@skaldapp/monaco-sfc
A Monaco Editor language server for Vue Single File Components (SFC) providing syntax highlighting, IntelliSense, error detection, and more
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| license | copyleft-license:AGPL-3.0-only | AI (license): AGPL-3.0 is disclosed and appropriate for this open-source Vue tooling. | ai | |
| dependencies | unvetted-dep:@volar/jsdelivr | AI (dependencies): Legitimate Volar ecosystem package for CDN-based language server file loading. | ai | |
| dependencies | unvetted-dep:@nuxtlabs/monarch-mdc | AI (dependencies): NuxtLabs-maintained Monaco syntax highlighting package; fits package purpose. | ai | |
| dependencies | unvetted-dep:@vue/typescript-plugin | AI (dependencies): Official Vue TypeScript plugin; expected dependency for Vue SFC language server. | ai | |
| phantom-deps | phantom-dep:vscode-uri | AI (phantom-deps): Referenced in config files; stable false positive for this LSP package. | ai | |
| phantom-deps | phantom-dep:@volar/jsdelivr | AI (phantom-deps): Referenced in config files for CDN-based file system; stable false positive. | ai | |
| phantom-deps | phantom-dep:@vue/language-core | AI (phantom-deps): Framework-scoped Volar package loaded by convention, not direct import. | ai | |
| phantom-deps | phantom-dep:volar-service-typescript | AI (phantom-deps): Config-loaded Volar service; stable false positive for this LSP package. | ai | |
| phantom-deps | phantom-dep:vscode-languageserver-protocol | AI (phantom-deps): LSP protocol types used via config; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@remote-dom/polyfill | AI (phantom-deps): Referenced in config files; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@vue/language-service | AI (phantom-deps): Framework-scoped Volar package loaded by convention, not direct import. | ai | |
| phantom-deps | phantom-dep:@vue/typescript-plugin | AI (phantom-deps): Framework-scoped plugin loaded by convention in Volar-based tooling. | ai | |
| phantom-deps | phantom-dep:typescript | AI (phantom-deps): TypeScript is a peer/config dependency for this language-server package. | ai |
Versions (showing 18 of 18)
| Version | Deps | Published |
|---|---|---|
| 1.1.51 | 12 / 8 | |
| 1.1.50 | 12 / 8 | |
| 1.1.49 | 12 / 8 | |
| 1.1.48 | 12 / 8 | |
| 1.1.47 | 12 / 8 | |
| 1.1.46 | 12 / 8 | |
| 1.1.45 | 12 / 8 | |
| 1.1.44 | 12 / 8 | |
| 1.1.43 | 12 / 8 | |
| 1.1.42 | 12 / 8 | |
| 1.1.41 | 12 / 8 | |
| 1.1.40 | 12 / 8 | |
| 1.1.39 | 12 / 8 | |
| 1.1.38 | 12 / 8 | |
| 1.1.37 | 12 / 8 | |
| 1.1.36 | 12 / 8 | |
| 1.1.35 | 12 / 8 | |
| 1.1.34 | 12 / 8 |
v1.1.51
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.50
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.49
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.48
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.47
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.46
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.45
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.44
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.43
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.42
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.41
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.40
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.39
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.38
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.37
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.36
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.35
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.34
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.