@backstage/plugin-api-docs

A Backstage plugin that helps represent API entities in the frontend

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

patrikofrebenmarcuseide

Keywords

backstage

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:isomorphic-form-data	AI (phantom-deps): Declared dependency used indirectly; stable pattern for this package.	ai	2026/05/18
phantom-deps	phantom-dep:@material-ui/icons	AI (phantom-deps): @material-ui/icons is the standard MUI icons package; phantom detection is a false positive for this well-known Backstage dependency.	ai	2026/04/27
dependencies	unvetted-dep:@asyncapi/react-component	AI (dependencies): @asyncapi/react-component is the official AsyncAPI React renderer; expected for an API docs plugin supporting AsyncAPI specs.	ai	2026/04/27
dependencies	unvetted-dep:@material-ui/lab	AI (dependencies): @material-ui/lab is a well-known React UI library, expected dependency for Backstage frontend plugins using MUI v4.	ai	2026/04/27
phantom-deps	phantom-dep:graphql-config	AI (phantom-deps): graphql-config is a standard GraphQL tooling package; declared for config file usage, not a security concern.	ai	2026/04/27
phantom-deps	phantom-dep:graphql-ws	AI (phantom-deps): graphql-ws is a legitimate GraphQL subscription transport; declared for consumer use in config, not a security concern.	ai	2026/04/27
dependencies	unvetted-dep:swagger-ui-react	AI (dependencies): swagger-ui-react is the official Swagger UI React wrapper; expected for an API docs plugin rendering OpenAPI specs.	ai	2026/04/27