writr
Markdown Rendering Simplified
4
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
jaredwray
Keywords
markdownhtmlrenderermarkdown-to-htmltoctable-of-contentsemojisyntax-highlightingmarkdown-processorgithub-flavored-markdowngfmremark-pluginrehype-pluginmarkdown-editorcontent-managementdocumentation-toolbloggingmarkdown-extensionseo-friendlymarkdown-anchorsremarkrehypereactreact-componentreact-markdownmarkdown-to-react
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | slsa-provenance | AI (provenance): Package consistently published via CI/CD with Sigstore attestation; publisher-changed to GitHub Actions is expected for this workflow. | ai | |
| dependencies | unvetted-dep:remark-toc | AI (dependencies): remark-toc is a well-known remark ecosystem plugin; stable false positive for this markdown renderer. | ai | |
| dependencies | unvetted-dep:remark-github-blockquote-alert | AI (dependencies): Legitimate remark plugin for GH-style blockquote alerts; appropriate dependency for this package. | ai |
Versions (showing 4 of 4)
| Version | Deps | Published |
|---|---|---|
| 6.1.3 | 22 / 20 | |
| 6.1.2 | 22 / 20 | |
| 5.0.2 | 19 / 13 | |
| 5.0.1 | 19 / 10 |
v6.1.3
2 findings
HIGH
Publisher changed: jaredwray → GitHub Actions (on 2026-06-15)
provenance
This version was published by a different npm account than previous versions on 2026-06-15. This could indicate a legitimate maintainer transition or an account compromise.
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.