vue-router
> - This is the repository for Vue Router 4 (for Vue 3) > - For Vue Router 3 (for Vue 2) see [vuejs/vue-router](https://github.com/vuejs/vue-router). > To see what versions are currently supported, please refer to the [Security Policy](./packages/router
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/index-BQLwgiyK.d.ts | AI (source-diff): Bundled .d.ts type declaration file with long lines; not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/index-BzEKChPW.d.ts | AI (source-diff): Generated .d.ts type declaration bundle; long lines are normal for rolled-up type definitions. | ai | |
| source-diff | obfuscated-file:dist/useApi-D6ckOsFy.d.ts | AI (source-diff): Bundled .d.ts type declaration with long lines; normal for generated types in this package. | ai | |
| dependencies | unvetted-dep:muggle-string | AI (dependencies): muggle-string is a Volar/Vue tooling utility; its use in vue-router v5's build/volar integration is expected and consistent with the package's expanded feature set. | ai | |
| dependencies | unvetted-peer-dep:@pinia/colada | AI (dependencies): Optional peer dep for experimental Pinia Colada integration; clearly scoped and opt-in only. | ai |
Versions (showing 10 of 10)
| Version | Deps | Published |
|---|---|---|
| 5.1.0 | 17 / 36 | |
| 5.0.7 | 17 / 36 | |
| 5.0.6 | 17 / 36 | |
| 5.0.5 | 17 / 36 | |
| 5.0.4 | 17 / 33 | |
| 5.0.3 | 17 / 33 | |
| 5.0.2 | 17 / 33 | |
| 5.0.1 | 17 / 33 | |
| 5.0.0 | 17 / 33 | |
| 4.6.4 | 1 / 27 |
v5.1.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.7
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.4
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.2
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.6.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.