@mintlify/previewing
Preview Mintlify docs locally
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:is-online | AI (dependencies): is-online is a well-known, widely-used npm package for network connectivity checks; appropriate for a local docs preview tool. Not a security risk. | ai | |
| phantom-deps | phantom-dep:front-matter | AI (phantom-deps): front-matter is declared as a dependency and used in the broader Mintlify ecosystem; phantom detection is a false positive for this package's usage pattern. | ai | |
| phantom-deps | phantom-dep:openapi-types | AI (phantom-deps): openapi-types is a type-only package; phantom detection is expected and not a security concern for this package. | ai | |
| phantom-deps | phantom-dep:unist-util-visit | AI (phantom-deps): unist-util-visit is used transitively in the Mintlify doc processing pipeline; phantom detection is a stable false positive for this package. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): child_process (execFile) is used in export-scripts/serve.js for a local dev server — expected behavior for a docs previewing tool. Not a security risk. | ai | |
| provenance | no-provenance | AI (provenance): Package is published via GitHub Actions CI pipeline for a well-established org with 1161 versions and 132k weekly downloads. Lack of Sigstore provenance is acceptable here. | ai |
Versions (showing 100 of 619)
| Version | Deps | Published |
|---|---|---|
| 4.0.1122 | 21 / 18 | |
| 4.0.1121 | 21 / 18 | |
| 4.0.1120 | 21 / 18 | |
| 4.0.1119 | 21 / 18 | |
| 4.0.1118 | 21 / 18 | |
| 4.0.1117 | 21 / 18 | |
| 4.0.1116 | 21 / 18 | |
| 4.0.1115 | 21 / 18 | |
| 4.0.1114 | 21 / 18 | |
| 4.0.1113 | 21 / 20 | |
| 4.0.1112 | 21 / 20 | |
| 4.0.1111 | 21 / 20 | |
| 4.0.1110 | 21 / 20 | |
| 4.0.1109 | 21 / 20 | |
| 4.0.1108 | 21 / 20 | |
| 4.0.1107 | 21 / 20 | |
| 4.0.1106 | 21 / 20 | |
| 4.0.1105 | 21 / 20 | |
| 4.0.1104 | 21 / 20 | |
| 4.0.1103 | 21 / 20 | |
| 4.0.1102 | 21 / 20 | |
| 4.0.1101 | 21 / 20 | |
| 4.0.1100 | 21 / 20 | |
| 4.0.1099 | 21 / 20 | |
| 4.0.1098 | 21 / 20 | |
| 4.0.1097 | 21 / 20 | |
| 4.0.1096 | 21 / 20 | |
| 4.0.1095 | 21 / 20 | |
| 4.0.1094 | 21 / 20 | |
| 4.0.1093 | 21 / 20 | |
| 4.0.1092 | 21 / 20 | |
| 4.0.1091 | 21 / 20 | |
| 4.0.1090 | 21 / 20 | |
| 4.0.1089 | 21 / 20 | |
| 4.0.1088 | 21 / 20 | |
| 4.0.1087 | 21 / 20 | |
| 4.0.1086 | 21 / 20 | |
| 4.0.1085 | 21 / 20 | |
| 4.0.1084 | 21 / 20 | |
| 4.0.1083 | 21 / 20 | |
| 4.0.1082 | 21 / 20 | |
| 4.0.1081 | 21 / 20 | |
| 4.0.1080 | 21 / 20 | |
| 4.0.1079 | 21 / 20 | |
| 4.0.1078 | 21 / 20 | |
| 4.0.1077 | 21 / 20 | |
| 4.0.1076 | 21 / 20 | |
| 4.0.1075 | 21 / 20 | |
| 4.0.1074 | 21 / 20 | |
| 4.0.1073 | 21 / 20 | |
| 4.0.1072 | 21 / 20 | |
| 4.0.1071 | 21 / 20 | |
| 4.0.1070 | 21 / 20 | |
| 4.0.1069 | 21 / 20 | |
| 4.0.1068 | 21 / 20 | |
| 4.0.1067 | 21 / 20 | |
| 4.0.1066 | 21 / 20 | |
| 4.0.1065 | 21 / 20 | |
| 4.0.1064 | 21 / 20 | |
| 4.0.1063 | 21 / 20 | |
| 4.0.1062 | 21 / 20 | |
| 4.0.1061 | 21 / 20 | |
| 4.0.1060 | 21 / 20 | |
| 4.0.1059 | 21 / 20 | |
| 4.0.1058 | 21 / 20 | |
| 4.0.1057 | 21 / 20 | |
| 4.0.1056 | 21 / 20 | |
| 4.0.1055 | 21 / 20 | |
| 4.0.1054 | 21 / 20 | |
| 4.0.1053 | 21 / 20 | |
| 4.0.1052 | 21 / 20 | |
| 4.0.1051 | 21 / 20 | |
| 4.0.1050 | 21 / 20 | |
| 4.0.1049 | 21 / 20 | |
| 4.0.1048 | 21 / 20 | |
| 4.0.1047 | 21 / 20 | |
| 4.0.1046 | 21 / 20 | |
| 4.0.1045 | 21 / 20 | |
| 4.0.1044 | 21 / 20 | |
| 4.0.1043 | 21 / 20 | |
| 4.0.1042 | 21 / 20 | |
| 4.0.1041 | 21 / 20 | |
| 4.0.1040 | 21 / 20 | |
| 4.0.1039 | 21 / 20 | |
| 4.0.1038 | 21 / 20 | |
| 4.0.1037 | 21 / 20 | |
| 4.0.1036 | 21 / 20 | |
| 4.0.1035 | 21 / 20 | |
| 4.0.1034 | 21 / 20 | |
| 4.0.1033 | 21 / 20 | |
| 4.0.1032 | 21 / 20 | |
| 4.0.1031 | 21 / 20 | |
| 4.0.1030 | 21 / 20 | |
| 4.0.1029 | 21 / 20 | |
| 4.0.1028 | 21 / 20 | |
| 4.0.1027 | 21 / 20 | |
| 4.0.1026 | 21 / 20 | |
| 4.0.1025 | 21 / 20 | |
| 4.0.1024 | 21 / 20 | |
| 4.0.1023 | 21 / 20 |
v4.0.1122
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1121
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1120
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1119
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1118
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1117
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1116
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1115
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1114
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1113
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1112
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1111
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1110
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1109
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1108
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1107
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1106
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1105
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1104
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1103
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1102
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1101
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1100
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1099
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1098
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1097
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1096
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1095
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1094
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1093
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1092
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1091
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1090
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1089
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1088
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1087
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1086
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1085
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1084
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1083
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1082
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1081
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1080
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1079
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1078
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1077
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1076
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1075
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1074
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1073
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1072
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1071
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1070
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1069
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1068
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1067
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1066
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1065
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1064
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1063
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1062
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1061
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1060
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1059
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1058
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1057
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1056
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1055
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1054
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1053
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1052
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1051
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1050
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1049
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1048
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1047
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1046
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1045
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1044
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1043
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1042
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1041
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1040
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1039
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1038
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1037
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1036
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1035
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1034
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1033
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1032
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1031
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1030
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1029
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1028
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1027
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1026
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1025
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1024
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1023
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.