rehype — Greenflagged

HTML processor powered by plugins part of the unified collective

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

remcohaszingwooormkmck

Keywords

abstractasthtmlparseprocessrehypeserializestringifysyntaxtreeunified

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	new-deps-added	AI (publish-pattern): @types/hast is a pure TypeScript type definitions package with no executable code; its addition as a runtime dep is standard practice in the unified/rehype ecosystem for type re-exports.	ai	2026/04/24
dependencies	unvetted-dep:@types/hast	AI (dependencies): @types/hast is a DefinitelyTyped type-definition package used for TypeScript type exports in the unified ecosystem; no executable risk.	ai	2026/04/23
phantom-deps	phantom-dep:@types/hast	AI (phantom-deps): @types/hast is a type-only dependency loaded by convention in the unified/rehype ecosystem; not a hidden code execution concern.	ai	2026/04/23
maintainer-change	maintainer-added	AI (maintainer-change): remcohaszing is a known contributor in the unified/rehype ecosystem; addition is consistent with legitimate team expansion.	ai	2026/04/23

Versions (showing 18 of 18)

Version	Deps	Published
13.0.2	4 / 0	2024-09-27
13.0.1	4 / 0	2023-08-30
13.0.0	4 / 0	2023-08-26
12.0.1	4 / 0	2022-01-29
12.0.0	4 / 0	2021-07-30
11.0.0	3 / 0	2020-06-08
10.0.0	3 / 0	2020-03-30
9.0.1	3 / 0	2019-11-09
9.0.0	3 / 0	2019-07-01
8.0.0	3 / 0	2019-06-03
7.0.0	3 / 0	2018-11-17
6.0.0	3 / 0	2018-07-17
5.0.1	3 / 0	2017-12-03
5.0.0	3 / 0	2017-06-18
4.0.0	3 / 0	2017-02-23
3.0.0	3 / 0	2016-09-08
2.0.0	3 / 0	2016-07-26
1.0.0	4 / 0	2016-06-19