# Drop-in replacements, not upgrades A sealed package is a **drop-in replacement** for the public version you already use. You replace the vulnerable version with the sealed version. Nothing else changes. ## What stays the same A sealed package preserves everything an upgrade would put at risk: * **The version number.** `ejs@2.7.4` becomes `ejs@2.7.4-sp1`. The major, minor, and patch numbers do not change. (The exact suffix format depends on the ecosystem; see [Naming and versioning conventions](https://github.com/seal-community/gitbook/blob/main/new-docs/reference/naming-and-versioning/README.md).) * **The public API.** The functions, types, and method signatures the package exposes are untouched. Code that calls into the package keeps compiling. * **Behavior.** Default settings, return values, error cases, and side effects all match the origin version. Backwards compatibility is a guarantee. * **The dependencies.** A sealed package depends on exactly the same packages, at exactly the same version ranges, as the origin version. ## What changes Only the vulnerable code path. Seal applies the smallest patch that resolves the vulnerability while preserving backwards compatibility. Code that was not exploiting the vulnerability behaves exactly as it did in the origin version. ## A replacement, not an upgrade The distinction is operational, not pedantic. An upgrade is an engineering project: read the changelog, fix call sites, run the test suite, coordinate the release. A replacement is a swap: the sealed version takes the slot the vulnerable version had, and the project that depended on it carries on. If using a sealed package required the same engineering project that an upgrade does, it would not solve [the remediation problem](/new-documentation/new-docs/remediation-problem.md). The reason a sealed package is useful is that the work an upgrade demands is exactly the work it does not need. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sealsecurity.io/new-documentation/new-docs/seal-approach/drop-in-replacements.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.