@docusaurus/plugin-content-blog

Blog plugin for Docusaurus.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

fbslorberlex111docusaurus-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
bogus-package	bogus-package	AI (bogus-package): Spam signals are false positives: 'fb' is the legitimate Facebook/Docusaurus org, not spam; missing keywords is metadata-only for an established monorepo package.	ai	2026/04/23
provenance	publisher-changed	AI (provenance): Publisher transition from slorber to docusaurus-bot is a documented, legitimate org change within Docusaurus governance.	ai	2026/04/23
provenance	no-provenance	AI (provenance): Provenance attestation is a best-practice recommendation, not a security blocker for established projects.	ai	2026/04/22
source-diff	large-new-source-files	AI (source-diff): 22 new source files are consistent with normal feature development in an active monorepo; no bundled/injected code indicators.	ai	2026/04/22
publish-pattern	new-deps-added	AI (publish-pattern): schema-dts is a legitimate, established dependency addition for blog plugin functionality.	ai	2026/04/22
phantom-deps	phantom-dep:@docusaurus/core	AI (phantom-deps): Expected phantom dependency pattern for plugins within the same monorepo scope.	ai	2026/04/22
dependencies	unvetted-dep:schema-dts	AI (dependencies): schema-dts is an established, legitimate JSON-LD schema package; appropriate for blog plugin content handling.	ai	2026/04/22
dependencies	unvetted-dep:srcset	AI (dependencies): srcset is a standard, widely-used srcset parser; no security concerns for this package.	ai	2026/04/22
dependencies	unvetted-dep:unist-util-visit	AI (dependencies): unist-util-visit is a standard AST traversal utility used in content processing; appropriate for blog plugin.	ai	2026/04/22
dependencies	unvetted-dep:webpack	AI (dependencies): Webpack is a standard build dependency for Docusaurus plugins; appropriate for this package's purpose.	ai	2026/04/22
dependencies	unvetted-dep:feed	AI (dependencies): feed is a well-known RSS/Atom feed generator; legitimate and expected dependency for a blog plugin.	ai	2026/04/22

Versions (showing 29 of 29)

Show 29 prereleases

Version	Deps	Published
3.10.1	19 / 2	2026-04-30
3.9.2	18 / 2	2025-10-17
3.7.0	18 / 2	2025-01-03
3.6.3	18 / 2	2024-11-22
3.6.2	18 / 2	2024-11-19
3.6.1	18 / 2	2024-11-08
3.6.0	18 / 2	2024-11-04
3.5.2	18 / 2	2024-08-13
3.5.1	18 / 2	2024-08-09
3.5.0	18 / 2	2024-08-09
3.4.0	17 / 1	2024-05-31
3.3.2	17 / 1	2024-05-03
3.3.1	17 / 1	2024-05-03
3.3.0	17 / 1	2024-05-03
3.2.1	17 / 1	2024-04-04
3.2.0	17 / 1	2024-03-29
3.1.1	17 / 0	2024-01-26
3.1.0	17 / 0	2024-01-05
3.0.1	17 / 0	2023-11-30
3.0.0	17 / 0	2023-10-31
2.4.3	16 / 0	2023-09-20
2.4.1	16 / 0	2023-05-15
2.4.0	16 / 0	2023-03-23
2.3.1	16 / 0	2023-02-03
2.3.0	16 / 0	2023-01-27
2.2.0	16 / 1	2022-10-29
2.1.0	16 / 1	2022-09-02
2.0.1	16 / 2	2022-08-01
2.0.0	16 / 2	2022-08-01

v3.10.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.