Blog

Three New Adapters, a Security Patch, and a New License: Email SDK Week in Review

It has been a busy week for Email SDK. Versions 0.6.2 through 0.6.5 shipped in rapid succession, bringing three brand-new provider adapters, a critical…

June 27, 20264 min read
Three New Adapters, a Security Patch, and a New License: Email SDK Week in Review — Email SDK blog

It has been a busy week for Email SDK. Versions 0.6.2 through 0.6.5 shipped in rapid succession, bringing three brand-new provider adapters, a critical security fix, a license change, and a refreshed documentation experience. Here is what changed and why it matters for your TypeScript or Node.js stack.

Security First: SMTP Injection Guard (v0.6.2)

The most important update in this batch is not a feature; it is a patch you should already have.

Version 0.6.2 closes an SMTP injection vector that could be triggered by crafted envelope addresses or header names. If you are running any release prior to 0.6.2, upgrade now:

npm install @opencoredev/email-sdk@latest

This patch has no breaking changes. It slots in as a drop-in replacement for 0.6.1 and earlier.

Three New Adapters in Three Days

Email SDK's adapter model means adding a new provider is a configuration change, not a rewrite. This week, three new providers joined the catalog.

JetEmail (v0.6.3)

The JetEmail adapter (@opencoredev/email-sdk/jetemail) targets JetEmail's transactional API with full CLI support, a dedicated docs page, and field-support documentation. Key behaviors to know:

  • Enforces JetEmail's 50-recipient cap per send
  • Requires a named from address (no bare email strings)
  • Supports idempotency keys for safe retries

It has been verified against the live JetEmail API, so you can wire it up with confidence.

Primitive (v0.6.4)

The Primitive adapter (@opencoredev/email-sdk/primitive) brings another transactional option into the unified API surface. Like every Email SDK adapter, it accepts the same normalized EmailMessage object you already use, so switching from your current provider to Primitive (or running Primitive alongside an existing provider as a fallback) requires no application-level changes.

Verified against the live Primitive API before shipping.

Lettermint (v0.6.5)

The Lettermint adapter (@opencoredev/email-sdk/lettermint) targets Lettermint's European transactional email API. Notable specifics:

  • Authenticates with the x-lettermint-token header
  • Base64-encodes attachments automatically
  • Forwards idempotencyKey as the Idempotency-Key header
  • Accepts an optional route field to target a specific Lettermint route
  • Validates tag count at send time; more than one tag fails fast with an EmailValidationError rather than silently misbehaving downstream

For teams with data-residency requirements or a preference for European infrastructure, this adapter makes Lettermint a first-class option without any custom integration work.

How to Add Any of These Adapters

All three follow the same pattern. Here is Lettermint as an example:

import { createEmailClient } from "@opencoredev/email-sdk";
import { LettermintAdapter } from "@opencoredev/email-sdk/lettermint";

const client = createEmailClient({
  adapter: new LettermintAdapter({ token: process.env.LETTERMINT_TOKEN }),
});

await client.send({
  from: { name: "Acme", email: "hello@acme.com" },
  to: [{ email: "user@example.com" }],
  subject: "Your order shipped",
  html: "<p>It is on its way.</p>",
});

Swap LettermintAdapter for JetEmailAdapter or PrimitiveAdapter and update the config object. The rest of your code stays the same.

License Change: MIT to AGPL-3.0

Email SDK has re-licensed from MIT to AGPL-3.0-only. The change applies to both packages, the Homebrew formula, and the README footer.

If you use Email SDK in a closed-source application that you distribute or run as a network service, review what AGPL-3.0 requires for your situation. For most teams building internal services or shipping open-source projects, the practical impact is minimal. For SaaS products, it is worth a conversation with your legal team.

The license identifier in package.json now reads AGPL-3.0-only.

Refreshed README and Docs

Beyond the adapter and security work, the docs got a visible overhaul:

  • A new hero image and badge row in the README for a cleaner first impression
  • A tighter install-to-usage flow so new adopters reach a working example faster
  • A version switcher in the docs that stores a "latest" sentinel, meaning readers on the latest docs automatically follow new releases without having to manually switch versions
  • An agent-readiness discovery surface on email-sdk.dev, making the project easier to surface through AI-assisted developer tooling

Upgrade Path

All changes from 0.6.2 through 0.6.5 are backward-compatible within the 0.6.x line. Run:

npm install @opencoredev/email-sdk@latest

Check your package.json to confirm you land on 0.6.5. If you are adopting one of the new adapters, install the same version:

npm install @opencoredev/email-sdk@0.6.5

No code changes required to existing sends. New adapters are opt-in.

What Is Next

The adapter catalog is growing fast. If your team uses a provider that does not have an adapter yet, open an issue or a PR on the repository. The adapter interface is intentionally minimal, and the team reviews contributions quickly.

Stay on @latest and you will always pick up new adapters and patches as they ship.