← Home

@astrojs/vue

npm Repository Homepage
5
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

fredkschottmatthewp

Keywords

astro-integrationastro-componentrenderervue

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
typosquat typosquat.levenshtein:vite AI (typosquat): Scoped official Astro integration; no plausible typosquat of vite. ai
typosquat typosquat.levenshtein:yup AI (typosquat): Scoped official Astro integration; no plausible typosquat of yup. ai
phantom-deps phantom-dep:vite AI (phantom-deps): vite is a declared runtime dependency; referenced in config files is expected usage. ai

Versions (showing 5 of 5)

Version Deps Published
6.0.1 5 / 5
6.0.0 5 / 5
5.1.4 5 / 5
5.1.3 5 / 5
4.5.3 5 / 5

v6.0.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.1.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.1.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.5.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.