@alfalab/icons
Design System UI Icons
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | large-new-source-files | AI (source-diff): Icon library regularly adds large batches of new icon files; size growth matches new icon additions. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Icon set expansions routinely cause dramatic size increases in this package; consistent with new logo icons added. | ai | |
| typosquat | typosquat.levenshtein:cors | AI (typosquat): Scoped @alfalab/icons package is a legitimate design-system icon library, not a typo of cors. | ai |
Versions (showing 17 of 17)
| Version | Deps | Published |
|---|---|---|
| 3.465.0 | 0 / 37 | |
| 3.464.0 | 0 / 37 | |
| 3.463.0 | 0 / 37 | |
| 3.462.0 | 0 / 37 | |
| 3.461.0 | 0 / 37 | |
| 3.460.0 | 0 / 37 | |
| 3.459.0 | 0 / 37 | |
| 3.458.0 | 0 / 37 | |
| 3.457.0 | 0 / 37 | |
| 3.456.0 | 0 / 37 | |
| 3.455.0 | 0 / 37 | |
| 3.454.0 | 0 / 37 | |
| 3.453.0 | 0 / 37 | |
| 3.452.0 | 0 / 37 | |
| 3.451.0 | 0 / 37 | |
| 3.414.0 | 0 / 37 | |
| 3.412.0 | 0 / 37 |
v3.465.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.464.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.463.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.462.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.461.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.460.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.459.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.458.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.457.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.456.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.455.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.454.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.452.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.451.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.414.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.412.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.