← Home

@tinacms/mdx

npm Repository Homepage
5
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

wicksipediarobt-tina

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
typosquat typosquat.levenshtein:mobx AI (typosquat): Scoped @tinacms/ package; name similarity to mobx is coincidental, not a typosquat. ai
phantom-deps phantom-dep:uvu AI (phantom-deps): Test/config dependency; phantom-dep heuristic fires on config references, not a real concern. ai
phantom-deps phantom-dep:acorn AI (phantom-deps): Config/build reference; stable false positive for this package. ai
phantom-deps phantom-dep:ccount AI (phantom-deps): Config/build reference; stable false positive for this package. ai
phantom-deps phantom-dep:remark AI (phantom-deps): Config/build reference; stable false positive for this package. ai
phantom-deps phantom-dep:typedoc AI (phantom-deps): Docs tooling reference; stable false positive for this package. ai
phantom-deps phantom-dep:prettier AI (phantom-deps): Config/build reference; stable false positive for this package. ai
phantom-deps phantom-dep:remark-gfm AI (phantom-deps): Config/build reference; stable false positive for this package. ai
phantom-deps phantom-dep:remark-mdx AI (phantom-deps): Config/build reference; stable false positive for this package. ai
phantom-deps phantom-dep:vfile-message AI (phantom-deps): Config/build reference; stable false positive for this package. ai
phantom-deps phantom-dep:mdast-util-gfm AI (phantom-deps): Config/build reference; stable false positive for this package. ai
phantom-deps phantom-dep:parse-entities AI (phantom-deps): Config/build reference; stable false positive for this package. ai
phantom-deps phantom-dep:unist-util-visit AI (phantom-deps): Config/build reference; stable false positive for this package. ai
phantom-deps phantom-dep:unist-util-source AI (phantom-deps): Config/build reference; stable false positive for this package. ai
phantom-deps phantom-dep:mdast-util-compact AI (phantom-deps): Config/build reference; stable false positive for this package. ai
phantom-deps phantom-dep:stringify-entities AI (phantom-deps): Config/build reference; stable false positive for this package. ai
phantom-deps phantom-dep:micromark-util-symbol AI (phantom-deps): Config/build reference; stable false positive for this package. ai
phantom-deps phantom-dep:micromark-extension-gfm AI (phantom-deps): Config/build reference; stable false positive for this package. ai
phantom-deps phantom-dep:micromark-factory-space AI (phantom-deps): Config/build reference; stable false positive for this package. ai
phantom-deps phantom-dep:micromark-util-character AI (phantom-deps): Config/build reference; stable false positive for this package. ai

Versions (showing 5 of 5)

Version Deps Published
2.1.6 29 / 14
2.1.5 29 / 14
2.1.4 29 / 14
2.1.3 29 / 14
2.0.4 29 / 14

v2.1.6

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.