← Home

@mdn/browser-compat-data

npm Repository Homepage

Browser compatibility data provided by MDN Web Docs

100
Versions
CC0-1.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

leomcacaugnermdn-bot

Keywords

bcdbrowser-compat-databrowsercompatibilitydatamdnmozilla

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
semgrep semgrep:dynamic-require AI (semgrep): Dynamic require() loads the package's own bundled JSON compat data files via filesystem traversal — not user-controlled input. This is the package's core data-loading mechanism. ai
semgrep semgrep:child-process-import AI (semgrep): child_process is used only in dev/scripts tooling (fix-format.js), not in runtime code or install hooks. No risk to package consumers. ai
provenance no-provenance AI (provenance): Official MDN/Mozilla package with 2000+ day history and clean publisher record. Lack of Sigstore provenance is acceptable given strong ecosystem trust signals. ai
provenance publisher-changed AI (provenance): MDN BCD transitioned to GitHub Actions CI/CD publishing with SLSA attestation — this is a legitimate, security-improving automation change for this package. ai
maintainer-change maintainer-removed AI (maintainer-change): Removal of individual maintainers is consistent with MDN BCD's transition to fully automated GitHub Actions publishing; no suspicious new maintainers added. ai

Versions (showing 100 of 396)

Version Deps Published
5.7.3 0 / 0
5.7.2 0 / 0
5.7.1 0 / 0
5.7.0 0 / 0
5.6.43 0 / 0
5.6.42 0 / 0
5.6.41 0 / 0
5.6.40 0 / 0
5.6.39 0 / 0
5.6.38 0 / 0
5.6.37 0 / 0
5.6.36 0 / 0
5.6.35 0 / 0
5.6.34 0 / 0
5.6.33 0 / 0
5.6.32 0 / 0
5.6.31 0 / 0
5.6.30 0 / 0
5.6.29 0 / 0
5.6.28 0 / 0
5.6.27 0 / 0
5.6.26 0 / 0
5.6.25 0 / 0
5.6.24 0 / 0
5.6.23 0 / 0
5.6.22 0 / 0
5.6.21 0 / 0
5.6.20 0 / 0
5.6.19 0 / 0
5.6.18 0 / 0
5.6.17 0 / 0
5.6.16 0 / 0
5.6.15 0 / 0
5.6.14 0 / 0
5.6.13 0 / 0
5.6.12 0 / 0
5.6.11 0 / 0
5.6.10 0 / 0
5.6.9 0 / 0
5.6.8 0 / 0
5.6.7 0 / 0
5.6.6 0 / 0
5.6.5 0 / 0
5.6.4 0 / 0
5.6.3 0 / 0
5.6.2 0 / 0
5.6.1 0 / 0
5.6.0 0 / 0
5.5.51 0 / 0
5.5.50 0 / 0
5.5.49 0 / 0
5.5.48 0 / 0
5.5.47 0 / 0
5.5.46 0 / 0
5.5.45 0 / 0
5.5.44 0 / 0
5.5.43 0 / 0
5.5.42 0 / 0
5.5.41 0 / 0
5.5.40 0 / 0
5.5.39 0 / 0
5.5.38 0 / 0
5.5.37 0 / 0
5.5.36 0 / 0
5.5.35 0 / 0
5.5.34 0 / 0
5.5.33 0 / 0
5.5.32 0 / 0
5.5.31 0 / 0
5.5.30 0 / 0
5.5.29 0 / 0
5.5.28 0 / 0
5.5.27 0 / 0
5.5.26 0 / 0
5.5.25 0 / 0
5.5.24 0 / 0
5.5.23 0 / 0
5.5.22 0 / 0
5.5.21 0 / 0
5.5.20 0 / 0
5.5.19 0 / 0
5.5.18 0 / 0
5.5.17 0 / 0
5.5.16 0 / 0
5.5.15 0 / 0
5.5.14 0 / 0
5.5.13 0 / 0
5.5.12 0 / 0
5.5.11 0 / 0
5.5.10 0 / 0
5.5.9 0 / 0
5.5.8 0 / 0
5.5.7 0 / 0
5.5.6 0 / 0
5.5.5 0 / 0
5.5.4 0 / 0
5.5.3 0 / 0
5.5.2 0 / 0
5.5.1 0 / 0
5.5.0 0 / 0
Showing 100 of 396 Next page →

v5.5.9

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.5.8

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.5.7

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.5.5

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.