← Home

@seafile/sea-email-editor

npm

A Slate-based rich email editor with HTML, markdown, tables, images, links, and block plugins.

11
Versions
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

seafile

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:unified AI (phantom-deps): Declared as runtime dep, likely used transitively or in bundled output; stable false positive for this package. ai
phantom-deps phantom-dep:remark-gfm AI (phantom-deps): Same pattern as other remark/rehype deps; stable false positive. ai
phantom-deps phantom-dep:remark-math AI (phantom-deps): Same pattern as other remark/rehype deps; stable false positive. ai
phantom-deps phantom-dep:remark-parse AI (phantom-deps): Same pattern as other remark/rehype deps; stable false positive. ai
dependencies unvetted-dep:i18next-xhr-backend AI (dependencies): i18next-xhr-backend is a well-known i18n plugin; its use here is consistent with the package's i18n dependency set. ai
npm-metadata no-description AI (npm-metadata): Same rationale — established org package, empty description is cosmetic. ai
bogus-package bogus-package AI (bogus-package): Scoped @seafile package from established publisher; sparse metadata is a quality issue, not a security signal. ai
phantom-deps phantom-dep:deepmerge AI (phantom-deps): Declared runtime dep; bundled library pattern. ai
phantom-deps phantom-dep:rehype-raw AI (phantom-deps): Declared runtime dep; bundled library pattern. ai
phantom-deps phantom-dep:rehype-slug AI (phantom-deps): Declared runtime dep; bundled library pattern. ai
phantom-deps phantom-dep:rehype-format AI (phantom-deps): Declared runtime dep; bundled library pattern. ai
phantom-deps phantom-dep:rehype-stringify AI (phantom-deps): Declared runtime dep; bundled library pattern. ai
phantom-deps phantom-dep:remark-rehype AI (phantom-deps): Declared runtime dep; bundled library pattern. ai
phantom-deps phantom-dep:rehype-mathjax AI (phantom-deps): Declared runtime dep; bundled library pattern. ai
phantom-deps phantom-dep:i18next-browser-languagedetector AI (phantom-deps): Declared runtime dep; bundled library pattern. ai
phantom-deps phantom-dep:remark-breaks AI (phantom-deps): Declared runtime dep; bundled library pattern. ai
phantom-deps phantom-dep:remark-stringify AI (phantom-deps): Declared runtime dep; bundled library pattern. ai
phantom-deps phantom-dep:copy-to-clipboard AI (phantom-deps): Declared runtime dep; bundled library pattern. ai
phantom-deps phantom-dep:i18next-xhr-backend AI (phantom-deps): Declared runtime dep; bundled library pattern. ai
phantom-deps phantom-dep:rehype-sanitize AI (phantom-deps): Declared runtime dep; bundled library pattern. ai
phantom-deps phantom-dep:xtend AI (phantom-deps): Declared runtime dep bundled into dist; not directly imported in source but legitimately used. ai
phantom-deps phantom-dep:i18next AI (phantom-deps): Declared runtime dep; phantom-dep is a false positive for bundled library packages. ai

Versions (showing 11 of 11)

Version Deps Published
0.0.11 34 / 84
0.0.10 34 / 84
0.0.9 34 / 84
0.0.8 34 / 84
0.0.7 34 / 84
0.0.6 34 / 84
0.0.5 34 / 84
0.0.4 34 / 84
0.0.3 34 / 84
0.0.2 34 / 84
0.0.1 34 / 84

v0.0.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.8

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.