@mdx-js/mdx
MDX compiler
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | dormant-publish | AI (publish-pattern): Trusted maintainer (wooorm) with strong track record; gap reflects a documented refactor, not account takeover. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Removal of johno-bot (automation account) and biscarch (former contributor) is consistent with normal project evolution; primary author johno remains publisher with a strong track record. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): silvenon was a pre-existing contributor to the MDX project; addition as maintainer reflects a legitimate role expansion, not a suspicious takeover. | ai | |
| provenance | publisher-changed | AI (provenance): silvenon (Matija Marohnić) was already a listed contributor in package.json before becoming publisher; this is a documented, legitimate maintainer transition for the MDX project. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): detab and unist-builder are established packages in the unified/remark ecosystem, fully consistent with MDX's Markdown parsing purpose. No supply-chain risk. | ai | |
| dependencies | unvetted-dep:rehype-recma | AI (dependencies): rehype-recma is part of the MDX compiler pipeline; legitimate dependency. | ai | |
| dependencies | unvetted-dep:remark-parse | AI (dependencies): remark-parse is a core unified/remark package; legitimate and expected dependency. | ai | |
| dependencies | unvetted-dep:remark-rehype | AI (dependencies): remark-rehype is a core unified ecosystem bridge plugin; legitimate dependency. | ai | |
| dependencies | unvetted-dep:recma-build-jsx | AI (dependencies): recma-build-jsx is part of the recma/MDX toolchain; legitimate dependency. | ai | |
| dependencies | unvetted-dep:hast-util-to-jsx-runtime | AI (dependencies): hast-util-to-jsx-runtime is a core unified/hast utility; legitimate dependency for MDX JSX output. | ai | |
| dependencies | unvetted-dep:recma-stringify | AI (dependencies): recma-stringify is part of the recma/MDX toolchain; legitimate dependency. | ai | |
| dependencies | unvetted-dep:vfile | AI (dependencies): vfile is a core unified ecosystem package and a legitimate dependency of @mdx-js/mdx. | ai | |
| dependencies | unvetted-dep:unified | AI (dependencies): unified is the foundational package of the unified ecosystem; a legitimate and expected dependency. | ai | |
| dependencies | unvetted-dep:recma-jsx | AI (dependencies): recma-jsx is part of the recma/MDX toolchain maintained by the same ecosystem; legitimate dependency. | ai | |
| dependencies | unvetted-dep:remark-mdx | AI (dependencies): remark-mdx is a core MDX remark plugin from the same mdx-js org; legitimate dependency. | ai | |
| dependencies | unvetted-dep:unist-builder | AI (dependencies): unist-builder is a core unified/unist ecosystem utility; stable and widely used. | ai | |
| dependencies | unvetted-dep:detab | AI (dependencies): detab is a legitimate remark/unified ecosystem utility; stable dependency of @mdx-js/mdx across versions. | ai | |
| dependencies | unvetted-dep:@mdx-js/util | AI (dependencies): First-party @mdx-js monorepo package, co-versioned with @mdx-js/mdx. No risk. | ai | |
| dependencies | unvetted-dep:camelcase-css | AI (dependencies): camelcase-css is a well-known utility for CSS property name conversion; stable dependency. | ai | |
| dependencies | unvetted-dep:remark-footnotes | AI (dependencies): remark-footnotes is a standard remark plugin; legitimate dependency for MDX processing. | ai | |
| dependencies | unvetted-dep:remark-squeeze-paragraphs | AI (dependencies): remark-squeeze-paragraphs is a standard remark plugin; legitimate dependency for MDX processing. | ai | |
| dependencies | unvetted-dep:babel-plugin-apply-mdx-type-prop | AI (dependencies): First-party @mdx-js monorepo package, co-versioned with @mdx-js/mdx. No risk. | ai | |
| dependencies | unvetted-dep:babel-plugin-extract-import-names | AI (dependencies): First-party @mdx-js monorepo package, co-versioned with @mdx-js/mdx. No risk. | ai | |
| dependencies | unvetted-dep:unist-util-position-from-estree | AI (dependencies): unist-util-position-from-estree is a legitimate unified ecosystem utility for AST position mapping. | ai | |
| dependencies | unvetted-dep:@types/mdx | AI (dependencies): @types/mdx provides TypeScript types for MDX; a natural runtime dep for this compiler package. | ai | |
| dependencies | unvetted-dep:devlop | AI (dependencies): devlop is a legitimate unified-ecosystem utility by wooorm; stable dependency for this package. | ai | |
| dependencies | unvetted-dep:@types/hast | AI (dependencies): @types/hast provides TypeScript types for the hast AST; standard in the unified ecosystem. | ai | |
| dependencies | unvetted-dep:unist-util-visit | AI (dependencies): unist-util-visit is a core unified/unist utility; widely used and maintained by the same ecosystem. | ai | |
| dependencies | unvetted-dep:estree-util-scope | AI (dependencies): estree-util-scope is a legitimate estree utility in the unified ecosystem, appropriate for an MDX compiler. | ai | |
| dependencies | unvetted-dep:unist-util-stringify-position | AI (dependencies): unist-util-stringify-position is a standard unist utility; part of the unified ecosystem. | ai | |
| provenance | no-provenance | AI (provenance): Package predates Sigstore provenance adoption; publisher has strong track record. Absence of provenance is expected for this package's age. | ai | |
| phantom-deps | phantom-dep:@types/estree | AI (phantom-deps): @types/estree is a TypeScript type declaration package; not directly imported at runtime by design. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): new Function() is the documented pattern for MDX's runtime code execution; input is controlled compiled output, not arbitrary user code. | ai | |
| typosquat | typosquat.levenshtein:mobx | AI (typosquat): @mdx-js/mdx is a well-known scoped MDX package with no relation to mobx; the Levenshtein match is a clear false positive that generalizes across all versions. | ai | |
| phantom-deps | phantom-dep:@types/mdx | AI (phantom-deps): @types/mdx is a TypeScript type declaration package; not directly imported at runtime by design. | ai | |
| phantom-deps | phantom-dep:acorn | AI (phantom-deps): acorn is referenced in config files for parser configuration, not directly imported. Normal pattern for unified ecosystem packages. | ai | |
| phantom-deps | phantom-dep:@types/estree-jsx | AI (phantom-deps): @types/estree-jsx is a TypeScript type declaration package; not directly imported at runtime by design. | ai | |
| phantom-deps | phantom-dep:@types/hast | AI (phantom-deps): @types/hast is a TypeScript type declaration package; not directly imported at runtime by design. | ai |
Versions (showing 26 of 126)
| Version | Deps | Published |
|---|---|---|
| 0.16.1 | 9 / 9 | |
| 0.16.0 | 9 / 9 | |
| 0.15.7 | 8 / 9 | |
| 0.15.6 | 7 / 9 | |
| 0.15.5 | 7 / 9 | |
| 0.15.4 | 7 / 9 | |
| 0.15.3 | 7 / 9 | |
| 0.15.2 | 5 / 7 | |
| 0.15.1 | 5 / 7 | |
| 0.15.0 | 5 / 6 | |
| 0.14.1 | 6 / 5 | |
| 0.14.0 | 6 / 5 | |
| 0.12.0 | 6 / 5 | |
| 0.11.1 | 6 / 5 | |
| 0.10.1 | 6 / 5 | |
| 0.10.0 | 6 / 5 | |
| 0.9.0 | 6 / 5 | |
| 0.8.1 | 6 / 5 | |
| 0.8.0 | 6 / 5 | |
| 0.7.4 | 7 / 5 | |
| 0.7.3 | 7 / 5 | |
| 0.7.2 | 7 / 5 | |
| 0.7.1 | 7 / 5 | |
| 0.7.0 | 7 / 5 | |
| 0.5.0 | 8 / 1 | |
| 0.4.0 | 8 / 1 |
v0.16.1
2 findingsThis version was published by a different npm account than previous versions on 2018-11-20. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.7
2 findingsThis version was published by a different npm account than previous versions on 2018-11-03. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.6
2 findingsThis version was published by a different npm account than previous versions on 2018-10-30. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.5
2 findingsThis version was published by a different npm account than previous versions on 2018-10-02. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.15.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.15.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.15.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.15.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.14.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.5.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.