@nuxtjs/sitemap
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/devtools/_nuxt/BGdXPJA8.js | AI (source-diff): Vite-bundled devtools UI chunk; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/Brri76xk.js | AI (source-diff): Vite-bundled devtools entry chunk; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/C3JdQOO8.js | AI (source-diff): Vite-bundled devtools Vue component; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/CSlSVEd2.js | AI (source-diff): Vite-bundled devtools Vue component; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/BhPr4H_d.js | AI (source-diff): Minified Vue component bundle for devtools panel. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/Huwxk6k9.js | AI (source-diff): Minified Vite devtools chunk; standard build output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/h_ZWUgqK.js | AI (source-diff): Minified Vite devtools chunk; standard build output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/Cr5S5RnA.js | AI (source-diff): Minified Vite devtools chunk; standard build output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/CKSZ4r2s.js | AI (source-diff): Minified Vite devtools entry with __vite__mapDeps; standard build output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/CA37eF55.js | AI (source-diff): Vite-bundled Vue component for devtools UI; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/9kPnZURQ.js | AI (source-diff): Vite-bundled devtools entry point with module preload map; standard build output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/DTZI3rQP.js | AI (source-diff): Vite-bundled devtools UI asset; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/DIVSxDGW.js | AI (source-diff): Vite-bundled ofetch/utility module for devtools; standard build output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/D65PUFkv.js | AI (source-diff): Vite-bundled devtools UI chunk; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/D0Yo7wMD.js | AI (source-diff): Vite-bundled devtools entry chunk with mapDeps; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/COgZGVQl.js | AI (source-diff): Vite-bundled vue-router/devtools chunk; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/BNTJNINY.js | AI (source-diff): Vite-bundled devtools UI component; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/AhMXwKse.js | AI (source-diff): Vite-bundled devtools UI component; standard minified output for Nuxt module devtools panel. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/BQRIT6w4.js | AI (source-diff): Vite-bundled devtools UI component; hookable/unjs utility bundle. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/C_nmj2zA.js | AI (source-diff): Vite-bundled devtools UI component; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/CjkTYPBi.js | AI (source-diff): Vite-bundled error-500 page component; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/qrRiPsIE.js | AI (source-diff): Vite-bundled devtools UI chunk; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/DyviA2Ef.js | AI (source-diff): Vite-bundled devtools UI chunk; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/DNIUhadS.js | AI (source-diff): Vite-bundled devtools UI chunk; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/DOc8G8F-.js | AI (source-diff): VS Code light theme JSON embedded in devtools bundle. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/1yQIC0dC.js | AI (source-diff): VS Code theme JSON embedded in Nuxt devtools UI bundle; not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/BZkOp3JC.js | AI (source-diff): Vite-bundled devtools entry point with standard import aliasing. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/CfdTgaSM.js | AI (source-diff): Minified Vue component bundle for devtools UI. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/CIN7gmGG.js | AI (source-diff): Minified utility bundle (destr, URL encoding); standard Vite output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/CmDrQj9k.js | AI (source-diff): Minified Vue runtime bundle for devtools UI. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/DCQDLH1H.js | AI (source-diff): Shiki syntax grammar JSON (JavaScript/Java); not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/Dgofxk7X.js | AI (source-diff): Shiki syntax grammar JSON (Java); not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/DqUXt6jJ.js | AI (source-diff): Minified Vite devtools chunk; standard build output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/pkP8WbND.js | AI (source-diff): Minified Vite devtools chunk; standard build output. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/CQIolwG-.js | AI (source-diff): Vite-bundled Nuxt error-500 client page; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/BZzBMR0a.js | AI (source-diff): Vite-bundled Vue runtime chunk for devtools client; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/BcLzIRTJ.js | AI (source-diff): Vite-bundled Nuxt error-404 client page; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/Cu_iTDKX.js | AI (source-diff): Vite-bundled Vue runtime for Nuxt module client UI; minified build output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/SKYDSeR3.js | AI (source-diff): Nuxt error-404 page component, standard minified build artifact. | ai | |
| source-diff | obfuscated-file:dist/client/_nuxt/QpeyiL4d.js | AI (source-diff): Nuxt error-500 page component, standard minified build artifact. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/B-mzd7ax.js | AI (source-diff): Vite-bundled devtools UI chunk; standard minified Vue component output. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Mature package with infrequent releases; dormancy is normal for stable Nuxt modules. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/h7zQ0TxP.js | AI (source-diff): Vite-bundled Vue runtime chunk; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/CnYZ0nz4.js | AI (source-diff): Vite-bundled devtools entry chunk; standard minified output. | ai | |
| source-diff | obfuscated-file:dist/devtools/_nuxt/6e7EVM9D.js | AI (source-diff): Vite-bundled devtools UI chunk; standard minified Vue component output. | ai | |
| dependencies | unvetted-dep:nuxtseo-layer-devtools | AI (dependencies): Same nuxtseo ecosystem by the package author; devtools-only dependency, not a supply chain risk. | ai | |
| dependencies | unvetted-dep:h3-compression | AI (dependencies): h3-compression is a legitimate h3 framework compression utility; appropriate for sitemap HTTP response handling. | ai | |
| phantom-deps | phantom-dep:semver | AI (phantom-deps): Referenced in config files; standard Nuxt module pattern. | ai | |
| phantom-deps | phantom-dep:nuxtseo-layer-devtools | AI (phantom-deps): Part of the nuxtseo ecosystem; loaded by convention. | ai | |
| phantom-deps | phantom-dep:@nuxt/devtools-kit | AI (phantom-deps): Framework-scoped package loaded by convention in Nuxt modules. | ai | |
| phantom-deps | phantom-dep:std-env | AI (phantom-deps): Referenced in config files; standard Nuxt module pattern. | ai | |
| phantom-deps | phantom-dep:sirv | AI (phantom-deps): Nuxt module loads sirv by convention; not a direct import pattern. | ai | |
| dependencies | unvetted-dep:nuxt-site-config | AI (dependencies): Same author/ecosystem (nuxtseo); stable dependency across versions of this package. | ai | |
| dependencies | unvetted-dep:nuxtseo-shared | AI (dependencies): Same author/ecosystem (nuxtseo); stable dependency across versions of this package. | ai |
Versions (showing 24 of 24)
| Version | Deps | Published |
|---|---|---|
| 8.2.1 | 12 / 28 | |
| 8.2.0 | 12 / 28 | |
| 8.1.0 | 12 / 28 | |
| 8.0.15 | 12 / 27 | |
| 8.0.14 | 12 / 27 | |
| 8.0.13 | 12 / 27 | |
| 8.0.12 | 12 / 27 | |
| 8.0.11 | 17 / 22 | |
| 8.0.9 | 17 / 22 | |
| 8.0.8 | 17 / 22 | |
| 8.0.7 | 17 / 22 | |
| 8.0.6 | 17 / 22 | |
| 8.0.5 | 17 / 22 | |
| 8.0.4 | 17 / 22 | |
| 8.0.3 | 17 / 22 | |
| 8.0.1 | 17 / 22 | |
| 8.0.0 | 17 / 22 | |
| 7.5.2 | 15 / 22 | |
| 7.5.1 | 16 / 21 | |
| 7.5.0 | 16 / 20 | |
| 7.4.11 | 16 / 20 | |
| 7.4.10 | 16 / 20 | |
| 7.4.9 | 16 / 20 | |
| 7.4.8 | 16 / 20 |
v8.2.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.0.15
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.0.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.0.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.0.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.0.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.0.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.0.8
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.0.7
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.0.6
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.0.5
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.0.4
12 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.0.3
13 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.5.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.5.1
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.4.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.4.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.4.9
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.4.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.