nuxt-schema-org — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

harlan_zw

Keywords

schema-orgnuxt@nuxt-schema-orgnuxt-modulenuxt3

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@unhead/schema-org-v2	AI (phantom-deps): npm alias used for compat shim; referenced in config rather than directly imported — stable false positive for this package.	ai	2026/06/09
source-diff	obfuscated-file:dist/devtools/_nuxt/B1DdtD2d.js	AI (source-diff): Standard Vite-bundled devtools UI output; minified Vue/Nuxt code, not malicious obfuscation.	ai	2026/06/07
source-diff	obfuscated-file:dist/devtools/_nuxt/CCjZBs6a.js	AI (source-diff): Standard Vite-bundled devtools UI output; recognizable Vue core runtime patterns.	ai	2026/06/07
source-diff	obfuscated-file:dist/devtools/_nuxt/CQr7N5ou.js	AI (source-diff): Standard Vite-bundled devtools UI output; contains destr/ufo URL utilities, not malicious.	ai	2026/06/07
source-diff	obfuscated-file:dist/devtools/_nuxt/D-Oj-loM.js	AI (source-diff): Standard Vite-bundled devtools UI output; recognizable ofetch/h3 patterns.	ai	2026/06/07
source-diff	obfuscated-file:dist/devtools/_nuxt/D6u4txBo.js	AI (source-diff): Standard Vite-bundled devtools UI output; contains schema.org type definitions, clearly legitimate.	ai	2026/06/07
source-diff	obfuscated-file:dist/devtools/_nuxt/CdXDNp_G.js	AI (source-diff): Vite-minified devtools bundle; module preload and routing code.	ai	2026/05/26
source-diff	obfuscated-file:dist/devtools/_nuxt/Cy_SgmVP.js	AI (source-diff): Vite-minified devtools bundle; schema validator UI component.	ai	2026/05/26
source-diff	obfuscated-file:dist/devtools/_nuxt/25mM0RmU.js	AI (source-diff): Vite-minified devtools bundle; theme color JSON data, not obfuscated malware.	ai	2026/05/26
phantom-deps	phantom-dep:nuxtseo-layer-devtools	AI (phantom-deps): Listed as runtime dep in package.json; used as a Nuxt layer, not a direct JS import.	ai	2026/05/26
source-diff	obfuscated-file:dist/devtools/_nuxt/Sez8u9en.js	AI (source-diff): Vite-minified devtools bundle; consistent with other devtools UI files.	ai	2026/05/26
source-diff	obfuscated-file:dist/devtools/_nuxt/4gBpuNMp.js	AI (source-diff): Vite-minified devtools bundle; syntax grammar JSON data for JS language.	ai	2026/05/26
source-diff	obfuscated-file:dist/devtools/_nuxt/BHnqSpjH.js	AI (source-diff): Vite-minified devtools bundle; standard URL encoding utilities and destr library.	ai	2026/05/26
source-diff	obfuscated-file:dist/devtools/_nuxt/Bkjh01gQ.js	AI (source-diff): Vite-minified devtools bundle; schema-org devtools UI components.	ai	2026/05/26
source-diff	obfuscated-file:dist/devtools/_nuxt/CAgYPU5B.js	AI (source-diff): Vite-minified devtools bundle; dark theme color JSON data.	ai	2026/05/26
source-diff	obfuscated-file:dist/devtools/_nuxt/CcVmIEJg.js	AI (source-diff): Vite-minified devtools bundle; standard Nuxt/Vue devtools UI code.	ai	2026/05/26

Versions (showing 10 of 10)

Version	Deps	Published
6.1.3	8 / 22	2026-06-08
6.1.2	8 / 22	2026-06-08
6.1.1	8 / 22	2026-06-08
6.1.0	6 / 23	2026-06-05
6.0.4	7 / 20	2026-03-26
6.0.3	7 / 20	2026-03-26
6.0.2	7 / 20	2026-03-25
6.0.1	7 / 20	2026-03-25
6.0.0	7 / 20	2026-03-24
5.0.10	7 / 16	2025-12-11

v6.1.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.1.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.1.0

6 findings

HIGH New obfuscated file: dist/devtools/_nuxt/B1DdtD2d.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/devtools/_nuxt/CCjZBs6a.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/devtools/_nuxt/CQr7N5ou.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/devtools/_nuxt/D-Oj-loM.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/devtools/_nuxt/D6u4txBo.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.0.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.0.3

10 findings

HIGH New obfuscated file: dist/devtools/_nuxt/25mM0RmU.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/devtools/_nuxt/4gBpuNMp.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/devtools/_nuxt/BHnqSpjH.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/devtools/_nuxt/Bkjh01gQ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/devtools/_nuxt/CAgYPU5B.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/devtools/_nuxt/CcVmIEJg.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/devtools/_nuxt/CdXDNp_G.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/devtools/_nuxt/Cy_SgmVP.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/devtools/_nuxt/Sez8u9en.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.0.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.