@sit-onyx/nuxt-docs Apache-2.0 8 versions

@sit-onyx/nuxt-docs

npm Repository

Nuxt layer/template for creating documentations with the onyx design system

8

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

larsrickertbopplijoca96

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
npm-metadata	suspicious-initial-version	AI (npm-metadata): Monorepo package from Schwarz IT; 0.0.0 is a stable versioning pattern across 319 published versions with SLSA provenance.	ai	2026/05/11
bogus-package	bogus-package	AI (bogus-package): Sparse README/no keywords is typical for internal monorepo tooling packages, not spam.	ai	2026/05/11
phantom-deps	phantom-dep:@sit-onyx/mdc	AI (phantom-deps): Same-org dependency used as a Nuxt layer; not directly imported in JS but consumed via Nuxt config — stable false positive for this package.	ai	2026/04/29

Versions (showing 8 of 8)

Version	Deps	Published
0.6.0	1 / 16	2026-05-07
0.5.1	1 / 16	2026-04-22
0.5.0	0 / 16	2026-03-26
0.4.0	0 / 17	2026-03-16
0.3.0	0 / 17	2026-02-13
0.2.0	0 / 17	2026-01-15
0.1.0	0 / 16	2025-11-18
0.0.0	0 / 16	2025-09-12

v0.6.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.