← Home

@lblod/ember-rdfa-editor

npm Repository Homepage

Ember addon wrapping an RDFa editor with a public API

6
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

erikapnielsvmadnificentcecemelclairelovisadietroscar.redpencilaatauil

Keywords

ember-addon

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:ember-resources AI (phantom-deps): Ember v2 addon; ember-resources referenced in config/build files, not direct imports — stable false positive for this package. ai
npm-metadata url-dep:prosemirror-history AI (npm-metadata): Vendored tarball is in devDependencies only; does not affect consumers and is a stable pattern for this package. ai
publish-pattern rapid-publish AI (publish-pattern): High-velocity active project with 593 versions; rapid successive publishes are normal for this package. ai
dependencies unvetted-dep:ember-velcro AI (dependencies): Known Ember positioning addon; expected dep for this editor. ai
dependencies unvetted-dep:@lblod/marawa AI (dependencies): Same org (@lblod) RDFa utility; expected dep. ai
dependencies unvetted-dep:mdn-polyfills AI (dependencies): Standard polyfill library; stable for this package. ai
dependencies unvetted-dep:ember-focus-trap AI (dependencies): Known Ember accessibility addon; expected dep. ai
dependencies unvetted-dep:ember-cli-htmlbars AI (dependencies): Core Ember build tool; expected dep. ai
dependencies unvetted-dep:ember-headless-form AI (dependencies): Known Ember form addon; expected dep. ai
dependencies unvetted-dep:ember-truth-helpers AI (dependencies): Ubiquitous Ember template helper addon; expected dep. ai
dependencies unvetted-dep:@ember/render-modifiers AI (dependencies): Official Ember modifier package; expected dep. ai
dependencies unvetted-dep:ember-headless-form-yup AI (dependencies): Companion to ember-headless-form; expected dep. ai
dependencies unvetted-dep:@ember/optional-features AI (dependencies): Official Ember CLI package; expected dep. ai
dependencies unvetted-dep:@curvenote/prosemirror-utils AI (dependencies): ProseMirror utility fork; expected for this editor. ai
dependencies unvetted-dep:@say-editor/prosemirror-tables AI (dependencies): Same ecosystem (@say-editor) ProseMirror fork; expected dep. ai
dependencies unvetted-dep:@say-editor/prosemirror-invisibles AI (dependencies): Same ecosystem (@say-editor) ProseMirror fork; expected dep. ai
dependencies unvetted-dep:ember-template-imports AI (dependencies): Ember template imports tooling; expected dep. ai
dependencies unvetted-dep:@glint/tsserver-plugin AI (dependencies): Glint TypeScript tooling; expected for typed Ember addon. ai
dependencies unvetted-dep:iter-tools AI (dependencies): Legitimate utility library; stable dep for this package. ai
phantom-deps phantom-dep:ember-cli-babel AI (phantom-deps): Ember build tooling loaded by convention; stable false positive. ai
phantom-deps phantom-dep:@glint/tsserver-plugin AI (phantom-deps): TypeScript tooling, not a runtime import; stable false positive. ai
phantom-deps phantom-dep:ember-template-imports AI (phantom-deps): Build-time Ember tooling; stable false positive. ai
phantom-deps phantom-dep:@ember/optional-features AI (phantom-deps): Ember build config package; stable false positive. ai
phantom-deps phantom-dep:prosemirror-schema-basic AI (phantom-deps): Re-exported via dist bundle; stable false positive for this package. ai
phantom-deps phantom-dep:@codemirror/lang-xml AI (phantom-deps): CodeMirror language pack used in build; stable false positive. ai
phantom-deps phantom-dep:@types/react AI (phantom-deps): Type-only dep for framework interop; stable false positive. ai
provenance no-provenance AI (provenance): Established org package; lack of Sigstore provenance is common and not a risk signal here. ai
phantom-deps phantom-dep:mdn-polyfills AI (phantom-deps): Polyfill loaded by convention in config, not direct import; stable false positive. ai
phantom-deps phantom-dep:common-tags AI (phantom-deps): Utility declared but not directly imported; stable false positive. ai
phantom-deps phantom-dep:mongoose AI (phantom-deps): Declared but not imported in frontend addon; likely an erroneous dep entry, not malicious. ai
phantom-deps phantom-dep:typedoc AI (phantom-deps): Build/doc tool, not a runtime dep; stable false positive for this package. ai

Versions (showing 6 of 6)

Version Deps Published
13.8.0 57 / 57
13.7.1 55 / 57
13.7.0 55 / 57
13.6.1 55 / 57
13.6.0 56 / 56
13.5.0 56 / 56

v13.8.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v13.7.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v13.7.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v13.6.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v13.5.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.