← Home

@playwright/experimental-ct-vue

npm Repository Homepage

Playwright Component Testing for Vue

17
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

pavelfeldmanyurysdgozman-msplaywright-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Playwright migrated publishing to GitHub Actions with SLSA attestation; this is the expected CI/CD pattern for microsoft/playwright. ai
maintainer-change maintainer-removed AI (maintainer-change): Maintainer consolidation under GitHub Actions CI is consistent with Microsoft's supply chain hardening; not a takeover signal. ai
publish-pattern dormant-publish AI (publish-pattern): Dormancy reflects the package's experimental/niche status; 2416 registry versions confirm active Playwright ecosystem publishing. ai
semgrep semgrep:new-function-constructor AI (semgrep): new Function() is used to execute Vue compiler output for runtime template compilation — a standard, documented Vue pattern. Not a security risk in this context. ai
bogus-package bogus-package AI (bogus-package): Monorepo sub-package from Microsoft's Playwright project; sparse README and missing keywords are expected for sub-packages, not spam indicators. ai
dependencies unvetted-dep:@vitejs/plugin-vue AI (dependencies): @vitejs/plugin-vue is the official Vue core team Vite plugin, a natural and expected dependency for a Vue component testing package. ai

Versions (showing 17 of 17)

Version Deps Published
1.60.0 2 / 0
1.59.1 2 / 0
1.59.0 2 / 0
1.58.2 2 / 0
1.58.1 2 / 0
1.58.0 2 / 0
1.57.0 2 / 0
1.56.1 2 / 0
1.56.0 2 / 0
1.55.1 2 / 0
1.55.0 2 / 0
1.54.2 2 / 0
1.54.1 2 / 0
1.54.0 2 / 0
1.53.2 2 / 0
1.53.1 2 / 0
1.53.0 2 / 0

v1.60.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.59.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.59.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.58.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.58.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.58.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.57.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.56.1

2 findings
HIGH Publisher changed: playwright-bot → GitHub Actions (on 2025-10-17) provenance

This version was published by a different npm account than previous versions on 2025-10-17. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.56.0

2 findings
HIGH Publisher changed: playwright-bot → GitHub Actions (on 2025-10-06) provenance

This version was published by a different npm account than previous versions on 2025-10-06. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.55.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.54.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.54.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.54.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.53.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.53.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.53.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.