← Home

@storyblok/richtext

npm Repository Homepage

Storyblok RichText Resolver

11
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

delooksdominikangereralexjovermemanuelgsouzajpcfreirechristianzoppisbstoryblok-dx

Keywords

storyblokrichtextresolver

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
maintainer-change maintainer-removed AI (maintainer-change): Storyblok org moved to CI/CD publishing; individual maintainer removal reflects automation, not takeover. ai
publish-pattern dormant-publish AI (publish-pattern): Storyblok org package with SLSA provenance; dormancy reflects release cadence, not account takeover risk. ai
dependencies unvetted-dep:@tiptap/html AI (dependencies): Part of the official tiptap rich text editor framework; legitimate dependency for this richtext resolver package. ai
dependencies unvetted-dep:@tiptap/suggestion AI (dependencies): Part of the official tiptap rich text editor framework; legitimate dependency for this richtext resolver package. ai
dependencies unvetted-dep:storyblok-js-client AI (dependencies): Storyblok's own official JS client; expected dependency for a Storyblok richtext package. ai
dependencies unvetted-dep:@tiptap/extension-emoji AI (dependencies): Official tiptap extension; legitimate dependency for emoji support in this richtext resolver. ai
dependencies unvetted-dep:@tiptap/extension-details AI (dependencies): Official tiptap extension; legitimate dependency for details/summary support in this richtext resolver. ai
dependencies unvetted-dep:emojibase AI (dependencies): emojibase is a well-known emoji data library; legitimate dependency for a richtext resolver with emoji support. ai
phantom-deps phantom-dep:emojibase AI (phantom-deps): Used as a transitive/peer dependency for tiptap emoji extension; not needing direct import is expected. ai
phantom-deps phantom-dep:happy-dom AI (phantom-deps): Test/config-only dependency for DOM simulation in tests; phantom status is expected and benign. ai
phantom-deps phantom-dep:@tiptap/pm AI (phantom-deps): ProseMirror wrapper for tiptap; used as a transitive dependency, not needing direct import is expected. ai
phantom-deps phantom-dep:@tiptap/suggestion AI (phantom-deps): Official tiptap extension used as a transitive/peer dependency; phantom status is expected and benign. ai
dependencies unvetted-dep:@tiptap/extension-highlight AI (dependencies): Official tiptap extension; legitimate dependency for text highlighting in this richtext resolver. ai
dependencies unvetted-dep:markdown-it AI (dependencies): markdown-it is a widely-used, well-maintained Markdown parser; legitimate dependency for a richtext resolver. ai

Versions (showing 11 of 11)

Version Deps Published
4.3.4 32 / 22
4.3.3 32 / 22
4.3.2 32 / 22
4.3.1 32 / 22
4.3.0 32 / 22
4.2.1 32 / 22
4.2.0 32 / 22
4.1.2 31 / 19
4.1.1 31 / 19
4.1.0 27 / 19
4.0.0 27 / 19

v4.3.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.3.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.3.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.3.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.3.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.2.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.2.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.