@mdn/browser-compat-data

Browser compatibility data provided by MDN Web Docs

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

leomcacaugnermdn-bot

Keywords

bcdbrowser-compat-databrowsercompatibilitydatamdnmozilla

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:dynamic-require	AI (semgrep): Dynamic require() loads the package's own bundled JSON compat data files via filesystem traversal — not user-controlled input. This is the package's core data-loading mechanism.	ai	2026/04/22
semgrep	semgrep:child-process-import	AI (semgrep): child_process is used only in dev/scripts tooling (fix-format.js), not in runtime code or install hooks. No risk to package consumers.	ai	2026/04/22
provenance	no-provenance	AI (provenance): Official MDN/Mozilla package with 2000+ day history and clean publisher record. Lack of Sigstore provenance is acceptable given strong ecosystem trust signals.	ai	2026/04/22
provenance	publisher-changed	AI (provenance): MDN BCD transitioned to GitHub Actions CI/CD publishing with SLSA attestation — this is a legitimate, security-improving automation change for this package.	ai	2026/04/22
maintainer-change	maintainer-removed	AI (maintainer-change): Removal of individual maintainers is consistent with MDN BCD's transition to fully automated GitHub Actions publishing; no suspicious new maintainers added.	ai	2026/04/22

Versions (showing 100 of 396)

Version	Deps	Published
5.4.5	0 / 0	2023-12-09
5.4.4	0 / 0	2023-12-05
5.4.3	0 / 0	2023-12-02
5.4.2	0 / 0	2023-11-28
5.4.1	0 / 0	2023-11-25
5.4.0	0 / 0	2023-11-18
5.3.31	0 / 0	2023-11-15
5.3.30	0 / 0	2023-11-10
5.3.29	0 / 0	2023-11-07
5.3.28	0 / 0	2023-10-31
5.3.27	0 / 0	2023-10-27
5.3.26	0 / 0	2023-10-24
5.3.25	0 / 0	2023-10-20
5.3.24	0 / 0	2023-10-18
5.3.23	0 / 0	2023-10-13
5.3.22	0 / 0	2023-10-10
5.3.21	0 / 0	2023-10-06
5.3.20	0 / 0	2023-10-03
5.3.19	0 / 0	2023-09-27
5.3.18	0 / 0	2023-09-22
5.3.17	0 / 0	2023-09-19
5.3.16	0 / 0	2023-09-15
5.3.15	0 / 0	2023-09-08
5.3.14	0 / 0	2023-08-29
5.3.13	0 / 0	2023-08-25
5.3.12	0 / 0	2023-08-23
5.3.11	0 / 0	2023-08-19
5.3.10	0 / 0	2023-08-16
5.3.9	0 / 0	2023-08-12
5.3.8	0 / 0	2023-08-04
5.3.7	0 / 0	2023-08-02
5.3.6	0 / 0	2023-07-25
5.3.5	0 / 0	2023-07-21
5.3.4	0 / 0	2023-07-18
5.3.3	0 / 0	2023-07-14
5.3.2	0 / 0	2023-07-11
5.3.1	0 / 0	2023-07-08
5.3.0	0 / 0	2023-06-27
5.2.67	0 / 0	2023-06-23
5.2.66	0 / 0	2023-06-20
5.2.65	0 / 0	2023-06-17
5.2.64	0 / 0	2023-06-13
5.2.63	0 / 0	2023-06-09
5.2.62	0 / 0	2023-06-06
5.2.61	0 / 0	2023-06-02
5.2.60	0 / 0	2023-05-30
5.2.59	0 / 0	2023-05-19
5.2.58	0 / 0	2023-05-17
5.2.57	0 / 0	2023-05-09
5.2.56	0 / 0	2023-05-05
5.2.55	0 / 0	2023-05-02
5.2.54	0 / 0	2023-04-28
5.2.53	0 / 0	2023-04-25
5.2.52	0 / 0	2023-04-21
5.2.51	0 / 0	2023-04-18
5.2.50	0 / 0	2023-04-12
5.2.49	0 / 0	2023-04-07
5.2.48	0 / 0	2023-04-04
5.2.47	0 / 0	2023-03-31
5.2.46	0 / 0	2023-03-29
5.2.45	0 / 0	2023-03-24
5.2.44	0 / 0	2023-03-21
5.2.43	0 / 0	2023-03-17
5.2.42	0 / 0	2023-03-14
5.2.41	0 / 0	2023-03-10
5.2.40	0 / 0	2023-03-08
5.2.39	0 / 0	2023-02-28
5.2.38	0 / 0	2023-02-24
5.2.37	0 / 0	2023-02-21
5.2.36	0 / 0	2023-02-17
5.2.35	0 / 0	2023-02-10
5.2.34	0 / 0	2023-02-03
5.2.33	0 / 0	2023-01-31
5.2.32	0 / 0	2023-01-27
5.2.31	0 / 0	2023-01-24
5.2.30	0 / 0	2023-01-20
5.2.29	0 / 0	2023-01-17
5.2.28	0 / 0	2023-01-13
5.2.27	0 / 0	2023-01-10
5.2.26	0 / 0	2023-01-06
5.2.25	0 / 0	2023-01-03
5.2.24	0 / 0	2022-12-31
5.2.23	0 / 0	2022-12-21
5.2.22	0 / 0	2022-12-14
5.2.21	0 / 0	2022-12-09
5.2.20	0 / 0	2022-11-30
5.2.19	0 / 0	2022-11-25
5.2.18	0 / 0	2022-11-22
5.2.17	0 / 0	2022-11-19
5.2.16	0 / 0	2022-11-16
5.2.15	0 / 0	2022-11-11
5.2.14	0 / 0	2022-11-08
5.2.13	0 / 0	2022-11-05
5.2.12	0 / 0	2022-11-01
5.2.11	0 / 0	2022-10-28
5.2.10	0 / 0	2022-10-25
5.2.9	0 / 0	2022-10-21
5.2.8	0 / 0	2022-10-18
5.2.7	0 / 0	2022-10-15
5.2.6	0 / 0	2022-10-11

Showing 100 of 396 Next page →

v5.4.2

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.3.29

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.3.25

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.3.21

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.3.20

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.3.19

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.3.17

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.3.16

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.