zudoku — Greenflagged

Framework for building high quality, interactive API documentation.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

vazexqintottenzuplo-integrationsdan-lee

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	new-deps-added	AI (publish-pattern): Active framework with frequent releases; @base-ui/react is a legitimate MUI-backed UI library.	ai	2026/05/08
dependencies	unvetted-dep:@zuplo/mcp	AI (dependencies): First-party Zuplo package; same org as zudoku publisher.	ai	2026/05/01
dependencies	unvetted-dep:@zudoku/httpsnippet	AI (dependencies): Scoped to @zudoku org; expected dependency for this framework.	ai	2026/05/01
dependencies	unvetted-dep:@zudoku/react-helmet-async	AI (dependencies): Scoped to @zudoku org; expected dependency for this framework.	ai	2026/05/01
dependencies	unvetted-dep:@radix-ui/react-hover-card	AI (dependencies): Radix UI is a well-known UI library; consistent with other @radix-ui deps already in use.	ai	2026/05/01
dependencies	unvetted-dep:remark-comment	AI (dependencies): Small remark plugin; consistent with MDX/markdown processing use case.	ai	2026/05/01
dependencies	unvetted-dep:remark-directive-rehype	AI (dependencies): Small remark/rehype plugin; consistent with MDX/markdown processing use case.	ai	2026/05/01
dependencies	unvetted-dep:rehype-mdx-import-media	AI (dependencies): Rehype plugin for MDX; consistent with framework's markdown processing.	ai	2026/05/01
dependencies	unvetted-dep:@lekoarts/rehype-meta-as-attributes	AI (dependencies): Rehype plugin from known Gatsby/MDX ecosystem author; consistent use case.	ai	2026/05/01
dependencies	unvetted-dep:@pothos/core	AI (dependencies): GraphQL schema builder; consistent with graphql/graphql-yoga deps in this package.	ai	2026/05/01
semgrep	semgrep:env-spread	AI (semgrep): Vite config loader merging prefixed env vars into process.env; standard pattern for this framework, not exfiltration.	ai	2026/04/29
semgrep	semgrep:env-bulk-read	AI (semgrep): Reads process.env keys filtered by envPrefix — standard Vite env loading pattern for this config framework.	ai	2026/04/29
phantom-deps	phantom-dep:tailwindcss	AI (phantom-deps): Referenced in config files by convention; stable false positive for this CSS framework package.	ai	2026/04/29
phantom-deps	phantom-dep:@types/react	AI (phantom-deps): Framework-scoped type package; loaded by convention, not direct import.	ai	2026/04/29
phantom-deps	phantom-dep:tw-animate-css	AI (phantom-deps): CSS utility referenced in config; stable false positive for this package.	ai	2026/04/29
phantom-deps	phantom-dep:@types/react-dom	AI (phantom-deps): Framework-scoped type package; loaded by convention.	ai	2026/04/29
phantom-deps	phantom-dep:@radix-ui/react-toggle	AI (phantom-deps): Config-referenced UI component; stable false positive for this package.	ai	2026/04/29
phantom-deps	phantom-dep:@tailwindcss/typography	AI (phantom-deps): Config-referenced CSS plugin; stable false positive for this package.	ai	2026/04/29
phantom-deps	phantom-dep:@radix-ui/react-toggle-group	AI (phantom-deps): Config-referenced UI component; stable false positive for this package.	ai	2026/04/29
phantom-deps	phantom-dep:json-schema-to-typescript-lite	AI (phantom-deps): Config-referenced utility; stable false positive for this package.	ai	2026/04/29