tangly
Self-hosted, open-source documentation framework. Drop-in compatible with Mintlify projects — render existing docs.json/MDX corpora unmodified, with Astro under the hood. Includes a CLI (init, dev, build, migrate), pluggable themes, and full MDX component
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:github-slugger | AI (phantom-deps): Docs framework peer dep; referenced in config files as documented. | ai | |
| phantom-deps | phantom-dep:gray-matter | AI (phantom-deps): Docs framework peer dep; referenced in config files as documented. | ai | |
| phantom-deps | phantom-dep:@clack/prompts | AI (phantom-deps): CLI dep; referenced in config files as documented. | ai | |
| phantom-deps | phantom-dep:zod | AI (phantom-deps): Framework re-exports deps for user config; phantom-dep is a stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:citty | AI (phantom-deps): CLI framework dep used in config/bin, not directly imported in analyzed source. | ai | |
| phantom-deps | phantom-dep:chokidar | AI (phantom-deps): Dev/watch dep; referenced in config files as documented. | ai | |
| phantom-deps | phantom-dep:pagefind | AI (phantom-deps): Docs framework peer dep; referenced in config files as documented. | ai | |
| phantom-deps | phantom-dep:picocolors | AI (phantom-deps): CLI utility dep; referenced in config files as documented. | ai | |
| phantom-deps | phantom-dep:unist-util-visit-parents | AI (phantom-deps): Framework dep used in config templates, not direct imports. | ai | |
| phantom-deps | phantom-dep:piccolore | AI (phantom-deps): Framework dep used in config templates, not direct imports. | ai | |
| phantom-deps | phantom-dep:unist-util-visit | AI (phantom-deps): AST visitor used in config/runtime plugins. | ai | |
| phantom-deps | phantom-dep:@shikijs/twoslash | AI (phantom-deps): Shiki plugin resolved via config. | ai | |
| phantom-deps | phantom-dep:@astrojs/cloudflare | AI (phantom-deps): Astro adapter resolved via config. | ai | |
| phantom-deps | phantom-dep:@tanglydocs/theme-pip | AI (phantom-deps): Theme package resolved dynamically by name. | ai | |
| phantom-deps | phantom-dep:katex | AI (phantom-deps): Astro/rehype plugin resolved via config, not direct import. | ai | |
| phantom-deps | phantom-dep:@tanglydocs/theme-tang | AI (phantom-deps): Theme package resolved dynamically by name. | ai | |
| phantom-deps | phantom-dep:@tanglydocs/theme-geist | AI (phantom-deps): Theme package resolved dynamically by name. | ai | |
| phantom-deps | phantom-dep:@tanglydocs/theme-readable | AI (phantom-deps): Theme package resolved dynamically by name. | ai | |
| phantom-deps | phantom-dep:@tanglydocs/theme-pith | AI (phantom-deps): Theme package resolved dynamically by name. | ai | |
| phantom-deps | phantom-dep:shiki | AI (phantom-deps): Astro/rehype plugin resolved via config, not direct import. | ai | |
| phantom-deps | phantom-dep:unified | AI (phantom-deps): Remark/rehype pipeline dep resolved via config. | ai | |
| phantom-deps | phantom-dep:twoslash | AI (phantom-deps): Shiki plugin resolved via config. | ai | |
| phantom-deps | phantom-dep:tailwindcss | AI (phantom-deps): Vite plugin resolved via config. | ai | |
| phantom-deps | phantom-dep:rehype-shiki | AI (phantom-deps): Rehype plugin resolved via config. | ai | |
| phantom-deps | phantom-dep:remark-parse | AI (phantom-deps): Unified pipeline dep resolved via config. | ai | |
| phantom-deps | phantom-dep:@astrojs/node | AI (phantom-deps): Astro adapter resolved via config. | ai | |
| phantom-deps | phantom-dep:remark-rehype | AI (phantom-deps): Unified pipeline dep resolved via config. | ai | |
| phantom-deps | phantom-dep:rehype-stringify | AI (phantom-deps): Unified pipeline dep resolved via config. | ai |
Versions (showing 13 of 13)
| Version | Deps | Published |
|---|---|---|
| 0.2.0 | 45 / 2 | |
| 0.1.7 | 43 / 2 | |
| 0.1.6 | 43 / 2 | |
| 0.1.5 | 43 / 2 | |
| 0.1.4 | 43 / 2 | |
| 0.1.3 | 43 / 2 | |
| 0.1.2 | 41 / 2 | |
| 0.1.0 | 41 / 2 | |
| 0.0.12 | 41 / 2 | |
| 0.0.11 | 41 / 2 | |
| 0.0.6 | 40 / 2 | |
| 0.0.2 | 39 / 2 | |
| 0.0.1 | 0 / 0 |
v0.2.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.