← Home

@nextcloud/vue

npm Repository Homepage

Nextcloud vue components

6
Versions
AGPL-3.0-or-later
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

icewind1991skjnldsvchristophwurstjuliushaertlnickvergessenartongegretadocimejo-susnux

Keywords

vuejsnextcloudcomponents

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/chunks/_l10n-CG4CuN3H.mjs AI (source-diff): Vite-bundled l10n translation data; long lines are serialized translation strings, not obfuscation. ai
source-diff obfuscated-file:dist/chunks/NcContent-BhMoPROW.mjs AI (source-diff): Standard Vite build output for Vue component; long lines are inlined SVG/template strings. ai
source-diff obfuscated-file:dist/chunks/NcContent-Dd15hgck.mjs AI (source-diff): Standard Vite-bundled ESM output; long lines are inlined SVG/CSS, not obfuscation. Stable pattern for this package. ai
source-diff large-new-source-files AI (source-diff): Major version bump with Vue 2→3 migration; large file count increase is expected and legitimate. ai
source-diff obfuscated-file:dist/chunks/_l10n-skrZri3h.cjs AI (source-diff): Minified l10n translation bundle with Nextcloud copyright; long lines are translation data, not obfuscated malware. ai
typosquat typosquat.levenshtein:vite AI (typosquat): Scoped package @nextcloud/vue cannot typosquat 'vite'; levenshtein match is spurious. ai
typosquat typosquat.levenshtein:yup AI (typosquat): Scoped package @nextcloud/vue cannot typosquat 'yup'; levenshtein match is spurious. ai
phantom-deps phantom-dep:clone AI (phantom-deps): 'clone' is a declared runtime dependency; phantom-dep heuristic is a false positive here. ai

Versions (showing 6 of 6)

Version Deps Published
9.8.2 44 / 41
9.8.1 44 / 41
9.8.0 44 / 41
9.7.0 44 / 41
8.39.0 47 / 49
8.38.0 47 / 49

v9.8.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.8.1

3 findings
HIGH New obfuscated file: dist/chunks/_l10n-CG4CuN3H.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/chunks/NcContent-BhMoPROW.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.8.0

2 findings
HIGH New obfuscated file: dist/chunks/NcContent-Dd15hgck.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.39.0

2 findings
HIGH New obfuscated file: dist/chunks/_l10n-skrZri3h.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.38.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.