← Home

@apify/docusaurus-plugin-typedoc-api

npm Repository Homepage

Docusaurus plugin that provides source code API documentation powered by TypeDoc.

49
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

mtrunkatjancurnpetrpatekmnmkngjaroslavhejlekdrobnikjmetalwarrior665fnesvedab4nanjanbucharapify-service-account

Keywords

docusaurusplugintypedocapi

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff large-new-source-files AI (source-diff): 68 new source files reflect normal plugin expansion; no indicators of bundled/injected malicious code. ai
dependencies unvetted-dep:cheerio AI (dependencies): cheerio is a standard HTML parsing library; legitimate for DOM manipulation in documentation processing. ai
maintainer-change maintainer-added AI (maintainer-change): New maintainer addition is legitimate for mature package with SLSA provenance; no compromise indicators. ai
provenance publisher-changed AI (provenance): Publisher change to GitHub Actions is consistent with CI/CD automation; SLSA attestation confirms legitimacy. ai
publish-pattern new-deps-added AI (publish-pattern): New dependencies (cheerio, @docusaurus/theme-common) are established packages appropriate for a Docusaurus plugin. ai
phantom-deps phantom-dep:@types/react AI (phantom-deps): @types/react is framework-scoped and loaded by convention in Docusaurus plugins. ai
phantom-deps phantom-dep:zx AI (phantom-deps): zx is declared and used in config files for shell scripting; phantom status is expected for build tools. ai
semgrep semgrep:child-process-import AI (semgrep): child_process is legitimately used to execute Python scripts for TypeDoc documentation generation; core to plugin functionality. ai
dependencies unvetted-dep:html-entities AI (dependencies): html-entities is a small, pinned utility for HTML entity encoding; no risk. ai
dependencies unvetted-dep:zx AI (dependencies): zx is an established shell scripting library; legitimate for build/dev tooling in a Docusaurus plugin. ai
dependencies unvetted-dep:@docusaurus/utils AI (dependencies): Official Docusaurus utilities package from Meta; expected dependency for any Docusaurus plugin. ai
dependencies unvetted-dep:typedoc AI (dependencies): typedoc is the core dependency for this plugin; its use is fundamental to the package purpose. ai
dependencies unvetted-dep:marked AI (dependencies): marked is a standard markdown parser; unvetted status is expected for ecosystem packages. ai
dependencies unvetted-dep:@docusaurus/types AI (dependencies): Official Docusaurus types package from Meta; expected dependency for any Docusaurus plugin. ai
dependencies unvetted-dep:@vscode/codicons AI (dependencies): @vscode/codicons is an official VS Code package; unvetted status is expected. ai
dependencies unvetted-dep:@docusaurus/plugin-content-docs AI (dependencies): Official Docusaurus content-docs plugin from Meta; expected dependency for a docs-generating plugin. ai
provenance no-provenance AI (provenance): Apify's organizational publishing account; package has 51 versions over ~994 days with no provenance issues. Lack of Sigstore attestation is common and not a risk indicator for this established package. ai

Versions (showing 49 of 49)

Version Deps Published
5.1.11 7 / 19
5.1.10 7 / 19
5.1.9 7 / 19
5.1.8 7 / 19
5.1.7 7 / 19
5.1.6 7 / 19
5.1.4 7 / 19
5.1.3 8 / 18
5.1.2 8 / 18
5.1.1 8 / 18
5.1.0 8 / 18
5.0.0 6 / 18
4.4.12 6 / 8
4.4.11 6 / 8
4.4.8 6 / 8
4.4.7 6 / 8
4.4.6 6 / 8
4.4.5 6 / 8
4.4.4 6 / 8
4.4.3 10 / 5
4.4.2 10 / 5
4.4.1 10 / 5
4.4.0 10 / 5
4.3.12 10 / 5
4.3.11 10 / 5
4.3.10 10 / 5
4.3.9 10 / 5
4.3.8 10 / 5
4.3.7 10 / 5
4.3.6 10 / 5
4.3.5 10 / 5
4.3.4 10 / 5
4.3.3 10 / 5
4.3.2 10 / 5
4.3.1 10 / 5
4.3.0 10 / 5
4.2.10 10 / 5
4.2.9 10 / 5
4.2.8 10 / 5
4.2.7 9 / 5
4.2.6 9 / 5
4.2.5 8 / 5
4.2.4 8 / 5
4.2.3 8 / 5
4.2.2 7 / 5
4.2.1 7 / 5
4.2.0 7 / 5
3.0.1 6 / 4
3.0.0 6 / 4

v5.1.11

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.1.10

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.1.9

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.1.8

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.1.7

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.1.6

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.1.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.