@vxrn/mdx
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/index.native.js | AI (source-diff): Standard esbuild minified bundle for React Native target; not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/index.native.js | AI (source-diff): Network/exec pattern is from bundled MDX/file-processing deps, not a dropper. | ai | |
| phantom-deps | phantom-dep:shiki | AI (phantom-deps): shiki is a declared dependency used in bundled output; phantom-dep heuristic fires on bundled packages. | ai | |
| typosquat | typosquat.levenshtein:mobx | AI (typosquat): Scoped MDX/Tamagui package; name similarity to mobx is coincidental, not impersonation. | ai | |
| phantom-deps | phantom-dep:esbuild-wasm | AI (phantom-deps): esbuild-wasm is a platform-specific binary dependency; phantom-dep heuristic is expected to fire here. | ai | |
| phantom-deps | phantom-dep:rehype | AI (phantom-deps): rehype is a declared dependency; phantom-dep heuristic fires on bundled packages. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Monorepo sub-package; missing description/repo/keywords is a cosmetic gap, not a spam indicator. | ai |
Versions (showing 64 of 272)
| Version | Deps | Published |
|---|---|---|
| 1.1.545 | 17 / 1 | |
| 1.1.544 | 17 / 1 | |
| 1.1.543 | 17 / 1 | |
| 1.1.542 | 17 / 1 | |
| 1.1.541 | 17 / 1 | |
| 1.1.540 | 17 / 1 | |
| 1.1.539 | 17 / 1 | |
| 1.1.538 | 16 / 1 | |
| 1.1.537 | 16 / 1 | |
| 1.1.536 | 16 / 1 | |
| 1.1.535 | 16 / 1 | |
| 1.1.534 | 16 / 1 | |
| 1.1.533 | 16 / 1 | |
| 1.1.532 | 16 / 1 | |
| 1.1.531 | 16 / 1 | |
| 1.1.530 | 16 / 1 | |
| 1.1.529 | 16 / 1 | |
| 1.1.528 | 16 / 1 | |
| 1.1.527 | 16 / 1 | |
| 1.1.526 | 16 / 1 | |
| 1.1.525 | 16 / 1 | |
| 1.1.524 | 16 / 1 | |
| 1.1.523 | 16 / 1 | |
| 1.1.522 | 16 / 1 | |
| 1.1.521 | 16 / 1 | |
| 1.1.520 | 16 / 1 | |
| 1.1.519 | 16 / 1 | |
| 1.1.518 | 16 / 1 | |
| 1.1.517 | 16 / 1 | |
| 1.1.516 | 16 / 1 | |
| 1.1.515 | 16 / 1 | |
| 1.1.514 | 16 / 1 | |
| 1.1.513 | 16 / 1 | |
| 1.1.512 | 16 / 1 | |
| 1.1.511 | 16 / 1 | |
| 1.1.510 | 16 / 1 | |
| 1.1.509 | 16 / 1 | |
| 1.1.508 | 16 / 1 | |
| 1.1.507 | 16 / 1 | |
| 1.1.506 | 16 / 1 | |
| 1.1.505 | 16 / 1 | |
| 1.1.504 | 16 / 1 | |
| 1.1.502 | 16 / 1 | |
| 1.1.501 | 16 / 1 | |
| 1.1.500 | 16 / 1 | |
| 1.1.499 | 16 / 1 | |
| 1.1.498 | 16 / 1 | |
| 1.1.497 | 16 / 1 | |
| 1.1.496 | 16 / 1 | |
| 1.1.495 | 16 / 1 | |
| 1.1.494 | 16 / 1 | |
| 1.1.493 | 16 / 1 | |
| 1.1.492 | 16 / 1 | |
| 1.1.491 | 16 / 1 | |
| 1.1.490 | 16 / 1 | |
| 1.1.489 | 16 / 1 | |
| 1.1.488 | 16 / 1 | |
| 1.1.487 | 16 / 1 | |
| 1.1.486 | 16 / 1 | |
| 1.1.485 | 16 / 1 | |
| 1.1.484 | 16 / 1 | |
| 1.1.483 | 16 / 1 | |
| 1.1.482 | 16 / 1 | |
| 1.1.481 | 16 / 1 |
v1.1.545
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.544
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.543
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.542
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.541
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.540
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.539
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.538
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.537
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.536
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.535
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.534
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.533
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.532
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.531
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.530
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.529
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.528
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.527
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.526
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.525
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.524
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.523
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.522
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.521
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.520
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.519
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.518
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.517
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.516
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.515
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.514
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.513
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.512
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.511
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.510
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.509
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.508
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.507
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.506
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.505
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.504
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.502
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.501
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.500
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.499
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.498
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.497
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.496
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.495
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.494
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.493
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.492
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.491
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.490
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.489
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.488
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.487
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.486
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.485
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.484
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.483
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.482
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.481
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.