@nuasite/nua
`@nuasite/nua` is the meta package that mirrors the toolchain Nua Site uses during the build phase. Add it to your project to pull in the exact versions of Astro, Tailwind CSS, and the Nua Site packages that deploy your site so local runs behave exactly l
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@nuasite/build | AI (dependencies): Same-org monorepo sibling dependency; expected pattern for @nuasite/* packages. | ai | |
| phantom-deps | phantom-dep:@nuasite/cms-marker | AI (phantom-deps): Same org monorepo package; phantom-dep heuristic is a false positive here. | ai | |
| dependencies | unvetted-dep:@nuasite/cms-marker | AI (dependencies): Same org scope (@nuasite); co-versioned sibling package, not a third-party risk. | ai | |
| phantom-deps | phantom-dep:@nuasite/build | AI (phantom-deps): Same-org monorepo sibling; workspace:* reference is expected, not a phantom dep concern. | ai | |
| dependencies | unvetted-dep:@astrojs/rss | AI (dependencies): @astrojs/rss is an official Astro ecosystem package; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@tailwindcss/vite | AI (phantom-deps): Vite plugin referenced in config files; not directly imported by design. | ai | |
| phantom-deps | phantom-dep:astro | AI (phantom-deps): Astro is a framework peer dep referenced in config files; not directly imported by design. | ai | |
| phantom-deps | phantom-dep:@astrojs/mdx | AI (phantom-deps): Astro integration declared in config files, not directly imported; expected pattern. | ai | |
| phantom-deps | phantom-dep:@astrojs/rss | AI (phantom-deps): Astro integration declared in config files, not directly imported; expected pattern. | ai | |
| phantom-deps | phantom-dep:@astrojs/sitemap | AI (phantom-deps): Astro integration declared in config files, not directly imported; expected pattern. | ai | |
| dependencies | unvetted-dep:@astrojs/sitemap | AI (dependencies): @astrojs/sitemap is a well-known official Astro ecosystem package; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@tailwindcss/typography | AI (phantom-deps): Config-file-only reference; stable false positive for this package. | ai | |
| typosquat | typosquat.levenshtein:koa | AI (typosquat): Scoped @nuasite org package; not a typosquat of koa. | ai | |
| phantom-deps | phantom-dep:@nuasite/llm-enhancements | AI (phantom-deps): Same-org first-party dep; phantom-dep heuristic not applicable. | ai | |
| typosquat | typosquat.levenshtein:nuxt | AI (typosquat): Scoped @nuasite org package; not a typosquat of nuxt. | ai | |
| typosquat | typosquat.levenshtein:yup | AI (typosquat): Scoped @nuasite org package; not a typosquat of yup. | ai | |
| phantom-deps | phantom-dep:vite | AI (phantom-deps): Config-file-only reference typical for umbrella/meta package. | ai | |
| phantom-deps | phantom-dep:flowbite | AI (phantom-deps): Config-file-only reference; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:typescript | AI (phantom-deps): Config-file-only reference; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:tailwindcss | AI (phantom-deps): Config-file-only reference; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@nuasite/cli | AI (phantom-deps): Same-org first-party dep; phantom-dep heuristic not applicable. | ai | |
| phantom-deps | phantom-dep:@nuasite/core | AI (phantom-deps): Same-org first-party dep; phantom-dep heuristic not applicable. | ai | |
| phantom-deps | phantom-dep:@astrojs/check | AI (phantom-deps): Config-file-only reference; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@nuasite/components | AI (phantom-deps): Same-org first-party dep; phantom-dep heuristic not applicable. | ai |
Versions (showing 51 of 108)
| Version | Deps | Published |
|---|---|---|
| 0.42.1 | 16 / 0 | |
| 0.42.0 | 16 / 0 | |
| 0.41.0 | 16 / 0 | |
| 0.40.0 | 16 / 0 | |
| 0.39.2 | 16 / 0 | |
| 0.39.1 | 16 / 0 | |
| 0.39.0 | 16 / 0 | |
| 0.38.0 | 16 / 0 | |
| 0.37.0 | 16 / 0 | |
| 0.36.1 | 16 / 0 | |
| 0.36.0 | 16 / 0 | |
| 0.35.0 | 16 / 0 | |
| 0.34.0 | 16 / 0 | |
| 0.32.0 | 16 / 0 | |
| 0.31.0 | 16 / 0 | |
| 0.30.0 | 16 / 0 | |
| 0.29.0 | 16 / 0 | |
| 0.28.0 | 16 / 0 | |
| 0.27.0 | 16 / 0 | |
| 0.26.0 | 16 / 0 | |
| 0.25.0 | 16 / 0 | |
| 0.24.0 | 16 / 0 | |
| 0.23.1 | 16 / 0 | |
| 0.23.0 | 16 / 0 | |
| 0.22.4 | 16 / 0 | |
| 0.22.3 | 16 / 0 | |
| 0.22.2 | 16 / 0 | |
| 0.22.1 | 16 / 0 | |
| 0.22.0 | 16 / 0 | |
| 0.21.0 | 16 / 0 | |
| 0.20.5 | 16 / 0 | |
| 0.20.4 | 16 / 0 | |
| 0.20.2 | 16 / 0 | |
| 0.20.1 | 16 / 0 | |
| 0.19.1 | 16 / 0 | |
| 0.19.0 | 16 / 0 | |
| 0.18.1 | 16 / 0 | |
| 0.18.0 | 17 / 0 | |
| 0.17.2 | 17 / 0 | |
| 0.17.1 | 17 / 0 | |
| 0.17.0 | 17 / 0 | |
| 0.16.1 | 16 / 0 | |
| 0.16.0 | 16 / 0 | |
| 0.15.2 | 16 / 0 | |
| 0.15.1 | 16 / 0 | |
| 0.15.0 | 16 / 0 | |
| 0.14.1 | 16 / 0 | |
| 0.14.0 | 16 / 0 | |
| 0.13.3 | 16 / 0 | |
| 0.13.1 | 16 / 0 | |
| 0.13.0 | 16 / 0 |
v0.42.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.42.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.40.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.39.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.39.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.39.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.38.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.37.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.36.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.35.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.34.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.32.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.31.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.30.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.29.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.28.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.27.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.26.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.25.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.23.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.23.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.21.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.19.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.19.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.18.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.18.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.17.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.17.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.17.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.16.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.16.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.