@nuxt/scripts
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/BHdEFiuu.js | AI (source-diff): Standard Vite-bundled devtools client chunk; minification is expected for this UI asset. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/B-0LGYiZ.js | AI (source-diff): Standard Vite-bundled devtools client chunk; minification is expected for this UI asset. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/DkOU4Aaf.js | AI (source-diff): Standard Vite-bundled devtools client chunk; minification is expected for this UI asset. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/d96VI30H.js | AI (source-diff): Standard Vite-bundled devtools client chunk; minification is expected for this UI asset. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/CZLtBO2f.js | AI (source-diff): Standard Vite-bundled devtools client chunk; minification is expected for this UI asset. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/CpodaK4k.js | AI (source-diff): Standard Vite-bundled devtools client chunk; minification is expected for this UI asset. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/DiaY4J4_.js | AI (source-diff): Minified Nuxt error-404 component; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/D4HTNcLU.js | AI (source-diff): Standard Vite-bundled Vue runtime for Nuxt devtools client; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/1wb58MKb.js | AI (source-diff): Minified Nuxt devtools UI component bundle; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/BbLmrp_o.js | AI (source-diff): Minified Nuxt devtools UI component bundle; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/Cx46cS8a.js | AI (source-diff): Minified Nuxt devtools UI component bundle; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/D-M51CV3.js | AI (source-diff): Minified Nuxt error page component; legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/GzJXdFDa.js | AI (source-diff): Vite-bundled error-404 page component; benign HTML/CSS in sample. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/DtB6K90V.js | AI (source-diff): Standard Vite-minified devtools client bundle; Vue runtime internals visible in sample. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/DyyF3uw_.js | AI (source-diff): Vite-bundled devtools UI component; benign CSS/Vue template code in sample. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/CZp-OuKP.js | AI (source-diff): Vite-bundled devtools UI component; benign Vue composition API code in sample. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/Djr8-0jV.js | AI (source-diff): Vite-bundled error-500 page component; benign HTML/CSS in sample. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/YlRaZkPa.js | AI (source-diff): Vite-bundled registry UI component; benign Vue template code in sample. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/B5UH0Ds3.js | AI (source-diff): Vite-bundled devtools client asset; minified Vue/Nuxt UI code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/DZC4fp-D.js | AI (source-diff): Vite-bundled devtools index panel; standard minified Vue code. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/D1-tSGjF.js | AI (source-diff): Vite-bundled devtools first-party panel; standard minified Vue code. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/CK-VPzWc.js | AI (source-diff): Vite-bundled devtools registry panel; standard minified Vue code. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/BNnOFEgA.js | AI (source-diff): Vite-bundled devtools error-404 component; standard minified Vue code. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/BKha4otU.js | AI (source-diff): Vite-bundled devtools error-500 component; standard minified Vue code. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/B6vzhpP9.js | AI (source-diff): Minified Nuxt error-404 page component; no malicious indicators. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/fSf6EEYR.js | AI (source-diff): Standard Vite-bundled devtools client output; Vue/Nuxt internals, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/348WW8S2.js | AI (source-diff): Minified Vue component for devtools UI panel; no malicious indicators. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/Bo8cAJTo.js | AI (source-diff): Minified Vue registry component for devtools UI; no malicious indicators. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/DBnmHlYd.js | AI (source-diff): Minified Nuxt error-500 page component; no malicious indicators. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/r9yOu_bc.js | AI (source-diff): Minified Vue/Nuxt UI component bundle for devtools; no malicious indicators. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/DTVoxnk-.js | AI (source-diff): Nuxt devtools UI chunk; readable Vue template/component code, standard minification. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/DD1eKorn.js | AI (source-diff): Nuxt devtools UI chunk with scroll-lock and modal logic; standard Vite minification. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/CKrGhxlH.js | AI (source-diff): Nuxt devtools error-404 page component bundle; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/C3h_qg0j.js | AI (source-diff): Nuxt devtools error-500 page component bundle; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/BjIIVRlr.js | AI (source-diff): Nuxt devtools client UI chunk; readable Vue component code, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/UTyLw2F_.js | AI (source-diff): Standard Vite bundle entry point for Nuxt devtools client UI; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/BNvWpYaC.js | AI (source-diff): Standard Vite-bundled devtools client; minified Vue 3 runtime, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/CApasjik.js | AI (source-diff): Vite-bundled devtools UI component; imports from BNvWpYaC.js (Vue runtime chunk), benign. | ai | |
| phantom-deps | phantom-dep:oxc-parser | AI (phantom-deps): oxc-parser is listed in package.json dependencies and used via build config; heuristic false positive. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/zmRZ2I-R.js | AI (source-diff): Devtools first-party scripts panel bundle; standard Vite minified output. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/xOsbuyp3.js | AI (source-diff): Devtools registry panel UI bundle; standard Vite minified output. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/CTPc9yIZ.js | AI (source-diff): Nuxt error-500 page component bundle; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/devtools-client/_nuxt/CbCcQNvm.js | AI (source-diff): Nuxt error-404 page component bundle; standard minified output. | ai |
Versions (showing 13 of 13)
| Version | Deps | Published |
|---|---|---|
| 1.1.1 | 20 / 5 | |
| 1.1.0 | 20 / 5 | |
| 1.0.6 | 21 / 1 | |
| 1.0.5 | 21 / 1 | |
| 1.0.4 | 21 / 1 | |
| 1.0.3 | 21 / 1 | |
| 1.0.2 | 21 / 1 | |
| 1.0.1 | 21 / 1 | |
| 1.0.0 | 21 / 1 | |
| 0.13.4 | 16 / 25 | |
| 0.13.3 | 21 / 1 | |
| 0.13.2 | 16 / 25 | |
| 0.13.1 | 16 / 25 |
v1.1.1
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.0
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.6
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.5
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.3
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.2
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.1
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.