidation

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
typosquat	typosquat.levenshtein:vite	AI (typosquat): Scoped @formkit/vue package; edit-distance match to 'vite' is a false positive for this well-known form library.	ai	2026/05/13
typosquat	typosquat.levenshtein:yup	AI (typosquat): Scoped @formkit/vue package; edit-distance match to 'yup' is a false positive for this well-known form library.	ai	2026/05/13
dependencies	unvetted-dep:@formkit/dev	AI (dependencies): First-party @formkit scoped dependency; stable false positive for this package.	ai	2026/05/13
dependencies	unvetted-dep:@formkit/core	AI (dependencies): First-party @formkit scoped dependency; stable false positive for this package.	ai	2026/05/13
dependencies	unvetted-dep:@formkit/i18n	AI (dependencies): First-party @formkit scoped dependency; stable false positive for this package.	ai	2026/05/13
dependencies	unvetted-dep:@formkit/rules	AI (dependencies): First-party @formkit scoped dependency; stable false positive for this package.	ai	2026/05/13
dependencies	unvetted-dep:@formkit/utils	AI (dependencies): First-party @formkit scoped dependency; stable false positive for this package.	ai	2026/05/13
dependencies	unvetted-dep:@formkit/inputs	AI (dependencies): First-party @formkit scoped dependency; stable false positive for this package.	ai	2026/05/13
dependencies	unvetted-dep:@formkit/themes	AI (dependencies): First-party @formkit scoped dependency; stable false positive for this package.	ai	2026/05/13
dependencies	unvetted-dep:@formkit/observer	AI (dependencies): First-party @formkit scoped dependency; stable false positive for this package.	ai	2026/05/13
dependencies	unvetted-dep:@formkit/validation	AI (dependencies): First-party @formkit scoped dependency; stable false positive for this package.	ai	2026/05/13

Versions (showing 4 of 4)

Version	Deps	Published
2.0.0	9 / 1	2026-04-02
1.7.2	9 / 1	2025-12-22
1.7.1	9 / 1	2025-12-17
1.7.0	9 / 1	2025-12-16

v2.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.