e18e · 43081j · Jun 21, 2026 · Jun 21, 2026
diff --git a/docs/modules/gray-matter.md b/docs/modules/gray-matter.md
@@ -0,0 +1,20 @@
+---
+description: Modern alternatives to the gray-matter package for parsing front matter
+---
+
+# Replacements for `gray-matter`
+
+`gray-matter` has not been maintained since 2019 and carries known security issues, including eval-based JavaScript front matter (RCE) and an outdated `js-yaml` dependency with DoS vulnerabilities. [`@11ty/gray-matter`](https://github.com/11ty/gray-matter) is a maintained fork used by Eleventy v4 and Docusaurus.
+
+## `@11ty/gray-matter`
+
+[`@11ty/gray-matter`](https://github.com/11ty/gray-matter) upgrades `js-yaml` to v4, uses `Uint8Array` internally for better runtime compatibility, and removes the built-in JavaScript front matter engine that relied on `eval`.
+
+Example:
+
+```ts
+import matter from 'gray-matter' // [!code --]
+import matter from '@11ty/gray-matter' // [!code ++]
+
+const { data, content } = matter('---\ntitle: Hello\n---\n\nBody')
+```
diff --git a/manifests/preferred.json b/manifests/preferred.json
@@ -474,6 +474,12 @@
       "replacements": ["ts-graphviz"],
       "url": {"type": "e18e", "id": "graphviz"}
     },
+    "gray-matter": {
+      "type": "module",
+      "moduleName": "gray-matter",
+      "replacements": ["@11ty/gray-matter"],
+      "url": {"type": "e18e", "id": "gray-matter"}
+    },
     "gzip-size": {
       "type": "module",
       "moduleName": "gzip-size",
@@ -2721,6 +2727,11 @@
       "type": "native",
       "url": {"type": "node", "id": "api/cli.html#--env-filefile"}
     },
+    "@11ty/gray-matter": {
+      "id": "@11ty/gray-matter",
+      "type": "documented",
+      "replacementModule": "@11ty/gray-matter"
+    },
     "@eslint-community/eslint-plugin-eslint-comments": {
       "id": "@eslint-community/eslint-plugin-eslint-comments",
       "type": "documented",