@nuxt/devtools
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/client/_nuxt/vendor/json-editor-vue-eojr4v24.js | AI (source-diff): Vite-bundled vendor chunk for the devtools client UI; standard minified output. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Major version bump after extended development; official Nuxt org with SLSA provenance. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Devtools client UI is rebuilt each release with content-hashed filenames; large diffs are normal. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/modules-isjfof47.js | AI (source-diff): Minified Nuxt client page chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/vendor/markdown-it-ckeo8pwp.js | AI (source-diff): Minified vendor chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/imports-lb64tt5j.js | AI (source-diff): Minified Nuxt client page chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/hooks-lapcgs2a.js | AI (source-diff): Minified Nuxt client page chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/error-500-l89qfgc9.js | AI (source-diff): Minified Nuxt client page chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/error-404-mzw240fb.js | AI (source-diff): Minified Nuxt client page chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/dev-auth-he0eye7r.js | AI (source-diff): Minified Nuxt client page chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/debug-hbdh85ek.js | AI (source-diff): Minified Nuxt client page chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/custom-_name_-oczf7kge.js | AI (source-diff): Minified Nuxt client page chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/components-h8jl0r8x.js | AI (source-diff): Minified Nuxt client page chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/code-diff-hjtd937u.js | AI (source-diff): Minified Nuxt client page chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/assets-k3ya1y6b.js | AI (source-diff): Minified Nuxt client page chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/analyze-build-isc8qyt9.js | AI (source-diff): Minified Nuxt client page chunk; stable pattern for this package. | ai | |
| source-diff | net-exec-file:dist/client/_nuxt/vendor/json-editor-vue-eojr4v24.js | AI (source-diff): Bundled Vue/JSON-editor vendor code; network+exec pattern is normal for a rich UI bundle. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/d479ufk9.js | AI (source-diff): Vite entry/chunk map file; standard bundler output. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/client-nwyjxodt.js | AI (source-diff): Vite-bundled client chunk; minified output from Nuxt generate. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/open-graph-fa6g70np.js | AI (source-diff): Vite-bundled client UI chunk; minified build output. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/analyze-build-kavepk5h.js | AI (source-diff): Vite-bundled client UI chunk; minified build output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/assets-lbkq1tqr.js | AI (source-diff): Vite-bundled client UI chunk; minified build output. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/b2u55qmz.js | AI (source-diff): Vite chunk map file; minified build output. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/code-diff-li4lnfub.js | AI (source-diff): Vite-bundled client UI chunk; minified build output. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/components-n5suoqli.js | AI (source-diff): Vite-bundled client UI chunk; minified build output. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/custom-_name_-kmemebv7.js | AI (source-diff): Vite-bundled client UI chunk; minified build output. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/debug-dfr4605f.js | AI (source-diff): Vite-bundled client UI chunk; minified build output. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/error-404-k9s93f0g.js | AI (source-diff): Vite-bundled client UI chunk; minified build output. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/error-500-f6vgodgv.js | AI (source-diff): Vite-bundled client UI chunk; minified build output. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/hooks-lehfx0wr.js | AI (source-diff): Vite-bundled client UI chunk; minified build output. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/imports-hdwwo21k.js | AI (source-diff): Vite-bundled client UI chunk; minified build output. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/vendor/json-editor-vue-ho2zu772.js | AI (source-diff): Bundled vendor dependency; minified build output. | ai | |
| source-diff | net-exec-file:dist/client/_nuxt/vendor/json-editor-vue-ho2zu772.js | AI (source-diff): Bundled vendor lib (Vue runtime); network+exec patterns are normal for framework bundles. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/modules-htbuqp0w.js | AI (source-diff): Vite-bundled client UI chunk; minified build output. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/overview-c0tmze6n.js | AI (source-diff): Vite-bundled client UI chunk; minified build output. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/pages-gv3j1axz.js | AI (source-diff): Vite-bundled client UI chunk; minified build output. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/plugins-j03zk4nt.js | AI (source-diff): Vite-bundled client UI chunk; minified build output. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/vendor/quicktype-core-jsgpnknz.js | AI (source-diff): Bundled vendor dependency; minified build output. | ai | |
| source-diff | net-exec-file:dist/client/_nuxt/vendor/quicktype-core-jsgpnknz.js | AI (source-diff): Bundled quicktype-core vendor lib; network+exec patterns expected. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/assets-gul8j4ty.js | AI (source-diff): Minified Vite client bundle chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/analyze-build-dclm2eua.js | AI (source-diff): Minified Vite client bundle chunk; standard for this devtools UI package. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/debug-d3sv8xbk.js | AI (source-diff): Minified Vite client bundle chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/custom-_name_-hhxly3pw.js | AI (source-diff): Minified Vite client bundle chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/components-dx448jl3.js | AI (source-diff): Minified Vite client bundle chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/code-diff-injlkjgq.js | AI (source-diff): Minified Vite client bundle chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/pages-j5tlf4m8.js | AI (source-diff): Minified Vite client bundle chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/plugins-ojaq4cs3.js | AI (source-diff): Minified Vite client bundle chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/vendor/quicktype-core-bmjj6ua7.js | AI (source-diff): Minified vendor bundle (quicktype-core); listed in devDeps and bundled. | ai | |
| source-diff | net-exec-file:dist/client/_nuxt/vendor/quicktype-core-bmjj6ua7.js | AI (source-diff): Vendor bundle; net+exec from quicktype-core internals, not malicious. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/overview-m6fs47hx.js | AI (source-diff): Minified Vite client bundle chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/open-graph-at6lhslo.js | AI (source-diff): Minified Vite client bundle chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/modules-zf3s3x2v.js | AI (source-diff): Minified Vite client bundle chunk. | ai | |
| source-diff | net-exec-file:dist/client/_nuxt/vendor/json-editor-vue-gjlsq8io.js | AI (source-diff): Vendor bundle with Vue reactivity; net+exec pattern is normal for bundled UI libs. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/vendor/json-editor-vue-gjlsq8io.js | AI (source-diff): Minified vendor bundle (json-editor-vue); standard Vite output. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/imports-i91uw6yj.js | AI (source-diff): Minified Vite client bundle chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/hooks-mduk5nzn.js | AI (source-diff): Minified Vite client bundle chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/error-500-nccwcser.js | AI (source-diff): Minified Vite client bundle chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/error-404-gjtmorrj.js | AI (source-diff): Minified Vite client bundle chunk. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/dqkmjlgs.js | AI (source-diff): Vite chunk map for lazy-loaded client modules. | ai | |
| phantom-deps | phantom-dep:ws | AI (phantom-deps): ws is explicitly declared in dependencies and used as a WebSocket server dependency; phantom-dep heuristic is a false positive here. | ai | |
| dependencies | unvetted-dep:@nuxt/devtools-wizard | AI (dependencies): Sibling package in the same nuxt/devtools monorepo, co-released at matching versions; expected dependency. | ai | |
| dependencies | unvetted-dep:@nuxt/devtools-kit | AI (dependencies): Sibling package in the same nuxt/devtools monorepo, co-released at matching versions; expected dependency. | ai | |
| dependencies | unvetted-dep:launch-editor | AI (dependencies): launch-editor is a well-known utility used by major frameworks (CRA, Vue CLI) for editor integration; stable false positive for this package. | ai |
Versions (showing 9 of 9)
| Version | Deps | Published |
|---|---|---|
| 3.2.4 | 32 / 51 | |
| 3.2.3 | 32 / 51 | |
| 3.2.2 | 32 / 51 | |
| 3.2.1 | 32 / 51 | |
| 3.2.0 | 32 / 51 | |
| 3.1.1 | 32 / 52 | |
| 3.1.0 | 32 / 52 | |
| 3.0.1 | 32 / 52 | |
| 3.0.0 | 32 / 51 |
v3.2.4
18 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.1
21 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.0
21 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.