nuxt-ai-ready
Best practice AI & LLM discoverability for Nuxt sites.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/devtools/_nuxt/BvJF-GQk.js | AI (source-diff): Standard Vite/Nuxt devtools build output; minified Vue component code, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/asQsCcaa.js | AI (source-diff): Standard Vite/Nuxt devtools build output; minified Vue 3 runtime, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/DaGccE64.js | AI (source-diff): Standard Vite/Nuxt devtools build output; minified Vue runtime, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/DQ3joNC8.js | AI (source-diff): Standard Vite/Nuxt devtools build output; minified Vue runtime, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/D1cMhZtf.js | AI (source-diff): Standard Vite/Nuxt devtools compiled output; readable Vue SFC code, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/nscivqEG.js | AI (source-diff): Vite runtime bootstrap + Vue core bundle; expected minified devtools artifact for this Nuxt module. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/VknhyWgh.js | AI (source-diff): Standard Vite/Nuxt minified runtime bundle; samples show recognizable Vue internals. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/CjfD5hoM.js | AI (source-diff): Standard Vite/Nuxt minified devtools bundle; samples show Vue component code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/C8A_QCy2.js | AI (source-diff): Standard Vite-bundled Vue 3 devtools UI output; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/Bf5PzDW9.js | AI (source-diff): Standard Vite-bundled Vue 3 devtools UI output; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/B3Ds4CMX.js | AI (source-diff): Standard Vite-bundled devtools UI output; Vue/Vite runtime code, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/BnE_ySps.js | AI (source-diff): Standard Vite-bundled devtools UI component; recognizable Vue SFC pattern, not malicious. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/fZ4x2Xc7.js | AI (source-diff): Standard Vite-minified Vue runtime bundle for devtools UI; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/BG6yeKN1.js | AI (source-diff): Standard Vite-minified Vue devtools bundle; samples show Vue component code, not malicious obfuscation. | ai | |
| source-diff | large-new-source-files | AI (source-diff): 34 new files are the devtools subapp build artifacts; expected for this feature addition. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase explained by addition of devtools Nuxt app (JS bundles, CSS, fonts). | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/DyapScGI.js | AI (source-diff): Standard Vite-bundled devtools UI component; imports from sibling bundle files, not malicious. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/BJy7_Lqa.js | AI (source-diff): Standard Vite-bundled devtools UI output; minified Vue runtime, not obfuscated malware. | ai | |
| npm-metadata | suspicious-initial-version | AI (npm-metadata): Established Nuxt ecosystem publisher; 0.0.0 is a standard initial release pattern for Nuxt modules. | ai | |
| phantom-deps | phantom-dep:ufo | AI (phantom-deps): Config-referenced utility; stable pattern for Nuxt modules. | ai | |
| phantom-deps | phantom-dep:std-env | AI (phantom-deps): Config-referenced utility; stable pattern for Nuxt modules. | ai | |
| phantom-deps | phantom-dep:minimatch | AI (phantom-deps): Config-referenced utility; stable pattern for Nuxt modules. | ai | |
| dependencies | unvetted-dep:@mdream/js | AI (dependencies): Same-author ecosystem package (Harlan Wilton / nuxtseo); stable dependency pattern. | ai | |
| dependencies | unvetted-dep:nuxt-site-config | AI (dependencies): Same-author ecosystem package (Harlan Wilton); stable dependency pattern. | ai | |
| dependencies | unvetted-dep:nuxtseo-shared | AI (dependencies): Same-author ecosystem package (nuxtseo-shared); stable dependency pattern. | ai | |
| dependencies | unvetted-dep:mdream | AI (dependencies): Same-author ecosystem package (Harlan Wilton / nuxtseo); stable dependency pattern. | ai |
Versions (showing 92 of 92)
| Version | Deps | Published |
|---|---|---|
| 1.4.0 | 14 / 35 | |
| 1.3.7 | 14 / 34 | |
| 1.3.6 | 14 / 33 | |
| 1.3.4 | 14 / 33 | |
| 1.3.2 | 14 / 33 | |
| 1.3.1 | 14 / 33 | |
| 1.3.0 | 12 / 31 | |
| 1.2.0 | 12 / 31 | |
| 1.1.3 | 12 / 31 | |
| 1.1.2 | 12 / 31 | |
| 1.1.0 | 12 / 31 | |
| 1.0.4 | 12 / 31 | |
| 1.0.3 | 12 / 31 | |
| 1.0.0 | 12 / 31 | |
| 0.12.2 | 13 / 38 | |
| 0.12.1 | 13 / 38 | |
| 0.12.0 | 13 / 37 | |
| 0.11.0 | 13 / 36 | |
| 0.10.12 | 13 / 36 | |
| 0.10.11 | 13 / 36 | |
| 0.10.10 | 13 / 36 | |
| 0.10.9 | 13 / 36 | |
| 0.10.8 | 13 / 36 | |
| 0.10.7 | 13 / 36 | |
| 0.10.6 | 13 / 36 | |
| 0.10.5 | 13 / 36 | |
| 0.10.4 | 13 / 36 | |
| 0.10.3 | 13 / 36 | |
| 0.10.2 | 13 / 36 | |
| 0.10.1 | 13 / 36 | |
| 0.10.0 | 13 / 36 | |
| 0.9.4 | 13 / 36 | |
| 0.9.3 | 13 / 36 | |
| 0.9.2 | 13 / 36 | |
| 0.9.1 | 13 / 36 | |
| 0.9.0 | 13 / 36 | |
| 0.8.2 | 13 / 36 | |
| 0.8.1 | 12 / 36 | |
| 0.8.0 | 12 / 36 | |
| 0.7.16 | 12 / 36 | |
| 0.7.15 | 12 / 36 | |
| 0.7.14 | 12 / 36 | |
| 0.7.13 | 12 / 36 | |
| 0.7.12 | 12 / 36 | |
| 0.7.11 | 12 / 36 | |
| 0.7.10 | 12 / 36 | |
| 0.7.9 | 12 / 36 | |
| 0.7.8 | 12 / 36 | |
| 0.7.7 | 12 / 36 | |
| 0.7.6 | 12 / 36 | |
| 0.7.5 | 12 / 36 | |
| 0.7.4 | 12 / 36 | |
| 0.7.3 | 12 / 36 | |
| 0.7.2 | 12 / 36 | |
| 0.7.1 | 12 / 36 | |
| 0.7.0 | 12 / 36 | |
| 0.6.3 | 12 / 33 | |
| 0.6.2 | 12 / 33 | |
| 0.6.1 | 12 / 33 | |
| 0.6.0 | 12 / 33 | |
| 0.5.3 | 13 / 33 | |
| 0.5.2 | 13 / 33 | |
| 0.5.1 | 13 / 32 | |
| 0.5.0 | 13 / 31 | |
| 0.4.4 | 13 / 31 | |
| 0.4.3 | 13 / 31 | |
| 0.4.2 | 13 / 31 | |
| 0.4.1 | 13 / 31 | |
| 0.4.0 | 13 / 31 | |
| 0.3.8 | 15 / 31 | |
| 0.3.7 | 15 / 31 | |
| 0.3.6 | 13 / 31 | |
| 0.3.5 | 13 / 31 | |
| 0.3.4 | 13 / 31 | |
| 0.3.3 | 13 / 31 | |
| 0.3.2 | 13 / 31 | |
| 0.3.1 | 13 / 31 | |
| 0.3.0 | 13 / 31 | |
| 0.2.4 | 12 / 31 | |
| 0.2.3 | 12 / 31 | |
| 0.2.2 | 12 / 31 | |
| 0.2.1 | 12 / 31 | |
| 0.2.0 | 12 / 31 | |
| 0.1.5 | 11 / 31 | |
| 0.1.4 | 11 / 31 | |
| 0.1.3 | 11 / 31 | |
| 0.1.2 | 11 / 31 | |
| 0.1.0 | 11 / 31 | |
| 0.0.3 | 11 / 31 | |
| 0.0.2 | 11 / 31 | |
| 0.0.1 | 11 / 31 | |
| 0.0.0 | 11 / 30 |
v1.4.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.7
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.6
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.2.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.10.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.10.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.10.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.10.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.