next-mdx-remote-client
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@types/mdx | AI (dependencies): @types/mdx is the official MDX type definitions package; expected runtime dep for TypeScript MDX consumers. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): @types/mdx is a benign types package addition, not a supply-chain risk. | ai | |
| phantom-deps | phantom-dep:@types/mdx | AI (phantom-deps): Type-only package loaded by convention; not directly imported but provides ambient types. | ai | |
| dependencies | unvetted-dep:vfile-matter | AI (dependencies): vfile-matter is a standard unified ecosystem package for frontmatter parsing; appropriate and expected dependency for an MDX processing library. | ai | |
| dependencies | unvetted-dep:remark-mdx-remove-esm | AI (dependencies): remark-mdx-remove-esm is a remark plugin from the same ipikuka author; appropriate dependency for MDX processing in Next.js context. | ai |
Versions (showing 14 of 14)
| Version | Deps | Published |
|---|---|---|
| 2.1.11 | 8 / 31 | |
| 2.1.10 | 7 / 32 | |
| 2.1.9 | 7 / 32 | |
| 2.1.8 | 7 / 32 | |
| 2.1.7 | 7 / 34 | |
| 2.1.6 | 7 / 33 | |
| 2.1.5 | 7 / 33 | |
| 2.1.4 | 7 / 33 | |
| 2.1.3 | 7 / 33 | |
| 2.1.2 | 7 / 33 | |
| 1.1.8 | 8 / 31 | |
| 1.1.7 | 7 / 32 | |
| 1.1.6 | 7 / 32 | |
| 1.1.5 | 7 / 32 |
v2.1.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.1.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.1.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.1.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.1.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.1.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.1.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.1.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.1.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.1.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.