@unhead/bundler
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | large-new-source-files | AI (source-diff): New files are a devtools UI bundle (Nuxt build output); expected for a bundler plugin shipping devtools functionality. | ai | |
| source-diff | obfuscated-file:dist/devtools-ui/_nuxt/C0eBIUCY.js | AI (source-diff): Standard Vite/Nuxt minified bundle for devtools UI; Vue component code, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/devtools-ui/_nuxt/C6FB9XR7.js | AI (source-diff): Standard Vite/Nuxt minified bundle for devtools UI; Vue component code, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/devtools-ui/_nuxt/Cl48MOdR.js | AI (source-diff): Standard Vite/Nuxt minified bundle for devtools UI; Vue component code, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/devtools-ui/_nuxt/CTIDChy9.js | AI (source-diff): Standard Vite/Nuxt minified bundle for devtools UI; error page component, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/devtools-ui/_nuxt/D0h8RKZP.js | AI (source-diff): Standard Vite/Nuxt minified bundle for devtools UI; UI component definitions, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/devtools-ui/_nuxt/D1euPyWC.js | AI (source-diff): Standard Vite/Nuxt minified bundle for devtools UI; DevtoolsAlert/Section components, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/devtools-ui/_nuxt/Dy309ItU.js | AI (source-diff): Standard Vite/Nuxt minified bundle for devtools UI; Vue component code, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/devtools-ui/_nuxt/KktNLKXM.js | AI (source-diff): Standard Vite/Nuxt minified bundle for devtools UI; large shared chunk with UI primitives, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/devtools-ui/_nuxt/LXzUJvwE.js | AI (source-diff): Standard Vite/Nuxt minified bundle for devtools UI; main entry chunk, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/devtools-ui/_nuxt/OQB3ITYU.js | AI (source-diff): Standard Vite/Nuxt minified bundle for devtools UI; no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/devtools-ui/_nuxt/sJqYz6RP.js | AI (source-diff): Standard Vite/Nuxt minified bundle for devtools UI; no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/devtools-ui/_nuxt/UEnd3JDt.js | AI (source-diff): Standard Vite/Nuxt minified bundle for devtools UI; no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/devtools-ui/_nuxt/0Qa6s_Dg.js | AI (source-diff): Standard Vite/Nuxt minified build output for devtools UI panel; content is readable Vue component code with no malicious patterns. SLSA provenance confirms CI/CD build integrity. | ai | |
| source-diff | obfuscated-file:dist/devtools-ui/_nuxt/B2Jv09Lm.js | AI (source-diff): Standard Vite/Nuxt minified build output for devtools UI panel; content is readable Vue component code with no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/devtools-ui/_nuxt/BFZZDhfF.js | AI (source-diff): Standard Vite/Nuxt minified build output for devtools UI panel; content is readable Vue component code with no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/devtools-ui/_nuxt/Bh8c0baD.js | AI (source-diff): Standard Vite/Nuxt minified build output for devtools UI panel; Nuxt error-500 page component, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/devtools-ui/_nuxt/BJQr0rHL.js | AI (source-diff): Standard Vite/Nuxt minified build output for devtools UI panel; SERP preview component, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/devtools-ui/_nuxt/CQCCfgfs.js | AI (source-diff): Standard Vite/Nuxt minified build output for devtools UI panel; scripts monitoring component, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/devtools-ui/_nuxt/CyW9BsJI.js | AI (source-diff): Standard Vite/Nuxt minified build output; structured data schema definitions, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/devtools-ui/_nuxt/DEZb6eJV.js | AI (source-diff): Standard Vite/Nuxt minified build output for devtools UI panel; identity/favicon browser preview component, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/devtools-ui/_nuxt/Dk8INXUW.js | AI (source-diff): Standard Vite/Nuxt minified build output for devtools UI panel; no malicious patterns observed. | ai | |
| source-diff | obfuscated-file:dist/devtools-ui/_nuxt/lJJLnbTf.js | AI (source-diff): Main Vite chunk bundle (654KB) for devtools UI; standard minified Vue/Nuxt runtime, no malicious patterns. SLSA provenance confirms build integrity. | ai | |
| source-diff | obfuscated-file:dist/devtools-ui/_nuxt/MzHi9Z_M.js | AI (source-diff): Standard Vite/Nuxt minified build output for devtools UI panel; no malicious patterns observed. | ai | |
| dependencies | unvetted-dep:@vitejs/devtools-kit | AI (dependencies): @vitejs/devtools-kit is from the official Vite org scope; its use in a bundler plugin is expected and legitimate. SLSA provenance on this package further mitigates supply chain risk. | ai |
Versions (showing 7 of 7)
| Version | Deps | Published |
|---|---|---|
| 3.1.0 | 6 / 3 | |
| 3.0.5 | 6 / 3 | |
| 3.0.4 | 6 / 3 | |
| 3.0.3 | 6 / 3 | |
| 3.0.2 | 6 / 3 | |
| 3.0.1 | 6 / 3 | |
| 3.0.0 | 6 / 3 |
v3.0.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.4
12 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.3
12 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.2
12 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.1
12 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.