@mintlify/cli
The Mintlify CLI
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:chalk | AI (phantom-deps): Chalk is used indirectly through the CLI's output formatting; phantom dependency pattern is normal for CLI tools. | ai | |
| phantom-deps | phantom-dep:semver | AI (phantom-deps): Semver is used indirectly through dependency resolution; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:front-matter | AI (phantom-deps): Front-matter is used indirectly for configuration parsing; expected for documentation CLI. | ai | |
| semgrep | semgrep:etc-passwd-access | AI (semgrep): References are in test files validating that path traversal to /etc/passwd is correctly rejected. Security test, not credential harvesting. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): Standard CLI pattern: spreading process.env into child process spawn to pass environment through. Not exfiltration. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): Scoped package @mintlify/cli from established Mintlify org is not a typosquat of 'joi'. False positive from short name Levenshtein match. | ai |
Versions (showing 51 of 676)
| Version | Deps | Published |
|---|---|---|
| 4.0.1190 | 25 / 17 | |
| 4.0.1189 | 25 / 17 | |
| 4.0.1188 | 25 / 17 | |
| 4.0.1187 | 25 / 17 | |
| 4.0.1186 | 25 / 17 | |
| 4.0.1185 | 25 / 17 | |
| 4.0.1184 | 25 / 17 | |
| 4.0.1183 | 25 / 17 | |
| 4.0.1182 | 25 / 17 | |
| 4.0.1181 | 25 / 17 | |
| 4.0.1180 | 25 / 17 | |
| 4.0.1179 | 25 / 19 | |
| 4.0.1178 | 25 / 19 | |
| 4.0.1177 | 25 / 19 | |
| 4.0.1176 | 25 / 19 | |
| 4.0.1175 | 25 / 19 | |
| 4.0.1174 | 25 / 19 | |
| 4.0.1173 | 25 / 19 | |
| 4.0.1172 | 25 / 19 | |
| 4.0.1171 | 25 / 19 | |
| 4.0.1170 | 25 / 19 | |
| 4.0.1169 | 25 / 19 | |
| 4.0.1168 | 25 / 19 | |
| 4.0.1167 | 25 / 19 | |
| 4.0.1166 | 25 / 19 | |
| 4.0.1165 | 25 / 19 | |
| 4.0.1164 | 25 / 19 | |
| 4.0.1163 | 25 / 19 | |
| 4.0.1162 | 25 / 19 | |
| 4.0.1161 | 25 / 19 | |
| 4.0.1160 | 25 / 19 | |
| 4.0.1159 | 25 / 19 | |
| 4.0.1158 | 25 / 19 | |
| 4.0.1157 | 25 / 19 | |
| 4.0.1156 | 25 / 19 | |
| 4.0.1155 | 25 / 19 | |
| 4.0.1154 | 25 / 19 | |
| 4.0.1153 | 25 / 19 | |
| 4.0.1152 | 25 / 19 | |
| 4.0.1151 | 25 / 19 | |
| 4.0.1150 | 25 / 19 | |
| 4.0.1149 | 25 / 19 | |
| 4.0.1148 | 25 / 19 | |
| 4.0.1147 | 25 / 19 | |
| 4.0.1146 | 25 / 19 | |
| 4.0.1145 | 25 / 19 | |
| 4.0.1144 | 25 / 19 | |
| 4.0.1143 | 25 / 19 | |
| 4.0.1142 | 25 / 19 | |
| 4.0.1141 | 24 / 19 | |
| 4.0.1140 | 24 / 19 |
v4.0.1190
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1189
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1188
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1187
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1186
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1185
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1184
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1183
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1182
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1181
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1180
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1179
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1178
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1177
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1176
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1175
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1174
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1173
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1172
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1171
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1170
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1169
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1168
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1167
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1166
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1165
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1164
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1163
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1162
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1161
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1160
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1159
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1158
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1157
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1156
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1155
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1154
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1153
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1152
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1151
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1150
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1149
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1148
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1147
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1146
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1145
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1144
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1143
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1142
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1141
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1140
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.