All affected package versions have been deprecated, and new safe versions are now available.

We are actively hardening our dependency management and publishing pipeline to prevent future incidents.

A detailed postmortem will follow with additional information and preventative measures.

If you installed or updated the Mintlify CLI between November 21st to 24th, 2025, please take the following actions immediately:

• Clear your npm/pnpm cache

• Update to the latest safe version: npm install -g mint@latest

• Review your GitHub tokens and credentials

• Check for unauthorized GitHub repositories

All affected package versions have been deprecated on npm. We are working with npm to remove compromised versions entirely. All affected release versions have been removed from Mintlify's own release chain

New safe versions with pinned dependencies have been published.

We've confirmed that compromised dependencies of the Mintlify CLI were @asyncapi/parser (3.4.1, 3.4.2) and @asyncapi/specs (6.8.2, 6.8.3, 6.9.1, 6.10.1).

We are publishing new versions with pinned dependencies and deprecating all affected versions.