@mintlify/cli
The Mintlify CLI
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:chalk | AI (phantom-deps): Chalk is used indirectly through the CLI's output formatting; phantom dependency pattern is normal for CLI tools. | ai | |
| phantom-deps | phantom-dep:semver | AI (phantom-deps): Semver is used indirectly through dependency resolution; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:front-matter | AI (phantom-deps): Front-matter is used indirectly for configuration parsing; expected for documentation CLI. | ai | |
| semgrep | semgrep:etc-passwd-access | AI (semgrep): References are in test files validating that path traversal to /etc/passwd is correctly rejected. Security test, not credential harvesting. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): Standard CLI pattern: spreading process.env into child process spawn to pass environment through. Not exfiltration. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): Scoped package @mintlify/cli from established Mintlify org is not a typosquat of 'joi'. False positive from short name Levenshtein match. | ai |
Versions (showing 100 of 677)
| Version | Deps | Published |
|---|---|---|
| 4.0.991 | 22 / 18 | |
| 4.0.990 | 22 / 18 | |
| 4.0.989 | 22 / 18 | |
| 4.0.988 | 22 / 18 | |
| 4.0.987 | 22 / 18 | |
| 4.0.986 | 22 / 18 | |
| 4.0.985 | 22 / 18 | |
| 4.0.984 | 22 / 18 | |
| 4.0.983 | 22 / 18 | |
| 4.0.982 | 22 / 18 | |
| 4.0.981 | 22 / 18 | |
| 4.0.980 | 22 / 18 | |
| 4.0.979 | 22 / 18 | |
| 4.0.978 | 22 / 18 | |
| 4.0.977 | 22 / 18 | |
| 4.0.976 | 22 / 18 | |
| 4.0.975 | 22 / 18 | |
| 4.0.974 | 22 / 18 | |
| 4.0.973 | 22 / 18 | |
| 4.0.972 | 22 / 18 | |
| 4.0.971 | 22 / 18 | |
| 4.0.970 | 22 / 18 | |
| 4.0.969 | 22 / 18 | |
| 4.0.968 | 22 / 18 | |
| 4.0.967 | 22 / 18 | |
| 4.0.966 | 22 / 18 | |
| 4.0.965 | 22 / 18 | |
| 4.0.964 | 22 / 18 | |
| 4.0.963 | 22 / 18 | |
| 4.0.962 | 22 / 18 | |
| 4.0.961 | 22 / 18 | |
| 4.0.960 | 22 / 18 | |
| 4.0.959 | 22 / 18 | |
| 4.0.957 | 22 / 18 | |
| 4.0.956 | 22 / 18 | |
| 4.0.955 | 22 / 18 | |
| 4.0.954 | 22 / 18 | |
| 4.0.953 | 21 / 18 | |
| 4.0.952 | 21 / 18 | |
| 4.0.951 | 21 / 18 | |
| 4.0.950 | 21 / 18 | |
| 4.0.949 | 21 / 18 | |
| 4.0.948 | 21 / 18 | |
| 4.0.947 | 21 / 18 | |
| 4.0.946 | 21 / 18 | |
| 4.0.945 | 21 / 18 | |
| 4.0.944 | 21 / 18 | |
| 4.0.943 | 21 / 18 | |
| 4.0.942 | 21 / 18 | |
| 4.0.941 | 21 / 18 | |
| 4.0.940 | 21 / 18 | |
| 4.0.939 | 21 / 18 | |
| 4.0.938 | 21 / 18 | |
| 4.0.937 | 21 / 18 | |
| 4.0.936 | 21 / 18 | |
| 4.0.935 | 21 / 18 | |
| 4.0.934 | 21 / 18 | |
| 4.0.933 | 21 / 18 | |
| 4.0.932 | 21 / 18 | |
| 4.0.931 | 21 / 18 | |
| 4.0.930 | 21 / 18 | |
| 4.0.929 | 21 / 18 | |
| 4.0.928 | 21 / 18 | |
| 4.0.927 | 21 / 18 | |
| 4.0.926 | 21 / 18 | |
| 4.0.919 | 21 / 18 | |
| 4.0.918 | 21 / 18 | |
| 4.0.917 | 21 / 18 | |
| 4.0.916 | 21 / 18 | |
| 4.0.915 | 21 / 18 | |
| 4.0.914 | 21 / 18 | |
| 4.0.913 | 21 / 18 | |
| 4.0.912 | 21 / 18 | |
| 4.0.911 | 21 / 18 | |
| 4.0.910 | 21 / 18 | |
| 4.0.909 | 21 / 18 | |
| 4.0.908 | 21 / 18 | |
| 4.0.907 | 21 / 18 | |
| 4.0.906 | 21 / 18 | |
| 4.0.905 | 21 / 18 | |
| 4.0.904 | 21 / 18 | |
| 4.0.903 | 21 / 18 | |
| 4.0.902 | 21 / 18 | |
| 4.0.901 | 21 / 18 | |
| 4.0.900 | 21 / 18 | |
| 4.0.899 | 21 / 18 | |
| 4.0.898 | 21 / 18 | |
| 4.0.897 | 21 / 18 | |
| 4.0.896 | 21 / 18 | |
| 4.0.895 | 21 / 18 | |
| 4.0.894 | 21 / 18 | |
| 4.0.893 | 21 / 18 | |
| 4.0.892 | 21 / 18 | |
| 4.0.891 | 21 / 18 | |
| 4.0.890 | 21 / 18 | |
| 4.0.889 | 21 / 18 | |
| 4.0.888 | 21 / 18 | |
| 4.0.887 | 21 / 18 | |
| 4.0.886 | 21 / 18 | |
| 4.0.885 | 21 / 18 |
v4.0.991
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.990
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.989
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.988
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.987
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.986
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.985
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.984
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.983
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.982
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.981
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.980
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.979
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.978
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.977
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.976
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.975
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.974
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.973
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.972
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.971
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.970
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.969
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.968
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.967
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.966
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.965
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.964
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.963
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.962
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.961
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.960
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.959
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.957
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.956
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.955
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.954
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.953
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.952
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.951
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.950
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.949
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.948
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.947
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.946
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.945
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.944
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.943
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.942
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.941
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.940
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.939
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.938
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.937
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.936
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.935
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.934
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.933
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.932
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.931
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.930
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.929
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.928
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.927
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.926
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.919
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.918
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.917
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.916
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.915
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.914
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.913
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.912
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.911
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.910
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.909
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.908
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.907
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.906
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.905
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.904
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.903
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.902
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.901
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.900
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.899
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.898
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.897
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.896
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.895
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.894
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.893
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.892
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.891
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.890
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.889
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.888
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.887
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.886
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.885
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.