← Home

@tsconfig/next

npm Repository Homepage
3
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

ortatypescript-deploys

Keywords

tsconfignext

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
typosquat typosquat.levenshtein:nuxt AI (typosquat): @tsconfig/next is the official Next.js TSConfig base, not a typosquat of nuxt; scoped name makes this a stable false positive. ai
typosquat typosquat.levenshtein:jest AI (typosquat): Coincidental Levenshtein match; package is unrelated to jest. ai
typosquat typosquat.levenshtein:knex AI (typosquat): Coincidental Levenshtein match; package is unrelated to knex. ai

Versions (showing 3 of 3)

Version Deps Published
2.0.6 0 / 0
2.0.5 0 / 0
2.0.4 0 / 0

v2.0.6

2 findings
HIGH typosquat.levenshtein: Possible typosquat of 'nuxt' typosquat

Package name '@tsconfig/next' is 1 edit(s) away from popular package 'nuxt'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.5

2 findings
HIGH typosquat.levenshtein: Possible typosquat of 'nuxt' typosquat

Package name '@tsconfig/next' is 1 edit(s) away from popular package 'nuxt'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.4

2 findings
HIGH typosquat.levenshtein: Possible typosquat of 'nuxt' typosquat

Package name '@tsconfig/next' is 1 edit(s) away from popular package 'nuxt'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.