← Home

pinia

npm Repository Homepage

Intuitive, type safe and flexible Store for Vue

85
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

posva

Keywords

vuevuexstorepiniapiñapignacompositionapisetuptypedtypescripttstypesafe

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
npm-metadata suspicious-initial-version AI (npm-metadata): pinia 0.0.0 is the legitimate first release of a well-known Vue.js state management library by a trusted Vue core contributor (posva). Not a throwaway malicious package. ai
dependencies unvetted-peer-dep:vue AI (dependencies): Vue is the expected peer dependency for a Vue state management library; runs in consumer's app as intended. ai
dependencies unvetted-peer-dep:@vue/composition-api AI (dependencies): Optional peer dependency for Vue 2 composition API support; appropriate for this package's scope. ai
dependencies unvetted-dep:vue-demi AI (dependencies): vue-demi is a legitimate compatibility layer for Vue 2/3; appropriate dependency for this package. ai
typosquat typosquat.levenshtein:pino AI (typosquat): Pinia is the official Vue state management library; name similarity to pino (logging) is coincidental, not typosquatting. ai

Versions (showing 85 of 85)

Version Deps Published
3.0.4 1 / 2
3.0.3 1 / 2
3.0.2 1 / 2
3.0.1 1 / 2
3.0.0 1 / 2
2.3.1 2 / 2
2.3.0 2 / 2
2.2.8 2 / 2
2.2.7 2 / 2
2.2.6 2 / 2
2.2.5 2 / 2
2.2.4 2 / 2
2.2.3 2 / 2
2.2.2 2 / 2
2.2.1 2 / 2
2.2.0 2 / 2
2.1.7 2 / 2
2.1.6 2 / 2
2.1.5 2 / 2
2.1.4 2 / 2
2.1.3 2 / 2
2.1.2 2 / 2
2.1.1 2 / 2
2.1.0 2 / 2
2.0.36 2 / 2
2.0.35 2 / 2
2.0.34 2 / 2
2.0.33 2 / 2
2.0.32 2 / 2
2.0.31 2 / 2
2.0.30 2 / 2
2.0.29 2 / 2
2.0.28 2 / 2
2.0.27 2 / 2
2.0.26 2 / 2
2.0.25 2 / 2
2.0.24 2 / 2
2.0.23 2 / 2
2.0.22 2 / 2
2.0.21 2 / 2
2.0.20 2 / 2
2.0.19 2 / 2
2.0.18 2 / 2
2.0.17 2 / 2
2.0.16 2 / 2
2.0.15 2 / 2
2.0.14 2 / 2
2.0.13 2 / 6
2.0.12 2 / 6
2.0.11 2 / 6
2.0.10 2 / 6
2.0.9 2 / 6
2.0.8 2 / 6
2.0.7 2 / 6
2.0.6 2 / 6
2.0.5 2 / 6
2.0.4 2 / 6
2.0.3 2 / 6
2.0.2 2 / 6
2.0.1 2 / 6
2.0.0 2 / 6
0.5.4 0 / 29
0.5.3 0 / 29
0.5.2 0 / 29
0.5.1 0 / 29
0.5.0 0 / 29
0.4.1 0 / 30
0.4.0 0 / 30
0.3.1 0 / 30
0.3.0 0 / 30
0.2.5 0 / 30
0.2.4 0 / 30
0.2.3 0 / 30
0.2.2 0 / 30
0.2.1 0 / 30
0.2.0 0 / 30
0.1.0 0 / 26
0.0.7 0 / 26
0.0.6 0 / 25
0.0.5 0 / 25
0.0.4 0 / 24
0.0.3 0 / 24
0.0.2 0 / 24
0.0.1 0 / 24
0.0.0 0 / 22

v2.2.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.5.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.4.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.4.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.