@cyberhub/trust-nuxt 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +57 -23
  2. package/package.json +18 -4
package/README.md CHANGED
@@ -1,38 +1,72 @@
1
1
  # Security Trust Report: nuxt
2
2
 
3
- **Score: 62/100 | Grade: C+ | Tier: STANDARD**
3
+ **[nuxt@4.4.2](https://www.npmjs.com/package/nuxt): 54/100 | Grade: C | Tier: STANDARD** (confidence: ±3)
4
4
 
5
- > This package has notable risk factors. Review flags below.
5
+ > Scanned on 2026-04-06 from 8 security databases. [View package on npm →](https://www.npmjs.com/package/nuxt)
6
+
7
+ ## TL;DR
8
+
9
+ - **5 vulnerabilities found** (2 critical, 1 high)
10
+ - Pin your version and monitor for changes
6
11
 
7
12
  ## Score Breakdown
8
13
 
9
- | Category | Score |
14
+ ```
15
+ Maintainer Trust: ███████████░░░░░░░░░ 54/100
16
+ Package Health: █████████████████░░░ 85/100
17
+ Supply Chain: ░░░░░░░░░░░░░░░░░░░░ 0/100
18
+ Community: ███████████████████░ 93/100
19
+ ```
20
+
21
+ ### Why this score?
22
+
23
+ - Maintainer Trust is 54 because: single maintainer (bus factor risk), maintainer changes detected
24
+ - Supply Chain is 0 because: 5 known CVEs, risky dependencies
25
+
26
+ ## Vulnerabilities (5 vulnerabilities)
27
+
28
+ | Severity | Count |
10
29
  |----------|-------|
11
- | Maintainer Trust | 54/100 |
12
- | Package Health | 88/100 |
13
- | Supply Chain | 56/100 |
14
- | Community | 48/100 |
30
+ | 🔴 Critical | 2 |
31
+ | 🟠 High | 1 |
32
+ | 🟡 Medium | 1 |
33
+ | Low | 1 |
15
34
 
16
- ## Vulnerabilities
35
+ - [CVE-2025-59414](https://nvd.nist.gov/vuln/detail/CVE-2025-59414)
36
+ - [GHSA-p6jq-8vc4-79f6](https://github.com/advisories/GHSA-p6jq-8vc4-79f6)
37
+ - [CVE-2025-27415](https://nvd.nist.gov/vuln/detail/CVE-2025-27415)
38
+ - [GHSA-jvhm-gjrh-3h93](https://github.com/advisories/GHSA-jvhm-gjrh-3h93)
39
+ - [CVE-2024-34344](https://nvd.nist.gov/vuln/detail/CVE-2024-34344)
40
+ - [GHSA-v784-fjjh-f8r4](https://github.com/advisories/GHSA-v784-fjjh-f8r4)
41
+ - [CVE-2024-34343](https://nvd.nist.gov/vuln/detail/CVE-2024-34343)
42
+ - [GHSA-vf6r-87q4-2vjf](https://github.com/advisories/GHSA-vf6r-87q4-2vjf)
17
43
 
18
- No known vulnerabilities.
44
+ ## Key Risk Flags
19
45
 
20
- ## Flags
46
+ - 🔴 **CRITICAL**: 2 CRITICAL vulnerabilities from live CVE databases
47
+ - 🟠 **HIGH**: Maintainer(s) removed in v3.19.0: pi0, antfu ([evidence](https://www.npmjs.com/package/nuxt/v/3.19.0))
48
+ - 🟠 **HIGH**: Maintainer(s) removed in v4.2.0: atinux, danielroe ([evidence](https://www.npmjs.com/package/nuxt/v/4.2.0))
49
+ - 🟠 **HIGH**: Burst publishing detected — 5+ versions in a single day
50
+ - 🟠 **HIGH**: Depends on historically compromised package: semver
21
51
 
22
- - **HIGH**: Maintainer(s) removed in v3.19.0: pi0, antfu
23
- - **HIGH**: Maintainer(s) removed in v4.2.0: atinux, danielroe
24
- - **HIGH**: Burst publishing detected — 5+ versions in a single day
25
- - **HIGH**: Depends on historically compromised package: semver
26
- - **HIGH**: 1 direct dependencies have known security issues
27
- - **HIGH**: Depends on "semver" which has ReDoS CVE-2022-25883
28
- - **MEDIUM**: New maintainer(s) added in v3.12.4: antfu, danielroe, pi0, atinux
29
- - **MEDIUM**: New maintainer(s) added in v3.19.0: nuxtbot
30
- - **MEDIUM**: Single maintainer — bus factor risk
31
- - **MEDIUM**: 56 direct dependencies
52
+ ## 🛠️ What Should You Do?
32
53
 
33
- ## Maintainers
54
+ **Immediate:**
55
+ - Upgrade to the latest version (`npm update nuxt`)
34
56
 
35
- - nuxtbot (2FA)
57
+ **Always:** Pin version, run `pkgtrust scan` in CI, monitor at [nrupak.com/trust/nuxt](https://nrupak.com/trust/nuxt)
58
+
59
+ ## Maintainers (1)
60
+
61
+ - [nuxtbot](https://www.npmjs.com/~nuxtbot) ✅ 2FA (org email) — [Trust profile](https://nrupak.com/trust/maintainer/nuxtbot)
62
+
63
+ **Methodology:** 18+ signals across 4 categories (Maintainer 35%, Package 25%, Supply Chain 25%, Community 15%). [Full scoring docs →](https://nrupak.com/trust)
64
+
65
+ **Check your project:** `npm i -g @cyberhub/pkgtrust && pkgtrust scan nuxt` — [CLI docs](https://npmjs.com/package/@cyberhub/pkgtrust)
66
+ **Data Sources:** GitHub Advisories · OSV.dev · npm audit · Snyk · Socket.dev · npms.io · Bundlephobia · deps.dev
36
67
 
37
68
  ---
38
- *[pkgtrust](https://nrupak.com/trust/nuxt) | [Dashboard](https://nrupak.com/trust) | Updated 2026-04-02*
69
+
70
+ *Report by [pkgtrust](https://nrupak.com/trust/nuxt) · [Dashboard](https://nrupak.com/trust) · [Compare](https://nrupak.com/trust/compare) · [CLI](https://npmjs.com/package/@cyberhub/pkgtrust)*
71
+
72
+ *This is an automated security report. Not affiliated with the nuxt team. Updated 2026-04-06.*
package/package.json CHANGED
@@ -1,17 +1,31 @@
1
1
  {
2
2
  "name": "@cyberhub/trust-nuxt",
3
- "version": "1.0.0",
4
- "description": "Security Trust Report for nuxt — 62/100 (C+, standard). Maintainer risk and vulnerability analysis from 8 security databases.",
3
+ "version": "1.0.1",
4
+ "description": "Security Trust Report: nuxt@4.4.254/100 (C, standard). 5 vulnerabilities found. Maintainer risk, supply chain analysis from 8 security databases.",
5
5
  "keywords": [
6
+ "nuxt",
6
7
  "nuxt",
7
8
  "security",
9
+ "security-report",
8
10
  "trust-score",
9
11
  "vulnerability",
12
+ "npm-audit",
13
+ "npm-security",
14
+ "supply-chain",
10
15
  "pkgtrust",
11
- "CVE"
16
+ "audit",
17
+ "scan",
18
+ "risk",
19
+ "risk-assessment",
20
+ "CVE-2025-59414",
21
+ "GHSA-p6jq-8vc4-79f6",
22
+ "CVE-2025-27415",
23
+ "GHSA-jvhm-gjrh-3h93",
24
+ "CVE-2024-34344",
25
+ "standard"
12
26
  ],
13
27
  "license": "MIT",
14
- "author": "Nrupak Shah",
28
+ "author": "Nrupak Shah <nrupaks@gmail.com>",
15
29
  "repository": {
16
30
  "type": "git",
17
31
  "url": "https://github.com/nrupaks/pkgtrust"