docs: v2 docs & landing by jktrn-osec · Pull Request #4460 · otter-sec/anchor

jktrn-osec · 2026-04-24T02:09:07Z

No description provided.

vercel · 2026-04-24T02:09:12Z

Someone is attempting to deploy a commit to the Solana Foundation Team on Vercel.

A member of the Team first needs to authorize it.

hacktron-app · 2026-05-28T03:51:29Z

⏭️ Hacktron Security Check — Skipped

Reason: This PR exceeds Hacktron's 200-file review cap and will not be scanned. Split the PR into smaller changes for review coverage.

Split the PR into smaller commits or open separate PRs for unrelated changes.

jktrn-osec · 2026-05-28T03:59:58Z

Rebased onto master

Adds the performance section (custom entrypoint, raw AccountView, zero-copy layout, benchmarking, trade-offs) rewritten in the v2 docs voice, with bench figures recomputed from bench/results.json.

This reverts commit d4d970b.

Fills the two gaps from otter-sec#4591 that the v2 docs did not yet cover: the custom asm/Rust entrypoint with #[discrim] and no-entrypoint, and raw AccountView access. Placed under Security and production, linked from performance-and-optimizations. Verified with astro build.

add mcp docs

socket-security · 2026-06-09T20:34:24Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Quality	License
	npm/@expressive-code/plugin-line-numbers@0.40.2
	npm/astro-pagefind@1.8.6
	npm/class-variance-authority@0.7.1
	npm/@astrojs/markdown-remark@7.0.0
	npm/@shikijs/rehype@3.23.0
	npm/@vercel/og@0.11.1
	npm/@expressive-code/plugin-collapsible-sections@0.40.2
	npm/rehype-expressive-code@0.40.2
	npm/@types/hast@3.0.4
	npm/@expressive-code/plugin-shiki@0.40.2
	npm/@types/react-dom@19.0.0
	npm/@expressive-code/plugin-frames@0.40.2
	npm/@expressive-code/plugin-text-markers@0.40.2
	npm/@shikijs/themes@3.23.0
	npm/shiki@0.14.7 ⏵ 3.23.0	⁺¹⁴	^-15	⁺³¹
	npm/@astrojs/check@0.9.7
	npm/@types/react@19.0.0
	npm/clsx@2.1.1
	npm/prettier-plugin-astro@0.14.1
	npm/remark-emoji@5.0.2
	npm/radix-ui@1.4.3
	npm/@astrojs/sitemap@3.7.1
	npm/hast-util-to-html@9.0.5
	npm/@astrojs/react@5.0.0
	npm/@astrojs/mdx@5.0.0
	npm/just-bash@3.0.1
	npm/rehype-external-links@3.0.0
	npm/rehype-autolink-headings@7.1.0
	npm/rehype-katex@7.0.1
	npm/remark-math@6.0.0
	npm/astro@6.0.2
	npm/tailwindcss@4.2.1
	npm/react@19.0.0
See 8 more rows in the dashboard

View full report

socket-security · 2026-06-09T20:34:26Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Obfuscated code: npm `@astrojs/compiler` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `npm/@astrojs/check@0.9.7` → `npm/prettier-plugin-astro@0.14.1` → `npm/@astrojs/compiler@2.13.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@astrojs/compiler@2.13.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `astro` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: docs-v2/package.json → `npm/astro@6.0.2` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/astro@6.0.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `astro` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: docs-v2/package.json → `npm/astro@6.0.2` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/astro@6.0.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `caniuse-lite` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `npm/@astrojs/react@5.0.0` → `npm/caniuse-lite@1.0.30001793` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/caniuse-lite@1.0.30001793`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `caniuse-lite` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `npm/@astrojs/react@5.0.0` → `npm/caniuse-lite@1.0.30001793` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/caniuse-lite@1.0.30001793`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `caniuse-lite` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `npm/@astrojs/react@5.0.0` → `npm/caniuse-lite@1.0.30001793` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/caniuse-lite@1.0.30001793`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `caniuse-lite` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `npm/@astrojs/react@5.0.0` → `npm/caniuse-lite@1.0.30001793` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/caniuse-lite@1.0.30001793`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `css-tree` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `npm/astro@6.0.2` → `npm/css-tree@3.2.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/css-tree@3.2.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `entities` is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: `?` → `npm/astro@6.0.2` → `npm/entities@4.5.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/entities@4.5.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `entities` is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: `?` → `npm/@astrojs/markdown-remark@7.0.0` → `npm/@astrojs/mdx@5.0.0` → `npm/astro@6.0.2` → `npm/rehype-katex@7.0.1` → `npm/entities@6.0.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/entities@6.0.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `just-bash` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: docs-v2/package.json → `npm/just-bash@3.0.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/just-bash@3.0.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `node-fetch-native` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `npm/astro@6.0.2` → `npm/node-fetch-native@1.6.7` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/node-fetch-native@1.6.7`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `scheduler` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `npm/react-dom@19.0.0` → `npm/scheduler@0.25.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/scheduler@0.25.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `strtok3` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: `?` → `npm/just-bash@3.0.1` → `npm/strtok3@10.3.5` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/strtok3@10.3.5`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

jktrn-osec force-pushed the enscribe/v2-docs branch from ab70309 to 2afb7e9 Compare April 24, 2026 02:10

nutafrost added this to Anchor V2 Apr 28, 2026

nutafrost moved this to In Progress in Anchor V2 Apr 28, 2026

jktrn-osec force-pushed the enscribe/v2-docs branch from 8686b58 to b7880ac Compare April 28, 2026 21:54

acheroncrypto mentioned this pull request Apr 30, 2026

feat(cli): Allow configuring IDL JSON location in workspace config #4483

Merged

jamie-osec reviewed May 12, 2026

View reviewed changes

Comment thread .github/workflows/deploy-docs-v2.yaml Outdated

jktrn-osec marked this pull request as ready for review May 21, 2026 04:03

jamie-osec reviewed May 21, 2026

View reviewed changes

Comment thread docs-v2/src/content/docs/v2/get-started/installation.mdx Outdated

jamie-osec reviewed May 21, 2026

View reviewed changes

Comment thread docs-v2/src/content/docs/v2/reference/cli.mdx Outdated

jamie-osec reviewed May 21, 2026

View reviewed changes

Comment thread docs-v2/src/content/docs/v2/testing/coverage.mdx

jamie-osec previously approved these changes May 22, 2026

View reviewed changes

nutafrost moved this from In Progress to Security Review Required in Anchor V2 May 26, 2026

jamie-osec force-pushed the enscribe/v2-docs branch from b9d74bd to ba5eb41 Compare May 26, 2026 16:36

jktrn-osec force-pushed the enscribe/v2-docs branch from ba5eb41 to 20beaf0 Compare May 28, 2026 03:51

jktrn-osec changed the base branch from anchor-next to master May 28, 2026 03:54

docs: add v2 docs site

9eafdab

jktrn-osec force-pushed the enscribe/v2-docs branch from 20beaf0 to 9eafdab Compare May 28, 2026 03:57

docs: add v2 Vercel config

97e57aa

jktrn-osec dismissed jamie-osec’s stale review via 97e57aa May 28, 2026 23:32

nutafrost moved this from Security Review Required to Security Review Done in Anchor V2 Jun 2, 2026

chore(docs): supersede otter-sec#4591 with v2 performance docs

d4d970b

Adds the performance section (custom entrypoint, raw AccountView, zero-copy layout, benchmarking, trade-offs) rewritten in the v2 docs voice, with bench figures recomputed from bench/results.json.

jktrn-osec requested a review from chen-robert as a code owner June 3, 2026 00:11

swaroop-osec mentioned this pull request Jun 3, 2026

Add performance documentation and new patterns #4591

Closed

jktrn-osec added 2 commits June 2, 2026 22:54

Revert "chore(docs): supersede otter-sec#4591 with v2 performance docs"

b8596c4

This reverts commit d4d970b.

nutafrost mentioned this pull request Jun 4, 2026

Create a performance patterns section in the Anchor documentation #4284

Closed

add support for mcp docs

0dfc473

jktrn-osec and others added 2 commits June 8, 2026 21:41

feat(docs): mcp docs (#1)

98605db

add mcp docs

resolve readme conflict

5972492

chen-robert approved these changes Jun 9, 2026

View reviewed changes

renato-osec merged commit 4ca8e91 into otter-sec:master Jun 9, 2026
106 of 108 checks passed

github-project-automation Bot moved this from Security Review Done to Done in Anchor V2 Jun 9, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

docs: v2 docs & landing#4460

docs: v2 docs & landing#4460
renato-osec merged 8 commits into
otter-sec:masterfrom
jktrn-osec:enscribe/v2-docs

jktrn-osec commented Apr 24, 2026

Uh oh!

vercel Bot commented Apr 24, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

hacktron-app Bot commented May 28, 2026

Uh oh!

jktrn-osec commented May 28, 2026

Uh oh!

socket-security Bot commented Jun 9, 2026

Uh oh!

socket-security Bot commented Jun 9, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Conversation

jktrn-osec commented Apr 24, 2026

Uh oh!

vercel Bot commented Apr 24, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

hacktron-app Bot commented May 28, 2026

⏭️ Hacktron Security Check — Skipped

Uh oh!

jktrn-osec commented May 28, 2026

Uh oh!

socket-security Bot commented Jun 9, 2026

Uh oh!

socket-security Bot commented Jun 9, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants