mdast-util-mdxjs-esm
mdast extension to parse and serialize MDX.js ESM (import/exports)
1
Versions
MIT
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
wooormkmck
Keywords
unistmdastmdast-utilutilutilitymarkdownmarkupmdxmdxjsesmimportexportextension
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:devlop | AI (dependencies): devlop is a legitimate wooorm/unified-ecosystem utility package; stable dependency for this package family. | ai | |
| dependencies | unvetted-dep:@types/hast | AI (dependencies): @types/hast is a standard TypeScript type package for the hast AST; legitimate dependency in the mdast/unified ecosystem. | ai | |
| dependencies | unvetted-dep:@types/mdast | AI (dependencies): @types/mdast is a standard TypeScript type package for the mdast AST; legitimate dependency in the mdast/unified ecosystem. | ai | |
| dependencies | unvetted-dep:mdast-util-to-markdown | AI (dependencies): mdast-util-to-markdown is a core wooorm/syntax-tree package; legitimate and expected dependency for this utility. | ai | |
| dependencies | unvetted-dep:mdast-util-from-markdown | AI (dependencies): mdast-util-from-markdown is a core wooorm/syntax-tree package; legitimate and expected dependency for this utility. | ai | |
| phantom-deps | phantom-dep:@types/hast | AI (phantom-deps): TypeScript @types packages are loaded by convention and not directly imported; standard pattern in typed TS packages. | ai | |
| phantom-deps | phantom-dep:@types/mdast | AI (phantom-deps): TypeScript @types packages are loaded by convention and not directly imported; standard pattern in typed TS packages. | ai | |
| phantom-deps | phantom-dep:@types/estree-jsx | AI (phantom-deps): TypeScript @types packages are loaded by convention and not directly imported; standard pattern in typed TS packages. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Signals are false positives: inflated semver reflects ecosystem v2 bump, and mass-production signal references kmck not the actual publisher wooorm. | ai |
Versions (showing 1 of 1)
| Version | Deps | Published |
|---|---|---|
| 2.0.1 | 6 / 11 |