MDX parses JSX so it's compatible with any JSX runtime, not just react.
You're right that MDX executes arbitrary code because it supports the `import` and string interpolation of MDX and performs unsafe evals.
Because those evals aren't safe to use at runtime, I actually created a library that uses the MDX parser to support the static subset of JSX (which is very similar to HTML making it static and secure): https://www.npmjs.com/package/react-markdown-with-mdx
MDX parses JSX so it's compatible with any JSX runtime, not just react.
You're right that MDX executes arbitrary code because it supports the `import` and string interpolation of MDX and performs unsafe evals.
Because those evals aren't safe to use at runtime, I actually created a library that uses the MDX parser to support the static subset of JSX (which is very similar to HTML making it static and secure): https://www.npmjs.com/package/react-markdown-with-mdx