vite-plugin-dts — Greenflagged

<h1 align="center">vite-plugin-dts</h1>

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

qmhc

Keywords

vitevite-plugintsdtstypescriptvuetscvue-tscvolar

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Moved to GitHub Actions CI publishing with SLSA provenance; same maintainer org.	ai	2026/06/02
source-diff	source-size-dropped	AI (source-diff): Major version refactored core into unplugin-dts; this is now a thin wrapper by design.	ai	2026/06/02

Versions (showing 51 of 111)

View all versions

Version	Deps	Published
5.0.2	1 / 1	2026-06-01
5.0.1	1 / 1	2026-05-19
4.5.4	9 / 30	2025-05-15
4.5.3	9 / 30	2025-03-03
4.5.1	9 / 30	2025-02-28
4.5.0	9 / 30	2025-01-10
4.4.0	9 / 29	2024-12-19
4.3.0	9 / 29	2024-10-22
4.2.4	9 / 29	2024-10-11
4.2.3	9 / 29	2024-09-30
4.2.2	9 / 29	2024-09-24
4.2.1	9 / 29	2024-09-08
4.2.0	9 / 29	2024-09-08
4.1.1	10 / 29	2024-09-06
4.1.0	10 / 29	2024-09-01
4.0.3	10 / 29	2024-08-14
4.0.2	10 / 29	2024-08-09
4.0.1	10 / 29	2024-08-07
4.0.0	10 / 29	2024-08-06
3.9.1	7 / 29	2024-05-05
3.9.0	7 / 29	2024-04-23
3.8.3	7 / 29	2024-04-15
3.8.2	7 / 29	2024-04-12
3.8.1	7 / 29	2024-03-28
3.8.0	7 / 29	2024-03-27
3.7.3	6 / 29	2024-02-21
3.7.2	6 / 29	2024-01-24
3.7.1	6 / 29	2024-01-15
3.7.0	6 / 29	2023-12-25
3.6.4	6 / 29	2023-11-30
3.6.3	6 / 29	2023-10-30
3.6.2	6 / 29	2023-10-27
3.6.1	6 / 29	2023-10-24
3.6.0	6 / 29	2023-09-26
3.5.4	6 / 29	2023-09-21
3.5.3	6 / 29	2023-08-29
3.5.2	6 / 29	2023-08-12
3.5.1	6 / 29	2023-08-06
3.5.0	6 / 29	2023-08-04
3.4.0	6 / 29	2023-07-30
3.3.1	6 / 32	2023-07-17
3.3.0	6 / 32	2023-07-14
3.2.0	9 / 32	2023-07-08
3.1.1	9 / 32	2023-07-07
3.1.0	9 / 33	2023-07-05
3.0.3	9 / 34	2023-07-03
3.0.2	9 / 34	2023-06-30
3.0.1	9 / 34	2023-06-30
3.0.0	9 / 34	2023-06-30
2.3.0	10 / 37	2023-04-17
2.2.0	10 / 37	2023-04-03

v5.0.2

3 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH Publisher changed: qmhc → GitHub Actions (on 2026-06-01) provenance

This version was published by a different npm account than previous versions on 2026-06-01. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.0.1

3 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH Publisher changed: qmhc → GitHub Actions (on 2026-05-19) provenance

This version was published by a different npm account than previous versions on 2026-05-19. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.5.4

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: qmhc.