@powersync/nuxt
PowerSync Nuxt module
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@nuxt/devtools-ui-kit | AI (dependencies): Official Nuxt devtools package; expected dependency for a Nuxt module with devtools integration. | ai | |
| phantom-deps | phantom-dep:shiki | AI (phantom-deps): Nuxt module convention; deps loaded via config/framework, not direct imports. | ai | |
| phantom-deps | phantom-dep:unocss | AI (phantom-deps): Nuxt module convention; deps loaded via config/framework, not direct imports. | ai | |
| phantom-deps | phantom-dep:fuse.js | AI (phantom-deps): Nuxt module convention; deps loaded via config/framework, not direct imports. | ai | |
| phantom-deps | phantom-dep:reka-ui | AI (phantom-deps): Nuxt module convention; deps loaded via config/framework, not direct imports. | ai | |
| typosquat | typosquat.levenshtein:next | AI (typosquat): Scoped @powersync/nuxt is a Nuxt framework module, not a typosquat of 'next'; edit-distance match is coincidental. | ai | |
| phantom-deps | phantom-dep:@nuxt/devtools-kit | AI (phantom-deps): Framework-scoped package loaded by convention, not direct import. | ai | |
| phantom-deps | phantom-dep:@tanstack/vue-table | AI (phantom-deps): Nuxt module convention; deps loaded via config/framework, not direct imports. | ai | |
| phantom-deps | phantom-dep:@iconify-json/carbon | AI (phantom-deps): Nuxt module convention; icon sets loaded via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:@nuxt/devtools-ui-kit | AI (phantom-deps): Framework-scoped package loaded by convention, not direct import. | ai | |
| phantom-deps | phantom-dep:@vueuse/nuxt | AI (phantom-deps): Nuxt module convention; deps loaded via config/framework, not direct imports. | ai |
Versions (showing 7 of 7)
| Version | Deps | Published |
|---|---|---|
| 0.0.7 | 15 / 13 | |
| 0.0.6 | 14 / 13 | |
| 0.0.5 | 14 / 13 | |
| 0.0.4 | 14 / 14 | |
| 0.0.3 | 14 / 14 | |
| 0.0.2 | 14 / 14 | |
| 0.0.1 | 14 / 14 |
v0.0.7
2 findingsPackage name '@powersync/nuxt' is 1 edit(s) away from popular package 'next'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.4
2 findingsPackage name '@powersync/nuxt' is 1 edit(s) away from popular package 'next'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.1
2 findingsPackage name '@powersync/nuxt' is 1 edit(s) away from popular package 'next'.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.