@intlify/vue-i18n-extensions MIT 2 versions

@intlify/vue-i18n-extensions

npm Repository Homepage

vue-i18n extensions

Versions

MIT

License

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

kazuponota-meshi

Keywords

extensionsi18noptimaizationserver-side-renderingvuevue-i18n

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Package migrated to GitHub Actions CI publishing with SLSA attestation; publisher-changed to GHA is expected and verifiable.	ai	2026/05/26
phantom-deps	phantom-dep:vue-i18n	AI (phantom-deps): Peer dependency used via config; stable pattern for this package.	ai	2026/04/29
phantom-deps	phantom-dep:@babel/parser	AI (phantom-deps): Framework-scoped package loaded by convention; stable for this package.	ai	2026/04/29
phantom-deps	phantom-dep:@intlify/shared	AI (phantom-deps): Same-org scoped package; stable pattern for this package.	ai	2026/04/29
phantom-deps	phantom-dep:@vue/compiler-dom	AI (phantom-deps): Framework-scoped package loaded by convention; stable for this package.	ai	2026/04/29

Versions (showing 2 of 2)

Version	Deps	Published
9.0.0	2 / 30	2026-05-23
6.0.0	4 / 29	2024-06-07

v9.0.0

2 findings

HIGH Publisher changed: kazupon → GitHub Actions (on 2026-05-23) provenance

This version was published by a different npm account than previous versions on 2026-05-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.