@nuxtjs/i18n — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

pi0atinuxdanielroeantfurchlkazuponbobbiegoede

Keywords

nuxti18ninternationalizationnuxt-module

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	missing-githead	AI (provenance): Published via GitHub Actions with SLSA provenance; gitHead absence is a CI config change, not a threat.	ai	2026/05/21
publish-pattern	dormant-publish	AI (publish-pattern): Established package with 115 versions; dormancy reflects normal release cadence variation.	ai	2026/05/21
dependencies	unvetted-dep:@intlify/utils	AI (dependencies): First-party @intlify ecosystem dep from same maintainer org; stable for this package.	ai	2026/04/29
dependencies	unvetted-dep:@intlify/unplugin-vue-i18n	AI (dependencies): First-party @intlify ecosystem dep from same maintainer org; stable for this package.	ai	2026/04/29
dependencies	unvetted-dep:@intlify/h3	AI (dependencies): First-party @intlify ecosystem dep from same maintainer org; stable for this package.	ai	2026/04/29
dependencies	unvetted-dep:@miyaneee/rollup-plugin-json5	AI (dependencies): Build-time rollup plugin for JSON5 support; no malicious indicators.	ai	2026/04/29
dependencies	unvetted-dep:nuxt-define	AI (dependencies): Utility dep used by Nuxt module ecosystem; no malicious indicators.	ai	2026/04/29
dependencies	unvetted-dep:@intlify/core	AI (dependencies): First-party @intlify ecosystem dep from same maintainer org; stable for this package.	ai	2026/04/29

Versions (showing 16 of 16)

Version	Deps	Published
10.4.0	26 / 23	2026-05-21
10.3.0	26 / 22	2026-04-24
10.2.4	27 / 22	2026-03-23
10.2.3	28 / 21	2026-02-06
10.2.1	28 / 21	2025-11-17
10.2.0	28 / 21	2025-11-02
10.1.2	28 / 21	2025-10-26
10.1.1	29 / 26	2025-10-14
10.1.0	29 / 32	2025-09-09
10.0.6	28 / 32	2025-08-19
10.0.5	28 / 32	2025-08-12
10.0.4	28 / 32	2025-08-08
10.0.3	28 / 34	2025-07-24
10.0.2	28 / 34	2025-07-22
10.0.1	28 / 34	2025-07-20
10.0.0	28 / 34	2025-07-17

v10.4.0

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.2.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.2.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.