← Home

@symbo.ls/editorjs

npm

Editor.js wrapper for Symbols/DOMQL — instance management, tool config, and dark theme.

1
Versions
CC-BY-NC-4.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

nikolozatinyzajimlberiasvinchychejuichentokoyoungbaronsilverzacharybetzenbsachdevatthomasaggbneeli33locsymbols

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
semgrep semgrep:new-function-constructor AI (semgrep): Used to evaluate user-authored DOMQL code in an editor preview context; intentional and scoped to tool input. ai
dependencies unvetted-dep:@editorjs/editorjs AI (dependencies): Official @editorjs org package; stable false positive for this wrapper package. ai
dependencies unvetted-dep:@editorjs/header AI (dependencies): Official @editorjs org plugin. ai
dependencies unvetted-dep:@editorjs/list AI (dependencies): Official @editorjs org plugin. ai
dependencies unvetted-dep:@editorjs/quote AI (dependencies): Official @editorjs org plugin. ai
dependencies unvetted-dep:@editorjs/code AI (dependencies): Official @editorjs org plugin. ai
dependencies unvetted-dep:@editorjs/delimiter AI (dependencies): Official @editorjs org plugin. ai
dependencies unvetted-dep:@editorjs/marker AI (dependencies): Official @editorjs org plugin. ai
dependencies unvetted-dep:@editorjs/table AI (dependencies): Official @editorjs org plugin. ai
dependencies unvetted-dep:@editorjs/link AI (dependencies): Official @editorjs org plugin. ai

Versions (showing 1 of 1)

Version Deps Published
3.14.0 10 / 0

v3.14.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.