@mintlify/common — Greenflagged

Commonly shared code within Mintlify

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

dks333hanminthahnbeeshouchem-mintlifykathrynmintlifykylefinkenian-mintlifydenssumesh

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	new-deps-added	AI (publish-pattern): New deps are canonical remark/rehype ecosystem packages consistent with existing unified stack; no malicious signal.	ai	2026/04/27
dependencies	unvetted-dep:color-blend	AI (dependencies): color-blend is a legitimate color manipulation utility; appropriate for a UI/documentation library.	ai	2026/04/25
dependencies	unvetted-dep:@types/mdast	AI (dependencies): Type definitions package from DefinitelyTyped; no runtime risk, appropriate for a markdown processing library.	ai	2026/04/25
dependencies	unvetted-dep:@mintlify/mdx	AI (dependencies): First-party Mintlify package; same organization as this package.	ai	2026/04/25
dependencies	unvetted-dep:@asyncapi/specs	AI (dependencies): Official AsyncAPI specification package from the AsyncAPI Initiative; legitimate for API documentation tooling.	ai	2026/04/25
dependencies	unvetted-dep:@asyncapi/parser	AI (dependencies): Official AsyncAPI parser from the AsyncAPI Initiative; legitimate for API documentation tooling.	ai	2026/04/25
dependencies	unvetted-dep:@mintlify/models	AI (dependencies): First-party Mintlify package; same organization as this package.	ai	2026/04/25
dependencies	unvetted-dep:hex-rgb	AI (dependencies): hex-rgb is a well-known, single-purpose utility package by sindresorhus ecosystem; legitimate dependency for color processing.	ai	2026/04/25
dependencies	unvetted-dep:@mintlify/openapi-parser	AI (dependencies): First-party Mintlify package; same organization as this package.	ai	2026/04/25
phantom-deps	phantom-dep:@types/mdast	AI (phantom-deps): Type-only package; framework-scoped usage is expected for TypeScript projects using mdast types.	ai	2026/04/25
phantom-deps	phantom-dep:@asyncapi/specs	AI (phantom-deps): Config-referenced usage is expected for AsyncAPI spec validation; not a direct import pattern.	ai	2026/04/25
phantom-deps	phantom-dep:hast-util-to-text	AI (phantom-deps): Config-referenced in a markdown/MDX processing library; indirect usage pattern is legitimate.	ai	2026/04/25
phantom-deps	phantom-dep:micromark-extension-mdx-jsx	AI (phantom-deps): Config-referenced in a markdown/MDX processing library; indirect usage pattern is legitimate.	ai	2026/04/25
provenance	no-provenance	AI (provenance): Established package with 858 versions and 230k weekly downloads; lack of provenance is common and not a risk indicator here.	ai	2026/04/25
dependencies	unvetted-dep:@mintlify/validation	AI (dependencies): First-party Mintlify package; same organization as this package.	ai	2026/04/25

Versions (showing 100 of 394)

Version	Deps	Published
1.0.723	48 / 15	2026-02-12
1.0.722	48 / 15	2026-02-11
1.0.705	47 / 15	2026-02-04
1.0.649	47 / 15	2025-12-23
1.0.648	43 / 16	2025-12-23
1.0.647	43 / 16	2025-12-23
1.0.646	43 / 16	2025-12-23
1.0.645	43 / 16	2025-12-22
1.0.644	43 / 16	2025-12-22
1.0.643	43 / 16	2025-12-19
1.0.642	43 / 16	2025-12-18
1.0.641	44 / 16	2025-12-18
1.0.640	44 / 16	2025-12-17
1.0.639	44 / 16	2025-12-16
1.0.638	43 / 16	2025-12-16
1.0.637	43 / 16	2025-12-16
1.0.636	43 / 16	2025-12-15
1.0.635	43 / 16	2025-12-13
1.0.634	43 / 16	2025-12-13
1.0.633	43 / 16	2025-12-12
1.0.632	43 / 16	2025-12-12
1.0.631	43 / 16	2025-12-11
1.0.630	43 / 16	2025-12-11
1.0.629	43 / 16	2025-12-10
1.0.628	43 / 16	2025-12-10
1.0.627	43 / 16	2025-12-09
1.0.626	43 / 16	2025-12-09
1.0.625	43 / 16	2025-12-09
1.0.624	43 / 16	2025-12-08
1.0.623	43 / 16	2025-12-04
1.0.622	43 / 16	2025-12-04
1.0.621	43 / 16	2025-12-01
1.0.620	43 / 16	2025-12-01
1.0.619	43 / 16	2025-11-27
1.0.618	43 / 16	2025-11-26
1.0.617	43 / 16	2025-11-26
1.0.616	43 / 16	2025-11-26
1.0.615	43 / 16	2025-11-25
1.0.614	43 / 16	2025-11-24
1.0.613	43 / 16	2025-11-24
1.0.612	42 / 16	2025-11-24
1.0.611	42 / 16	2025-11-22
1.0.610	42 / 16	2025-11-20
1.0.609	42 / 16	2025-11-20
1.0.608	42 / 16	2025-11-20
1.0.607	42 / 16	2025-11-18
1.0.606	42 / 16	2025-11-14
1.0.605	42 / 16	2025-11-14
1.0.604	42 / 16	2025-11-14
1.0.603	42 / 16	2025-11-14
1.0.602	42 / 16	2025-11-13
1.0.601	42 / 16	2025-11-13
1.0.600	42 / 16	2025-11-12
1.0.599	42 / 16	2025-11-11
1.0.598	42 / 16	2025-11-11
1.0.597	42 / 16	2025-11-11
1.0.596	42 / 16	2025-11-11
1.0.595	42 / 16	2025-11-10
1.0.594	42 / 16	2025-11-07
1.0.593	43 / 16	2025-11-06
1.0.592	43 / 16	2025-10-31
1.0.591	43 / 16	2025-10-31
1.0.590	43 / 16	2025-10-30
1.0.589	43 / 16	2025-10-28
1.0.588	43 / 16	2025-10-28
1.0.587	43 / 16	2025-10-27
1.0.586	43 / 16	2025-10-27
1.0.585	43 / 16	2025-10-26
1.0.584	43 / 16	2025-10-24
1.0.583	43 / 16	2025-10-21
1.0.582	43 / 16	2025-10-20
1.0.581	43 / 16	2025-10-20
1.0.580	43 / 16	2025-10-16
1.0.579	43 / 16	2025-10-16
1.0.578	43 / 16	2025-10-15
1.0.577	43 / 16	2025-10-15
1.0.576	43 / 16	2025-10-14
1.0.575	43 / 16	2025-10-14
1.0.574	43 / 16	2025-10-13
1.0.573	43 / 16	2025-10-13
1.0.572	43 / 16	2025-10-13
1.0.571	43 / 16	2025-10-10
1.0.570	43 / 16	2025-10-10
1.0.569	43 / 16	2025-10-09
1.0.568	43 / 16	2025-10-09
1.0.567	43 / 16	2025-10-08
1.0.566	43 / 16	2025-10-08
1.0.565	43 / 16	2025-10-08
1.0.564	43 / 16	2025-10-07
1.0.563	43 / 16	2025-10-07
1.0.562	43 / 16	2025-10-07
1.0.561	43 / 16	2025-10-07
1.0.560	43 / 16	2025-10-07
1.0.559	43 / 16	2025-10-07
1.0.558	43 / 16	2025-10-06
1.0.557	43 / 16	2025-10-06
1.0.556	43 / 16	2025-10-06
1.0.555	43 / 16	2025-10-03
1.0.554	43 / 16	2025-10-03
1.0.553	43 / 16	2025-10-03

Showing 100 of 394 Next page →

v1.0.723

2 findings

HIGH Publisher changed: hahnbee → GitHub Actions (on 2026-02-12) provenance

This version was published by a different npm account than previous versions on 2026-02-12. This could indicate a legitimate maintainer transition or an account compromise.