← Home

unplugin-vue-router

npm Repository Homepage
7
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

posva

Keywords

unpluginvitewebpackrolldownrollupvue-routerpagesfilesystemtypestypedvuenuxtrouter

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
publish-pattern dormant-publish AI (publish-pattern): Active open-source project with 85 published versions; gap likely reflects normal release cadence, not account takeover. ai
publish-pattern new-deps-added AI (publish-pattern): New deps are well-known Vue/tooling packages replacing fast-glob; consistent with project's stated purpose. ai
dependencies unvetted-dep:muggle-string AI (dependencies): muggle-string is part of the Volar/Vue language tooling ecosystem; its use in unplugin-vue-router is consistent with the package's Vue language server integration features. ai

Versions (showing 7 of 7)

Version Deps Published
0.19.2 17 / 44
0.19.0 17 / 46
0.18.0 17 / 46
0.16.1 17 / 45
0.15.0 16 / 43
0.14.0 14 / 43
0.13.0 14 / 43

v0.19.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.19.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.18.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.16.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.15.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.14.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.13.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.