@powerlines/plugin-unimport

A Powerlines plugin to add imports to source code automatically via unimport.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

stormie-botsullivanpj

Keywords

unimportpowerlinesstorm-softwarepowerlines-plugin

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@stryke/type-checks	AI (phantom-deps): Declared runtime dep used in config/plugin ecosystem context; phantom-dep false positive for this package's architecture.	ai	2026/04/27
phantom-deps	phantom-dep:defu	AI (phantom-deps): Declared runtime dep used in config/plugin ecosystem context; phantom-dep false positive for this package's architecture.	ai	2026/04/27
phantom-deps	phantom-dep:powerlines	AI (phantom-deps): Declared runtime dep used in config/plugin ecosystem context; phantom-dep false positive for this package's architecture.	ai	2026/04/27
phantom-deps	phantom-dep:@stryke/json	AI (phantom-deps): Declared runtime dep used in config/plugin ecosystem context; phantom-dep false positive for this package's architecture.	ai	2026/04/27
phantom-deps	phantom-dep:@stryke/path	AI (phantom-deps): Declared runtime dep used in config/plugin ecosystem context; phantom-dep false positive for this package's architecture.	ai	2026/04/27
phantom-deps	phantom-dep:@stryke/helpers	AI (phantom-deps): Declared runtime dep used in config/plugin ecosystem context; phantom-dep false positive for this package's architecture.	ai	2026/04/27
provenance	publisher-changed	AI (provenance): Transition from stormie-bot to GitHub Actions is a documented CI/CD migration for storm-software org; SLSA provenance attestation confirms legitimate pipeline publishing.	ai	2026/04/27
dependencies	unvetted-dep:powerlines	AI (dependencies): powerlines is the parent package in the same Storm Software monorepo ecosystem; this is an expected internal dependency for a Powerlines plugin.	ai	2026/04/25
dependencies	unvetted-dep:@stryke/json	AI (dependencies): @stryke/json is part of the Storm Software / Stryke internal ecosystem, consistent with this package's publisher and org.	ai	2026/04/25
dependencies	unvetted-dep:@stryke/path	AI (dependencies): @stryke/path is part of the Storm Software / Stryke internal ecosystem, consistent with this package's publisher and org.	ai	2026/04/25
dependencies	unvetted-dep:@stryke/helpers	AI (dependencies): @stryke/helpers is part of the Storm Software / Stryke internal ecosystem, consistent with this package's publisher and org.	ai	2026/04/25
phantom-deps	phantom-dep:magic-string	AI (phantom-deps): magic-string is a legitimate, well-known package listed as a runtime dep; phantom detection is a packaging hygiene issue, not a security risk for this package.	ai	2026/04/25

Versions (showing 100 of 576)

Version	Deps	Published
0.1.167	7 / 2	2026-01-15
0.1.165	7 / 2	2026-01-15
0.1.164	7 / 2	2026-01-15
0.1.163	7 / 2	2026-01-15
0.1.162	7 / 2	2026-01-15
0.1.161	7 / 2	2026-01-15
0.1.160	7 / 2	2026-01-15
0.1.159	7 / 2	2026-01-15
0.1.158	7 / 2	2026-01-15
0.1.157	7 / 2	2026-01-15
0.1.156	7 / 2	2026-01-15
0.1.155	7 / 2	2026-01-14
0.1.154	7 / 2	2026-01-14
0.1.153	7 / 2	2026-01-14
0.1.152	7 / 2	2026-01-14
0.1.151	7 / 2	2026-01-14
0.1.150	7 / 2	2026-01-14
0.1.149	7 / 2	2026-01-14
0.1.148	7 / 2	2026-01-14
0.1.147	7 / 2	2026-01-14
0.1.146	7 / 2	2026-01-14
0.1.145	7 / 2	2026-01-14
0.1.144	7 / 2	2026-01-11
0.1.143	7 / 2	2026-01-08
0.1.142	7 / 2	2026-01-08
0.1.141	7 / 2	2026-01-07
0.1.140	7 / 2	2026-01-07
0.1.139	7 / 2	2026-01-07
0.1.138	7 / 2	2026-01-07
0.1.137	7 / 2	2026-01-07
0.1.136	7 / 2	2026-01-07
0.1.135	7 / 2	2026-01-07
0.1.134	7 / 2	2026-01-07
0.1.133	7 / 2	2026-01-07
0.1.132	7 / 2	2026-01-07
0.1.131	7 / 2	2026-01-07
0.1.130	7 / 2	2026-01-06
0.1.129	11 / 3	2026-01-06
0.1.128	11 / 3	2026-01-06
0.1.127	11 / 3	2026-01-06
0.1.126	11 / 3	2026-01-02
0.1.125	11 / 3	2026-01-02
0.1.124	11 / 3	2025-12-31
0.1.123	11 / 3	2025-12-31
0.1.122	11 / 3	2025-12-31
0.1.121	11 / 3	2025-12-31
0.1.120	11 / 3	2025-12-31
0.1.119	11 / 3	2025-12-30
0.1.118	11 / 3	2025-12-30
0.1.117	11 / 3	2025-12-30
0.1.116	11 / 3	2025-12-30
0.1.115	11 / 3	2025-12-30
0.1.114	11 / 3	2025-12-30
0.1.113	11 / 3	2025-12-30
0.1.112	11 / 3	2025-12-30
0.1.111	11 / 3	2025-12-30
0.1.110	11 / 3	2025-12-30
0.1.109	11 / 3	2025-12-29
0.1.108	11 / 3	2025-12-29
0.1.107	11 / 3	2025-12-29
0.1.106	11 / 3	2025-12-28
0.1.105	11 / 3	2025-12-28
0.1.104	11 / 3	2025-12-28
0.1.103	11 / 3	2025-12-28
0.1.102	11 / 3	2025-12-28
0.1.101	11 / 3	2025-12-23
0.1.100	11 / 3	2025-12-23
0.1.99	11 / 3	2025-12-23
0.1.98	11 / 3	2025-12-23
0.1.97	11 / 3	2025-12-23
0.1.96	11 / 3	2025-12-23
0.1.95	11 / 3	2025-12-22
0.1.94	11 / 3	2025-12-22
0.1.93	11 / 3	2025-12-22
0.1.92	11 / 3	2025-12-22
0.1.91	11 / 3	2025-12-22
0.1.90	11 / 3	2025-12-22
0.1.89	11 / 3	2025-12-22
0.1.88	11 / 3	2025-12-22
0.1.87	11 / 3	2025-12-22
0.1.86	11 / 3	2025-12-22
0.1.85	11 / 3	2025-12-22
0.1.84	11 / 3	2025-12-21
0.1.83	11 / 3	2025-12-20
0.1.82	11 / 3	2025-12-20
0.1.81	11 / 3	2025-12-19
0.1.80	11 / 3	2025-12-19
0.1.79	11 / 3	2025-12-19
0.1.78	11 / 3	2025-12-19
0.1.77	11 / 3	2025-12-18
0.1.76	11 / 3	2025-12-18
0.1.75	11 / 3	2025-12-18
0.1.74	11 / 3	2025-12-18
0.1.73	11 / 3	2025-12-18
0.1.72	11 / 3	2025-12-18
0.1.71	11 / 3	2025-12-17
0.1.70	11 / 3	2025-12-17
0.1.69	11 / 3	2025-12-15
0.1.68	11 / 3	2025-12-15
0.1.67	11 / 3	2025-12-14

Showing 100 of 576 Next page →

v0.1.167

2 findings

HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-01-15) provenance

This version was published by a different npm account than previous versions on 2026-01-15. This could indicate a legitimate maintainer transition or an account compromise.