gatsby-plugin-mdx

MDX integration for Gatsby

Supply chain provenance

Status for the latest visible version.

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

Keywords

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Publisher change reflects Netlify's organizational transition of Gatsby maintainership; serhalp-netlify has 5581 approved packages and 533-day history. Legitimate handoff.	ai	2026/04/23
maintainer-change	maintainer-added	AI (maintainer-change): New maintainers (mlgualtieri-gatsby, serhalp-netlify) have -gatsby/-netlify suffixes consistent with Netlify's Gatsby org transition. Not a hostile takeover signal.	ai	2026/04/23
maintainer-change	maintainer-removed	AI (maintainer-change): Removal of prior maintainer fk is consistent with the documented Netlify/Gatsby organizational transition. No malicious indicators present.	ai	2026/04/23
phantom-deps	phantom-dep:acorn	AI (phantom-deps): gatsby-plugin-mdx declares deps for plugin/config resolution, not direct imports. This is a stable pattern in the Gatsby ecosystem.	ai	2026/04/23
phantom-deps	phantom-dep:astring	AI (phantom-deps): Same as acorn — declared for plugin resolution, not direct import. Stable false positive for this package.	ai	2026/04/23
phantom-deps	phantom-dep:acorn-jsx	AI (phantom-deps): Same as acorn — declared for plugin resolution, not direct import. Stable false positive for this package.	ai	2026/04/23
phantom-deps	phantom-dep:mdast-util-mdx	AI (phantom-deps): Same as acorn — declared for plugin resolution, not direct import. Stable false positive for this package.	ai	2026/04/23
phantom-deps	phantom-dep:remark-unwrap-images	AI (phantom-deps): Same as acorn — declared for plugin resolution, not direct import. Stable false positive for this package.	ai	2026/04/23
phantom-deps	phantom-dep:estree-util-build-jsx	AI (phantom-deps): Same as acorn — declared for plugin resolution, not direct import. Stable false positive for this package.	ai	2026/04/23
phantom-deps	phantom-dep:mdast-util-to-markdown	AI (phantom-deps): Same as acorn — declared for plugin resolution, not direct import. Stable false positive for this package.	ai	2026/04/23
phantom-deps	phantom-dep:rehype-infer-description-meta	AI (phantom-deps): Same as acorn — declared for plugin resolution, not direct import. Stable false positive for this package.	ai	2026/04/23

Version	Deps	Published
1.0.46	35 / 5	2019-09-26
1.0.44	35 / 5	2019-09-24
1.0.43	35 / 5	2019-09-18
1.0.42	35 / 5	2019-09-16
1.0.41	35 / 5	2019-09-10
1.0.40	35 / 5	2019-09-09
1.0.39	35 / 5	2019-09-05
1.0.38	35 / 5	2019-09-04
1.0.37	35 / 5	2019-09-04
1.0.36	35 / 5	2019-09-02
1.0.35	35 / 5	2019-09-02
1.0.34	35 / 5	2019-09-01
1.0.33	35 / 5	2019-08-26
1.0.32	35 / 5	2019-08-25
1.0.31	35 / 5	2019-08-24
1.0.30	35 / 5	2019-08-23
1.0.29	35 / 5	2019-08-23
1.0.28	35 / 5	2019-08-22
1.0.27	35 / 5	2019-08-22
1.0.26	35 / 5	2019-08-21
1.0.25	35 / 5	2019-08-20
1.0.24	35 / 5	2019-08-13
1.0.23	35 / 5	2019-08-06
1.0.22	35 / 5	2019-08-01
1.0.21	34 / 5	2019-08-01
1.0.20	34 / 5	2019-08-01
1.0.19	34 / 5	2019-07-30
1.0.18	27 / 5	2019-07-29
1.0.17	27 / 5	2019-07-25
1.0.16	27 / 5	2019-07-23
1.0.15	27 / 5	2019-07-20
1.0.14	27 / 5	2019-07-19
1.0.13	27 / 5	2019-07-13
1.0.12	27 / 5	2019-07-12
1.0.11	27 / 5	2019-07-11
1.0.10	26 / 5	2019-07-11
1.0.9	26 / 5	2019-07-10
1.0.8	26 / 5	2019-07-09
1.0.7	26 / 5	2019-07-02
1.0.6	26 / 5	2019-06-28
1.0.5	26 / 2	2019-05-25
1.0.4	26 / 2	2019-05-20
1.0.3	26 / 2	2019-05-20
1.0.2	25 / 2	2019-04-18
1.0.1	0 / 2	2018-05-17
1.0.0	0 / 2	2018-05-07
5.18.0-react19.2	19 / 11	2025-11-26
5.18.0-react19.1	19 / 11	2025-11-26
5.18.0-react19.0	19 / 11	2025-11-26
5.17.0-react19.0	19 / 11	2025-11-24
5.17.0-next.0	19 / 11	2025-11-27
5.16.0-next.0	19 / 11	2025-08-27