@nuxtjs/shopify MIT 33 versions

@nuxtjs/shopify

npm Repository Homepage

Easily integrate Shopify with Nuxt 3 and 4 🚀

33

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

pi0atinuxdanielroeantfukonkofreb97

Keywords

nuxtnuxt3nuxt4nuxtjsnuxt-moduleshopifyecommercestorefrontstorefront-apiadmin-apigraphqltypescriptcodegen

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition to GitHub Actions CI publishing with SLSA attestation under nuxt-modules org; legitimate automation pattern.	ai	2026/05/30
maintainer-change	maintainer-removed	AI (maintainer-change): Consistent with org-level CI/CD takeover of publishing; nuxt-modules org package with SLSA provenance.	ai	2026/05/30
dependencies	unvetted-dep:@shopify/graphql-codegen	AI (dependencies): Official Shopify codegen package; expected dependency for this module.	ai	2026/05/18
dependencies	unvetted-dep:@shopify/graphql-client	AI (dependencies): Official Shopify SDK package; stable dependency for this Shopify integration module.	ai	2026/05/18
dependencies	unvetted-dep:@shopify/api-codegen-preset	AI (dependencies): Official Shopify codegen preset; expected for this Shopify Nuxt module.	ai	2026/05/18
dependencies	unvetted-dep:@graphql-codegen/import-types-preset	AI (dependencies): Well-known graphql-codegen ecosystem package; stable for this module.	ai	2026/05/18
phantom-deps	phantom-dep:@graphql-codegen/plugin-helpers	AI (phantom-deps): Config-file-only reference; expected codegen tooling pattern.	ai	2026/05/07
phantom-deps	phantom-dep:@graphql-codegen/import-types-preset	AI (phantom-deps): Config-file-only reference; expected codegen tooling pattern.	ai	2026/05/07
phantom-deps	phantom-dep:@graphql-codegen/introspection	AI (phantom-deps): Config-file-only reference; expected codegen tooling pattern.	ai	2026/05/07
phantom-deps	phantom-dep:@shopify/api-codegen-preset	AI (phantom-deps): Config-file-only reference; not a runtime import, expected for codegen tooling.	ai	2026/05/07

Versions (showing 33 of 33)

Version	Deps	Published
0.5.4	23 / 19	2026-05-01
0.5.3	23 / 19	2026-05-01
0.5.2	23 / 19	2026-04-13
0.5.1	23 / 19	2026-04-13
0.5.0	23 / 19	2026-04-11
0.4.6	23 / 17	2026-04-07
0.4.5	23 / 17	2026-04-06
0.4.4	23 / 16	2026-03-13
0.4.3	23 / 16	2026-03-09
0.4.2	23 / 16	2026-02-19
0.4.1	23 / 16	2026-02-19
0.4.0	23 / 16	2026-02-19
0.3.16	21 / 17	2026-02-18
0.3.15	21 / 17	2026-02-17
0.3.14	19 / 17	2026-02-12
0.3.13	20 / 17	2026-01-17
0.3.12	20 / 17	2025-12-18
0.3.11	20 / 17	2025-12-18
0.3.10	20 / 17	2025-12-18
0.3.9	19 / 18	2025-12-18
0.3.8	19 / 18	2025-12-18
0.3.7	19 / 18	2025-11-29
0.3.6	19 / 18	2025-11-13
0.3.5	19 / 18	2025-11-12
0.3.4	19 / 18	2025-11-02
0.3.3	19 / 18	2025-11-02
0.3.2	18 / 18	2025-11-01
0.3.1	18 / 18	2025-11-01
0.3.0	18 / 18	2025-11-01
0.2.0	14 / 17	2025-10-03
0.1.7	14 / 17	2025-09-17
0.1.6	14 / 17	2025-09-16
0.1.5	14 / 18	2025-09-10

v0.5.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.5.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.5.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.5.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.6

2 findings

HIGH Publisher changed: freb97 → GitHub Actions (on 2026-04-07) provenance

This version was published by a different npm account than previous versions on 2026-04-07. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.5

2 findings

HIGH Publisher changed: freb97 → GitHub Actions (on 2026-04-06) provenance

This version was published by a different npm account than previous versions on 2026-04-06. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.4

2 findings

HIGH Publisher changed: freb97 → GitHub Actions (on 2026-03-13) provenance

This version was published by a different npm account than previous versions on 2026-03-13. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.3

2 findings

HIGH Publisher changed: freb97 → GitHub Actions (on 2026-03-09) provenance

This version was published by a different npm account than previous versions on 2026-03-09. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.2

2 findings

HIGH Publisher changed: freb97 → GitHub Actions (on 2026-02-19) provenance

This version was published by a different npm account than previous versions on 2026-02-19. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.1

2 findings

HIGH Publisher changed: freb97 → GitHub Actions (on 2026-02-19) provenance

This version was published by a different npm account than previous versions on 2026-02-19. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.0

2 findings

HIGH Publisher changed: freb97 → GitHub Actions (on 2026-02-19) provenance

This version was published by a different npm account than previous versions on 2026-02-19. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.16

2 findings

HIGH Publisher changed: freb97 → GitHub Actions (on 2026-02-18) provenance

This version was published by a different npm account than previous versions on 2026-02-18. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.15

2 findings

HIGH Publisher changed: freb97 → GitHub Actions (on 2026-02-17) provenance

This version was published by a different npm account than previous versions on 2026-02-17. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.14

2 findings

HIGH Publisher changed: freb97 → GitHub Actions (on 2026-02-12) provenance

This version was published by a different npm account than previous versions on 2026-02-12. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.13

2 findings

HIGH Publisher changed: freb97 → GitHub Actions (on 2026-01-17) provenance

This version was published by a different npm account than previous versions on 2026-01-17. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.12

2 findings

HIGH Publisher changed: freb97 → GitHub Actions (on 2025-12-18) provenance

This version was published by a different npm account than previous versions on 2025-12-18. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.11

2 findings

HIGH Publisher changed: freb97 → GitHub Actions (on 2025-12-18) provenance

This version was published by a different npm account than previous versions on 2025-12-18. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.9

2 findings

HIGH Publisher changed: freb97 → GitHub Actions (on 2025-12-18) provenance

This version was published by a different npm account than previous versions on 2025-12-18. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.8

2 findings

HIGH Publisher changed: freb97 → GitHub Actions (on 2025-12-18) provenance

This version was published by a different npm account than previous versions on 2025-12-18. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.5

2 findings

HIGH Publisher changed: freb97 → GitHub Actions (on 2025-11-12) provenance

This version was published by a different npm account than previous versions on 2025-11-12. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.4

2 findings

HIGH Publisher changed: freb97 → GitHub Actions (on 2025-11-02) provenance

This version was published by a different npm account than previous versions on 2025-11-02. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.3

2 findings

HIGH Publisher changed: freb97 → GitHub Actions (on 2025-11-02) provenance

This version was published by a different npm account than previous versions on 2025-11-02. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.