babel-plugin-emotion
A recommended babel preprocessing plugin for emotion, The Next Generation of CSS-in-JS.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Publisher changed to emotion-release-bot, the official Emotion project release automation account (24 pkgs, 560 approvals, 0 rejections). Legitimate transition. | ai | |
| provenance | no-provenance | AI (provenance): Package predates Sigstore provenance; publisher is a trusted long-standing maintainer of the emotion ecosystem. | ai | |
| provenance | missing-githead | AI (provenance): Major version bump (9→10) with restructured build; missing gitHead is common for this era and publisher. | ai |
Versions (showing 50 of 50)
| Version | Deps | Published |
|---|---|---|
| 11.0.0 | 0 / 0 | |
| 10.2.2 | 10 / 2 | |
| 10.0.33 | 10 / 2 | |
| 10.0.29 | 10 / 2 | |
| 10.0.28 | 10 / 2 | |
| 10.0.27 | 10 / 2 | |
| 10.0.23 | 10 / 2 | |
| 10.0.22 | 10 / 2 | |
| 10.0.21 | 10 / 2 | |
| 10.0.20 | 10 / 2 | |
| 10.0.19 | 10 / 2 | |
| 10.0.17 | 10 / 2 | |
| 10.0.16 | 10 / 2 | |
| 10.0.15 | 10 / 2 | |
| 10.0.14 | 10 / 2 | |
| 10.0.13 | 10 / 2 | |
| 10.0.9 | 10 / 2 | |
| 10.0.8 | 10 / 2 | |
| 10.0.7 | 10 / 2 | |
| 10.0.6 | 10 / 2 | |
| 10.0.5 | 10 / 2 | |
| 10.0.4 | 10 / 2 | |
| 10.0.3 | 10 / 2 | |
| 10.0.2 | 10 / 2 | |
| 10.0.0 | 10 / 2 | |
| 9.2.11 | 12 / 2 | |
| 9.2.10 | 13 / 1 | |
| 9.2.9 | 13 / 1 | |
| 9.2.8 | 13 / 1 | |
| 9.2.6 | 13 / 1 | |
| 9.2.5 | 12 / 1 | |
| 9.2.4 | 12 / 5 | |
| 9.2.0 | 12 / 4 | |
| 9.1.2 | 11 / 4 | |
| 9.1.0 | 9 / 4 | |
| 9.0.1 | 8 / 4 | |
| 9.0.0 | 8 / 4 | |
| 8.0.12 | 8 / 4 | |
| 8.0.11 | 7 / 4 | |
| 8.0.10 | 7 / 4 | |
| 8.0.9 | 7 / 3 | |
| 8.0.6 | 7 / 3 | |
| 8.0.4 | 7 / 3 | |
| 8.0.3 | 7 / 3 | |
| 8.0.2 | 7 / 3 | |
| 7.3.2 | 8 / 3 | |
| 7.3.1 | 8 / 3 | |
| 7.3.0 | 8 / 3 | |
| 7.2.2 | 7 / 3 | |
| 7.1.0 | 7 / 3 |
v10.2.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.33
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.29
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.28
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.27
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.23
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.22
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.21
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.20
2 findingsThis version was published by a different npm account than previous versions on 2019-10-02. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.19
2 findingsThis version was published by a different npm account than previous versions on 2019-09-17. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.17
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.5
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: mitchellhamilton.
v10.0.4
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: mitchellhamilton.
v10.0.3
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: mitchellhamilton.
v10.0.2
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: mitchellhamilton.
v10.0.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: mitchellhamilton.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.