@milkdown/transformer — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

mirone

Keywords

markdownmilkdownprosemirrorremark

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:tslib	AI (phantom-deps): Known implicit dependency of TypeScript; stable across versions.	ai	2026/05/09
phantom-deps	phantom-dep:remark-parse	AI (phantom-deps): Config-referenced remark plugin; stable for this markdown transformer.	ai	2026/05/09
phantom-deps	phantom-dep:remark-stringify	AI (phantom-deps): Config-referenced remark plugin; stable for this markdown transformer.	ai	2026/05/09
dependencies	unvetted-dep:@milkdown/prose	AI (dependencies): Sibling milkdown monorepo package; co-versioned and expected dependency.	ai	2026/04/28
dependencies	unvetted-dep:@milkdown/exception	AI (dependencies): Sibling milkdown monorepo package; co-versioned and expected dependency.	ai	2026/04/28

Versions (showing 33 of 33)

Version	Deps	Published
7.21.1	4 / 0	2026-05-13
7.21.0	4 / 0	2026-05-12
7.20.0	4 / 0	2026-03-30
7.19.2	4 / 0	2026-03-23
7.19.1	4 / 0	2026-03-22
7.19.0	4 / 0	2026-03-03
7.18.0	4 / 0	2026-01-05
7.17.3	4 / 0	2025-12-08
7.17.2	4 / 0	2025-11-23
7.17.1	4 / 0	2025-10-11
7.17.0	4 / 0	2025-10-11
7.16.0	4 / 0	2025-09-19
7.15.5	7 / 0	2025-08-25
7.15.4	7 / 0	2025-08-23
7.15.3	7 / 0	2025-08-10
7.15.2	7 / 0	2025-07-26
7.15.1	7 / 0	2025-07-03
7.15.0	7 / 0	2025-06-28
7.14.0	7 / 0	2025-06-21
7.13.2	7 / 0	2025-06-18
7.13.1	7 / 0	2025-06-09
7.13.0	7 / 0	2025-06-07
7.12.1	7 / 0	2025-06-01
7.12.0	7 / 0	2025-06-01
7.11.1	7 / 0	2025-05-24
7.11.0	7 / 0	2025-05-21
7.10.5	7 / 0	2025-05-19
7.10.4	7 / 0	2025-05-16
7.10.3	7 / 0	2025-05-13
7.10.2	7 / 0	2025-05-10
7.10.1	7 / 0	2025-05-07
7.10.0	7 / 0	2025-05-07
7.9.1	7 / 0	2025-05-04

v7.21.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.21.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.20.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.19.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.19.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.19.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.18.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.17.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.17.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.17.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.