chore(deps): update devdependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@unlazy/nuxt (source)	^0.11.2 -> ^0.11.3
@unocss/eslint-config (source)	^0.58.9 -> ^0.61.0
@vue/test-utils	2.4.5 -> 2.4.6
bumpp	^9.4.0 -> ^9.4.1
eslint-plugin-format	^0.1.0 -> ^0.1.1
lint-staged	^15.2.2 -> ^15.2.7
nuxt (source)	^3.11.2 -> ^3.12.1
sharp (source, changelog)	^0.33.3 -> ^0.33.4
tsx	^4.7.2 -> ^4.15.2

---

Release Notes

johannschopplich/unlazy (@​unlazy/nuxt)

v0.11.3

Compare Source

   🐞 Bug Fixes

• nuxt: Emit loaded event for preloaded images  -  by @​johannschopplich (fc301)

   🏎 Performance

• Move from Buffer to Uint8Array  -  by @​johannschopplich (d569e)

    View changes on GitHub

unocss/unocss (@​unocss/eslint-config)

v0.61.0

Compare Source

   🚀 Features

• core:
  • Support generator in rule matcher  -  by @​antfu in https://github.com/unocss/unocss/issues/3884 (7e156)
  • Introduce special symbols for applying custom variants  -  by @​antfu in https://github.com/unocss/unocss/issues/3885 (d80f6)
• preset-mini:
  • Add support for peer and group variants on aria-* variants to Preset-Mini  -  by @​Johnkat-Mj and @​Simon-He95 in https://github.com/unocss/unocss/issues/3692 (c3265)
• vscode:
  • Add borderRadius to control color cube  -  by @​Simon-He95 and @​antfu in https://github.com/unocss/unocss/issues/3872 (ad294)

   🐞 Bug Fixes

• extractor-arbitrary-variants:
  • Quote in []  -  by @​Simon-He95 and @​antfu in https://github.com/unocss/unocss/issues/3875 (cd529)
• preset-mini:
  • ColorableShadows with cssvar  -  by @​Simon-He95 in https://github.com/unocss/unocss/issues/3878 (1ac22)
  • Support composite props  -  by @​zyyv and @​antfu in https://github.com/unocss/unocss/issues/3810 (f7ad5)
  • transform-cpu should not include rotate-x and rotate-y  -  by @​zzc6332 in https://github.com/unocss/unocss/issues/3813 (ae072)
• transformer-attributify-jsx:
  • With prefix  -  by @​Simon-He95 in https://github.com/unocss/unocss/issues/3867 (83728)
• vite:
  • Legacy chunks build  -  by @​Simon-He95 and @​antfu in https://github.com/unocss/unocss/issues/3879 (c7f63)

    View changes on GitHub

v0.60.4

Compare Source

   🚀 Features

• Nuxt layers support  -  by @​enkot in https://github.com/unocss/unocss/issues/3838 (d6bd8)
• eslint-plugin: Blocklist message function  -  by @​enkot and Chris in https://github.com/unocss/unocss/issues/3854 (9fe90)
• preset-mini: Support max  -  by @​Simon-He95 [(min a)](unocss/unocss@min arbitrary values for responsive (#​3831))

   🐞 Bug Fixes

• Prepare for new type in vite 6.0  -  by @​antfu (e66b1)
• annotation: Prefix hoverMessage & autocomplete  -  by @​Simon-He95 and @​antfu in https://github.com/unocss/unocss/issues/3849 (68e65)
• directives: Correctly parse colons in directives  -  by @​antfu (9bce9)
• vite: Using astro integration in vitest causes hangs  -  by @​Dunqing in https://github.com/unocss/unocss/issues/3851 (51c60)

    View changes on GitHub

v0.60.3

Compare Source

   🚀 Features

• preset-mini: text-align utility  -  by @​UltraCakeBakery, Chris and @​antfu in https://github.com/unocss/unocss/issues/3796 (5f2a8)
• transformer-directives: Add removeComments  -  by @​Simon-He95 and @​antfu in https://github.com/unocss/unocss/issues/3799 (a9ab8)

   🐞 Bug Fixes

• Enable regex eslint rule, optimize regexes  -  by @​antfu in https://github.com/unocss/unocss/issues/3801 (882cc)
• cli: Extractors not working  -  by @​Simon-He95 in https://github.com/unocss/unocss/issues/3803 (398c1)
• preset-mini: DirectionSize size cause error when size is undefined  -  by @​Simon-He95 in https://github.com/unocss/unocss/issues/3809 (c19ab)
• shared-integration: GetCssEscaperForJsContent replace conflict  -  by @​Simon-He95 in https://github.com/unocss/unocss/issues/3797 (dd013)
• transformers: Try improve hmr in vite  -  by @​Simon-He95 and @​antfu in https://github.com/unocss/unocss/issues/3741 (22ff2)
• vite: Warn when unocss:global:build:bundle has no CSS placeholder  -  by @​Simon-He95 in https://github.com/unocss/unocss/issues/3802 (210a2)

   🏎 Performance

• preset-mini: Improve performance of resolveBreakpoints  -  by @​antfu (05d90)

    View changes on GitHub

v0.60.2

Compare Source

   🐞 Bug Fixes

• directives: Fix parsing positions, close #​3795  -  by @​antfu in https://github.com/unocss/unocss/issues/3795 (84170)

    View changes on GitHub

v0.60.1

Compare Source

   🚀 Features

• eslint-plugin:
  • Blocklist meta with message  -  by @​enkot and @​antfu in https://github.com/unocss/unocss/issues/3783 (20ed8)
  • Allow customize configPath via settings  -  by @​antfu (9eb6e)

   🐞 Bug Fixes

• transformer-attributify-jsx: MatchedRule  -  by @​Simon-He95 in https://github.com/unocss/unocss/issues/3791 (da9c9)
• transformer-directive: Get raw string in directive, support slash & hash  -  by @​zyyv and @​antfu in https://github.com/unocss/unocss/issues/3790 (fa497)

    View changes on GitHub

v0.60.0

Compare Source

   🚨 Breaking Changes

• CJS: Remove .default suffix from d.ts and d.cts files  -  by @​userquin in https://github.com/unocss/unocss/issues/3750 (e9f5b)

   🚀 Features

• preset-icons: Add svg props customization  -  by @​zyyv and Anthony Fu in https://github.com/unocss/unocss/issues/3774 (0b36a)
• preset-mini: Add children variant (*-{modifier})  -  by @​serkodev in https://github.com/unocss/unocss/issues/3763 (249fe)

   🐞 Bug Fixes

• preset-legacy-compat: Update the split color string regex  -  by @​zyyv in https://github.com/unocss/unocss/issues/3756 (47eaf)
• preset-mini: Align with selection  -  by @​zyyv in https://github.com/unocss/unocss/issues/3771 (18df5)
• shared-integration: Vscode match php <? stuck  -  by @​Simon-He95 in https://github.com/unocss/unocss/issues/3745 (38274)
• vite: Move @​import before other rules  -  by @​lzl0304 in https://github.com/unocss/unocss/issues/3743 (0b84d)

    View changes on GitHub

v0.59.4

Compare Source

   🚀 Features

• core: Support safelist access to RuleContext  -  by @​Simon-He95, @​zyyv, Chris and @​antfu in https://github.com/unocss/unocss/issues/3693 (04c27)

   🐞 Bug Fixes

• eslint-plugin: Compactible with eslint v9  -  by @​antfu (09e3b)
• preset-mini: Transform-cpu  -  by @​Simon-He95 in https://github.com/unocss/unocss/issues/3730 (a3170)
• webpack: SourceMap  -  by @​Simon-He95 in https://github.com/unocss/unocss/issues/3732 (0dab7)

    View changes on GitHub

v0.59.3

Compare Source

   🐞 Bug Fixes

• preset-mini:
  • Remove LF in question mark rule  -  by @​userquin in https://github.com/unocss/unocss/issues/3717 (c51bf)
  • Transform-cpu  -  by @​Simon-He95 in https://github.com/unocss/unocss/issues/3729 (9a371)
  • Use borderRadius from theme to autosuggest rounded values  -  by @​DamianOsipiuk in https://github.com/unocss/unocss/issues/3727 (18346)
• shared-integration:
  • Improve ide matching regex  -  by @​Simon-He95 and @​antfu in https://github.com/unocss/unocss/issues/3712 (ddcf2)
• vscode:
  • ContextLoader with workspace  -  by @​Simon-He95 in https://github.com/unocss/unocss/issues/3728 (351a4)

    View changes on GitHub

v0.59.2

Compare Source

   🐞 Bug Fixes

• Move @unocss/webpack to ESM First  -  by @​userquin in https://github.com/unocss/unocss/issues/3708 (25e97)
• Revert #​3696  -  by @​antfu in https://github.com/unocss/unocss/issues/3696 (8e615)
• preset-mini: Negative custom spacing  -  by @​Simon-He95 in https://github.com/unocss/unocss/issues/3694 (0f4ad)

    View changes on GitHub

v0.59.1

Compare Source

   🐞 Bug Fixes

• eslint-plugin:
  • Support ESLint v9  -  by @​antfu (0cc40)
• postcss:
  • Too many open files error  -  by @​sonofmagic in https://github.com/unocss/unocss/issues/3695 (11918)
  • Support async rule in directives, fix #​3699  -  by @​DarkHole1 in https://github.com/unocss/unocss/issues/3701 and https://github.com/unocss/unocss/issues/3699 (f4ca5)
• preset-mini:
  • marker pesudo element  -  by @​Simon-He95 in https://github.com/unocss/unocss/issues/3702 (0b4a9)
• shared-integration:
  • DefaultIdeMatchInclude  -  by @​Simon-He95 in https://github.com/unocss/unocss/issues/3696 (7f85b)

    View changes on GitHub

v0.59.0

Compare Source

   🚨 Breaking Changes

• Move to ESM-only and fix package exports  -  by @​kwaa, @​userquin, @​antfu, Chris and Anthony Fu in https://github.com/unocss/unocss/issues/3380 (41bc8)
• preset-mini: RingWidth default changed to 3px to align with Tailwind  -  by @​NamesMT and @​antfu in https://github.com/unocss/unocss/issues/3673 (274d3)

   🐞 Bug Fixes

• autocomplete: Disable autocomplete for attributify props when not using  -  by @​Simon-He95 and @​antfu in https://github.com/unocss/unocss/issues/3685 (4dfc3)
• nuxt: Custom option priority in cssnano  -  by @​Simon-He95 in https://github.com/unocss/unocss/issues/3679 (4e11d)
• packages: Add types versions  -  by @​kwaa in https://github.com/unocss/unocss/issues/3677 (42187)
• postcss: Move to ESM first + dual ESM/CJS + missing @unocss/postcss/esm subpackage export  -  by @​userquin in https://github.com/unocss/unocss/issues/3678 (7eda3)
• scope: Fix export types & main entry  -  by @​kwaa in https://github.com/unocss/unocss/issues/3676 (ae44a)
• vscode: The information displayed by hover and autocomplete is inconsistent  -  by @​Simon-He95 in https://github.com/unocss/unocss/issues/3680 (623c2)
• webpack: Correctly output CSS string  -  by @​lzl0304 in https://github.com/unocss/unocss/issues/3686 (a03c2)

    View changes on GitHub

vuejs/test-utils (@​vue/test-utils)

v2.4.6

Compare Source

What's Changed

• Fix/circular references in props cause maximum call stack size exceeded by @​Evobaso-J in https://github.com/vuejs/test-utils/pull/2371
• chore(deps): update all non-major dependencies by @​renovate in https://github.com/vuejs/test-utils/pull/2374
• docs: setup the translation helper by @​Jinjiang in https://github.com/vuejs/test-utils/pull/2373
• chore: translate translation sync message in french by @​cexbrayat in https://github.com/vuejs/test-utils/pull/2377
• docs: synchronize the french docs by @​cexbrayat in https://github.com/vuejs/test-utils/pull/2378
• chore(deps): update dependency vite to v5.2.2 by @​renovate in https://github.com/vuejs/test-utils/pull/2376
• chore(deps): pin dependency vitepress-translation-helper to 0.1.3 by @​renovate in https://github.com/vuejs/test-utils/pull/2379
• chore(deps): update dependency typescript to v5.4.3 by @​renovate in https://github.com/vuejs/test-utils/pull/2380
• chore(deps): update dependency vitepress-translation-helper to v0.2.0 by @​renovate in https://github.com/vuejs/test-utils/pull/2381
• chore: update vitepress-translation-helper by @​Jinjiang in https://github.com/vuejs/test-utils/pull/2382
• chore(deps): update dependency vitepress to v1.0.0 by @​renovate in https://github.com/vuejs/test-utils/pull/2383
• chore(deps): update dependency vitepress-translation-helper to v0.2.1 by @​renovate in https://github.com/vuejs/test-utils/pull/2384
• fix: update attachTo type in MountingOptions interface by @​taku-y-9308 in https://github.com/vuejs/test-utils/pull/2375
• chore(deps): update all non-major dependencies by @​renovate in https://github.com/vuejs/test-utils/pull/2388
• docs(api): fix typo in attachTo anchor tag within isVisible by @​matusekma in https://github.com/vuejs/test-utils/pull/2351
• change vm to always provide global property by @​taku-y-9308 in https://github.com/vuejs/test-utils/pull/2386
• chore(deps): update dependency rollup to v4.13.1 by @​renovate in https://github.com/vuejs/test-utils/pull/2389
• chore(deps): update dependency reflect-metadata to v0.2.2 by @​renovate in https://github.com/vuejs/test-utils/pull/2391
• chore(deps): update all non-major dependencies by @​renovate in https://github.com/vuejs/test-utils/pull/2393
• chore(deps): update dependency vite to v5.2.8 by @​renovate in https://github.com/vuejs/test-utils/pull/2396
• docs: fix missing equal sign by @​w2xi in https://github.com/vuejs/test-utils/pull/2398
• fix: renderStubDefaultSlot with scoped slots by @​cexbrayat in https://github.com/vuejs/test-utils/pull/2397
• docs(api): fix missing chars by @​w2xi in https://github.com/vuejs/test-utils/pull/2399
• docs: use innerHTML in teleport cleanup by @​brc-dd in https://github.com/vuejs/test-utils/pull/2403
• feat: Added dynamic return for element getter by @​nandi95 in https://github.com/vuejs/test-utils/pull/2406
• chore(deps): update all non-major dependencies by @​renovate in https://github.com/vuejs/test-utils/pull/2407
• chore(deps): update all non-major dependencies by @​renovate in https://github.com/vuejs/test-utils/pull/2408
• doc(api): fix missing char by @​w2xi in https://github.com/vuejs/test-utils/pull/2410
• chore(deps): update all non-major dependencies by @​renovate in https://github.com/vuejs/test-utils/pull/2412
• chore: use node v18 on netlify by @​cexbrayat in https://github.com/vuejs/test-utils/pull/2416
• fix(stubs): avoid warning on normalized props with Vue v3.4.22 by @​cexbrayat in https://github.com/vuejs/test-utils/pull/2413
• chore: use the packageManager field from package.json in github action by @​cexbrayat in https://github.com/vuejs/test-utils/pull/2417
• chore(deps): update pnpm to v9 by @​renovate in https://github.com/vuejs/test-utils/pull/2415
• chore(deps): update all non-major dependencies to v3.4.23 by @​renovate in https://github.com/vuejs/test-utils/pull/2418
• chore(deps): update all non-major dependencies by @​renovate in https://github.com/vuejs/test-utils/pull/2419
• chore(deps): update all non-major dependencies by @​renovate in https://github.com/vuejs/test-utils/pull/2420
• chore(deps): update all non-major dependencies by @​renovate in https://github.com/vuejs/test-utils/pull/2421
• Update index.md to fix typo and clarify get vs find behavior by @​KatWorkGit in https://github.com/vuejs/test-utils/pull/2422
• fix: set global provides before running vue plugins by @​danielroe in https://github.com/vuejs/test-utils/pull/2423
• ci: add build on node v22 by @​cexbrayat in https://github.com/vuejs/test-utils/pull/2424
• chore(deps): update all non-major dependencies by @​renovate in https://github.com/vuejs/test-utils/pull/2426
• chore(deps): update dependency unplugin-vue-components to v0.27.0 by @​renovate in https://github.com/vuejs/test-utils/pull/2427
• chore(deps): update dependency @​types/node to v20.12.8 by @​renovate in https://github.com/vuejs/test-utils/pull/2429
• Fix/issue 2319 throw first error thrown during mount by @​taku-y-9308 in https://github.com/vuejs/test-utils/pull/2428

New Contributors

• @​Jinjiang made their first contribution in https://github.com/vuejs/test-utils/pull/2373
• @​taku-y-9308 made their first contribution in https://github.com/vuejs/test-utils/pull/2375
• @​matusekma made their first contribution in https://github.com/vuejs/test-utils/pull/2351
• @​w2xi made their first contribution in https://github.com/vuejs/test-utils/pull/2398
• @​brc-dd made their first contribution in https://github.com/vuejs/test-utils/pull/2403
• @​KatWorkGit made their first contribution in https://github.com/vuejs/test-utils/pull/2422

Full Changelog: vuejs/test-utils@v2.4.5...v2.4.6

antfu/bumpp (bumpp)

v9.4.1

Compare Source

antfu/eslint-plugin-format (eslint-plugin-format)

v0.1.1

Compare Source

   🐞 Bug Fixes

• Pass filepath to prettier  -  by @​RebeccaStevens in https://github.com/antfu/eslint-plugin-format/issues/3 (b591b)

    View changes on GitHub

okonet/lint-staged (lint-staged)

v15.2.7

Compare Source

Patch Changes

• #​1440 a51be80 Thanks @​iiroj! - In the previous version the native git rev-parse --show-toplevel command was taken into use for resolving the current git repo root. This version drops the --path-format=absolute option to support earlier git versions since it's also the default behavior. If you are still having trouble, please try upgrading git to the latest version.

v15.2.6

Compare Source

Patch Changes

• #​1433 119adb2 Thanks @​iiroj! - Use native "git rev-parse" commands to determine git repo root directory and the .git config directory, instead of using custom logic. This hopefully makes path resolution more robust on non-POSIX systems.

v15.2.5

Compare Source

Patch Changes

• #​1424 31a1f95 Thanks @​iiroj! - Allow approximately equivalent versions of direct dependencies by using the "~" character in the version ranges. This means a more recent patch version of a dependency is allowed if available.

• #​1423 91abea0 Thanks @​iiroj! - Improve error logging when failing to read or parse a configuration file

• #​1424 ee43f15 Thanks @​iiroj! - Upgrade micromatch@4.0.7

v15.2.4

Compare Source

Patch Changes

• 4f4537a Thanks @​iiroj! - Fix release issue with previous version; update dependencies

nuxt/nuxt (nuxt)

v3.12.1

Compare Source

v3.12.0

Compare Source

lovell/sharp (sharp)

v0.33.4

Compare Source

privatenumber/tsx (tsx)

v4.15.2

Compare Source

Bug Fixes

• esm: resolve implicit extension in package subpath (7e1fe22)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.15.1

Compare Source

v4.15.0

Compare Source

Features

• esbuild 0.21 (#​19) (6f1d305)
• esbuild 0.21.3 (edbdfdf)
• esbuild 0.21.4 (c67d746)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.14.1

Compare Source

Bug Fixes

• cjs: only hide transformers when namespaced (9e647a5)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.14.0

Compare Source

Features

• resolve .js → .ts in package.json exports & main (4503421)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.13.3

Compare Source

Bug Fixes

• cjs: resolve directory import relative to parent (#​42) (02d3856)
• esm: cjs interop to support decorators (807f467)
• esm: resolve .ts extension in imports map (89621bf)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.13.2

Compare Source

Bug Fixes

• esm: ignore transforming .js files with CJS syntax (#​40) (87a7683)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.13.1

Compare Source

Bug Fixes

• esm/api: tsImport() to parse CJS exports (0a78bfd)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.13.0

Compare Source

Features

• cjs/api: register() to support namespace (#​35) (c703300)
• esm/api: tsImport() to support loading CommonJS files (0eb4e91)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.12.1

Compare Source

Bug Fixes

• esm: resolve implicit ts paths in packages (de900a1)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.12.0

Compare Source

Bug Fixes

• cjs: make resolver chainable (585f117)
• esm: named import from CommonJS file (#​33) (7c85303)

Features

• cjs: support query for cache busting (#​37) (e1464cf)

Performance Improvements

• esm: only try extensions if file path (72d0896)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.11.2

Compare Source

Bug Fixes

• cjs: esm interop in .mjs files (#​32) (aa2b639)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.11.1

Compare Source

Bug Fixes

• cjs/api: resolve correct module and types when imported (#​566) (5e70105)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.11.0

Compare Source

Bug Fixes

• only error on invalid tsconfig if explicitly passed in (#​30) (b6bf39b)

Features

• esm api: configurable tsconfig (3f42ae3)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.10.5

Compare Source

Bug Fixes

• handle parsing variable of (86cf87c), closes #​556

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.10.4

Compare Source

v4.10.3

Compare Source

Performance Improvements

• skip parsing if import( is not found in minified code (5cdd50b)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.10.2

Compare Source

v4.10.1

Compare Source

v4.10.0

Compare Source

Features

• esm api: register to return a namespaced import() method (53bb4aa)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.9.5

Compare Source

v4.9.4

Compare Source

Bug Fixes

• tsImport: import module from commonjs (48f0a75)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.9.3

Compare Source

Bug Fixes

• import implicit extensions from packages (8022fcf), closes #​542

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.9.2

Compare Source

Bug Fixes

• esm: resolve absolute paths (#​544) (3a0ea18)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.9.1

Compare Source

v4.9.0

Compare Source

v4.8.2

Compare Source

Bug Fixes

• types: cjs/api to use .d.cts (4b1f03c)

---

This release is also available on:

• npm package (@​latest dist-tag)

v4.8.1

Compare Source

v4.8.0

Compare Source

v4.7.3

Compare Source

Bug Fixes

• support TS resolution in JS files when allowJs is set (#​535) (081853e)

---

This release is also available on:

• [npm package (@​latest dist-tag)](https://www

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[netlify]

❌ Deploy Preview for elk-docs failed.

Name	Link
🔨 Latest commit	f128fde
🔍 Latest deploy log	https://app.netlify.com/sites/elk-docs/deploys/6669ecedb8297f0008dc3ad7

[netlify]

❌ Deploy Preview for elk-zone failed.

Name	Link
🔨 Latest commit	f128fde
🔍 Latest deploy log	https://app.netlify.com/sites/elk-zone/deploys/6669ecedb5f2fd0008d3c24f

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/theme-colors@0.1.0	None	0	10.7 kB	pi0

🚮 Removed packages: npm/blurhash@2.0.5, npm/browser-fs-access@0.35.0, npm/bumpp@9.4.0, npm/chroma-js@2.4.2, npm/consola@3.2.3, npm/emoji-mart@5.5.2, npm/eslint@8.57.0, npm/file-saver@2.0.5, npm/flat@6.0.1, npm/focus-trap@7.5.4, npm/form-data@4.0.0, npm/fs-extra@11.2.0, npm/fuse.js@6.6.2, npm/github-reserved-names@2.0.4, npm/happy-dom@10.5.2, npm/idb-keyval@6.2.1, npm/ignore-dependency-scripts@1.0.1, npm/iso-639-1@3.0.1, npm/js-yaml@4.1.0, npm/lint-staged@15.2.2, npm/lru-cache@10.2.0, npm/masto@6.7.7, npm/node-emoji@2.1.3, npm/page-lifecycle@0.1.2, npm/prettier@3.2.5, npm/rollup-plugin-node-polyfills@0.2.1, npm/sharp-ico@0.1.5, npm/sharp@0.33.3, npm/shiki@1.1.7, npm/simple-git-hooks@2.11.1, npm/simple-git@3.24.0, npm/std-env@3.7.0, npm/string-length@5.0.1, npm/theme-vitesse@0.7.2, npm/tiny-decode@0.1.3, npm/tippy.js@6.3.7, npm/tsx@4.7.2, npm/typescript@5.4.4, npm/ufo@1.5.3, npm/ultrahtml@1.5.3, npm/vitest@1.4.0, npm/vue-virtual-scroller@2.0.0-beta.8, npm/workbox-build@7.0.0, npm/workbox-window@7.0.0, npm/ws@8.16.0

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Telemetry	npm/@nuxt/telemetry@2.5.4	Note: Can be disabled by setting the environment variable NUXT_TELEMETRY_DISABLED=1	orphan: npm/@nuxt/telemetry@2.5.4
Telemetry	npm/@nuxt/telemetry@2.5.3	Note: Can be disabled by setting the environment variable NUXT_TELEMETRY_DISABLED=1	Source
Install scripts	npm/sharp@0.33.3	Install script: install Source: node install/check	Source
Install scripts	npm/simple-git-hooks@2.11.1	Install script: postinstall Source: node ./postinstall.js	Source
Install scripts	npm/vue-demi@0.14.8	Install script: postinstall Source: node -e "try{require('./scripts/postinstall.js')}catch(e){}"	Source

View full report↗︎

Next steps

What is telemetry?

This package contains telemetry which tracks how it is used.

Most telemetry comes with settings to disable it. Consider disabling telemetry if you do not want to be tracked.

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/@nuxt/telemetry@2.5.4
• @SocketSecurity ignore npm/@nuxt/telemetry@2.5.3
• @SocketSecurity ignore npm/sharp@0.33.3
• @SocketSecurity ignore npm/simple-git-hooks@2.11.1
• @SocketSecurity ignore npm/vue-demi@0.14.8