@atlaskit/emoji
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:react-loadable | AI (phantom-deps): Phantom deps in monorepo UI libraries are common; declared for build/peer management, not direct imports. | ai | |
| phantom-deps | phantom-dep:@atlaskit/tokens | AI (phantom-deps): Same-org scoped phantom dep typical in Atlassian monorepo; declared for transitive stability. | ai | |
| phantom-deps | phantom-dep:@atlaskit/media-client | AI (phantom-deps): Same-org scoped phantom dep typical in Atlassian monorepo; declared for transitive stability. | ai | |
| phantom-deps | phantom-dep:@atlaskit/afm-i18n-platform-elements-emoji | AI (phantom-deps): Same-org scoped phantom dep typical in Atlassian monorepo; declared for transitive stability. | ai | |
| provenance | no-provenance | AI (provenance): Atlassian publishes this package through their artifact pipeline without Sigstore provenance; consistent across all their packages and not a security concern. | ai |
Versions (showing 100 of 150)
| Version | Deps | Published |
|---|---|---|
| 70.16.1 | 33 / 28 | |
| 70.16.0 | 33 / 28 | |
| 70.15.3 | 33 / 28 | |
| 70.15.2 | 32 / 28 | |
| 70.15.1 | 32 / 28 | |
| 70.15.0 | 32 / 28 | |
| 70.14.3 | 32 / 28 | |
| 70.14.2 | 32 / 28 | |
| 70.14.1 | 32 / 28 | |
| 70.14.0 | 32 / 28 | |
| 70.13.0 | 31 / 28 | |
| 70.12.0 | 31 / 28 | |
| 70.11.2 | 32 / 28 | |
| 70.11.1 | 31 / 28 | |
| 70.11.0 | 31 / 28 | |
| 70.10.14 | 31 / 28 | |
| 70.10.13 | 31 / 28 | |
| 70.10.12 | 31 / 28 | |
| 70.10.11 | 31 / 28 | |
| 70.10.10 | 31 / 29 | |
| 70.10.9 | 31 / 29 | |
| 70.10.8 | 31 / 29 | |
| 70.10.7 | 31 / 29 | |
| 70.10.6 | 31 / 29 | |
| 70.10.5 | 31 / 29 | |
| 70.10.4 | 31 / 29 | |
| 70.10.3 | 31 / 29 | |
| 70.10.2 | 31 / 28 | |
| 70.10.1 | 31 / 28 | |
| 70.10.0 | 31 / 28 | |
| 70.9.2 | 31 / 28 | |
| 70.9.1 | 31 / 28 | |
| 70.9.0 | 31 / 28 | |
| 70.8.0 | 31 / 28 | |
| 70.7.2 | 31 / 28 | |
| 70.7.1 | 31 / 28 | |
| 70.7.0 | 31 / 28 | |
| 70.6.2 | 29 / 28 | |
| 70.6.1 | 29 / 28 | |
| 70.6.0 | 29 / 28 | |
| 70.5.2 | 28 / 28 | |
| 70.5.1 | 28 / 28 | |
| 70.5.0 | 28 / 28 | |
| 70.4.2 | 28 / 28 | |
| 70.4.1 | 28 / 28 | |
| 70.4.0 | 28 / 28 | |
| 70.3.4 | 28 / 28 | |
| 70.3.3 | 28 / 28 | |
| 70.3.2 | 28 / 28 | |
| 70.3.1 | 28 / 28 | |
| 70.3.0 | 28 / 28 | |
| 70.2.8 | 28 / 28 | |
| 70.2.7 | 28 / 28 | |
| 70.2.6 | 28 / 28 | |
| 70.2.5 | 28 / 28 | |
| 70.2.4 | 28 / 28 | |
| 70.2.3 | 28 / 28 | |
| 70.2.2 | 28 / 28 | |
| 70.2.1 | 28 / 28 | |
| 70.2.0 | 28 / 28 | |
| 70.1.3 | 28 / 28 | |
| 70.1.2 | 28 / 28 | |
| 70.1.1 | 28 / 28 | |
| 70.1.0 | 28 / 28 | |
| 70.0.1 | 28 / 28 | |
| 70.0.0 | 28 / 28 | |
| 69.12.7 | 28 / 28 | |
| 69.12.6 | 28 / 28 | |
| 69.12.5 | 28 / 28 | |
| 69.12.4 | 28 / 28 | |
| 69.12.3 | 28 / 28 | |
| 69.12.2 | 28 / 28 | |
| 69.12.1 | 28 / 28 | |
| 69.12.0 | 28 / 28 | |
| 69.11.1 | 28 / 28 | |
| 69.11.0 | 28 / 28 | |
| 69.10.55 | 28 / 28 | |
| 69.10.54 | 28 / 28 | |
| 69.10.53 | 28 / 28 | |
| 69.10.52 | 28 / 28 | |
| 69.10.51 | 28 / 28 | |
| 69.10.50 | 28 / 28 | |
| 69.10.49 | 28 / 28 | |
| 69.10.48 | 28 / 28 | |
| 69.10.47 | 29 / 27 | |
| 69.10.46 | 29 / 27 | |
| 69.10.45 | 29 / 27 | |
| 69.10.44 | 29 / 27 | |
| 69.10.43 | 29 / 27 | |
| 69.10.42 | 29 / 27 | |
| 69.10.41 | 29 / 27 | |
| 69.10.40 | 29 / 27 | |
| 69.10.39 | 29 / 27 | |
| 69.10.38 | 29 / 27 | |
| 69.10.37 | 29 / 27 | |
| 69.10.36 | 29 / 27 | |
| 69.10.35 | 29 / 27 | |
| 69.10.34 | 29 / 27 | |
| 69.10.33 | 29 / 27 | |
| 69.10.32 | 29 / 27 |
v70.16.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.16.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.15.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.15.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.15.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.15.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.14.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.14.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.14.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.14.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.13.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.12.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.11.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.11.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.11.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.10.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.10.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.10.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.10.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.10.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.10.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.10.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.10.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.10.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.10.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.10.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.10.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.10.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.10.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.10.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.9.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.9.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.9.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.8.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.7.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.7.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.7.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.6.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.6.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.6.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.5.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.5.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.5.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.4.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.4.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.4.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.3.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.3.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.3.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.3.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.3.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.2.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.2.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.2.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.2.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v70.2.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.2.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.2.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.1.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v70.1.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v70.1.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v70.1.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v70.0.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v70.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v69.12.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v69.12.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v69.12.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v69.12.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v69.12.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v69.12.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v69.12.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v69.12.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v69.11.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v69.11.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v69.10.55
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v69.10.54
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v69.10.53
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v69.10.52
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v69.10.51
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v69.10.50
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v69.10.49
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v69.10.48
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v69.10.47
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v69.10.46
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v69.10.45
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v69.10.44
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v69.10.43
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v69.10.42
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v69.10.41
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v69.10.40
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v69.10.39
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v69.10.38
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v69.10.37
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v69.10.36
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v69.10.35
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v69.10.34
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v69.10.33
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v69.10.32
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.