← Home

@nuxtjs/sitemap

npm Repository Homepage
12
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

pi0atinuxdanielroeantfunicopennecharlan_zw

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
publish-pattern dormant-publish AI (publish-pattern): Mature package with infrequent releases; dormancy is normal for stable Nuxt modules. ai
source-diff obfuscated-file:dist/devtools/_nuxt/h7zQ0TxP.js AI (source-diff): Vite-bundled Vue runtime chunk; standard minified output. ai
source-diff obfuscated-file:dist/devtools/_nuxt/CnYZ0nz4.js AI (source-diff): Vite-bundled devtools entry chunk; standard minified output. ai
source-diff obfuscated-file:dist/devtools/_nuxt/B-mzd7ax.js AI (source-diff): Vite-bundled devtools UI chunk; standard minified Vue component output. ai
source-diff obfuscated-file:dist/devtools/_nuxt/6e7EVM9D.js AI (source-diff): Vite-bundled devtools UI chunk; standard minified Vue component output. ai
dependencies unvetted-dep:nuxtseo-layer-devtools AI (dependencies): Same nuxtseo ecosystem by the package author; devtools-only dependency, not a supply chain risk. ai
dependencies unvetted-dep:h3-compression AI (dependencies): h3-compression is a legitimate h3 framework compression utility; appropriate for sitemap HTTP response handling. ai
phantom-deps phantom-dep:std-env AI (phantom-deps): Referenced in config files; standard Nuxt module pattern. ai
phantom-deps phantom-dep:nuxtseo-layer-devtools AI (phantom-deps): Part of the nuxtseo ecosystem; loaded by convention. ai
phantom-deps phantom-dep:@nuxt/devtools-kit AI (phantom-deps): Framework-scoped package loaded by convention in Nuxt modules. ai
phantom-deps phantom-dep:semver AI (phantom-deps): Referenced in config files; standard Nuxt module pattern. ai
phantom-deps phantom-dep:sirv AI (phantom-deps): Nuxt module loads sirv by convention; not a direct import pattern. ai
dependencies unvetted-dep:nuxtseo-shared AI (dependencies): Same author/ecosystem (nuxtseo); stable dependency across versions of this package. ai
dependencies unvetted-dep:nuxt-site-config AI (dependencies): Same author/ecosystem (nuxtseo); stable dependency across versions of this package. ai

Versions (showing 12 of 12)

Version Deps Published
8.0.15 12 / 27
8.0.14 12 / 27
8.0.13 12 / 27
8.0.12 12 / 27
8.0.11 17 / 22
8.0.9 17 / 22
8.0.1 17 / 22
8.0.0 17 / 22
7.5.2 15 / 22
7.5.0 16 / 20
7.4.10 16 / 20
7.4.8 16 / 20

v8.0.15

5 findings
HIGH New obfuscated file: dist/devtools/_nuxt/6e7EVM9D.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/devtools/_nuxt/B-mzd7ax.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/devtools/_nuxt/CnYZ0nz4.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/devtools/_nuxt/h7zQ0TxP.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.14

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.13

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.12

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.11

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.9

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.5.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.5.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.4.10

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.4.8

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.