@astral/icons
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:cors | AI (typosquat): Scoped package @astral/icons; Levenshtein match to 'cors' is a false positive with no brand/namespace overlap. | ai | |
| phantom-deps | phantom-dep:@emotion/react | AI (phantom-deps): Listed as runtime dependency; standard MUI peer requirement, stable for this package. | ai | |
| phantom-deps | phantom-dep:@emotion/styled | AI (phantom-deps): Listed as runtime dependency; standard MUI peer requirement, stable for this package. | ai |
Versions (showing 51 of 95)
| Version | Deps | Published |
|---|---|---|
| 3.364.0 | 3 / 0 | |
| 3.363.5 | 3 / 0 | |
| 3.363.4 | 3 / 0 | |
| 3.363.3 | 3 / 0 | |
| 3.363.2 | 3 / 0 | |
| 3.363.1 | 3 / 0 | |
| 3.363.0 | 3 / 0 | |
| 3.362.3 | 3 / 0 | |
| 3.362.2 | 3 / 0 | |
| 3.362.1 | 3 / 0 | |
| 3.362.0 | 3 / 0 | |
| 3.361.0 | 3 / 0 | |
| 3.360.1 | 3 / 0 | |
| 3.360.0 | 3 / 0 | |
| 3.359.2 | 3 / 0 | |
| 3.359.1 | 3 / 0 | |
| 3.359.0 | 3 / 0 | |
| 3.358.1 | 3 / 0 | |
| 3.358.0 | 3 / 0 | |
| 3.357.2 | 3 / 0 | |
| 3.357.1 | 3 / 0 | |
| 3.357.0 | 3 / 0 | |
| 3.356.2 | 3 / 0 | |
| 3.356.1 | 3 / 0 | |
| 3.356.0 | 3 / 0 | |
| 3.355.4 | 3 / 0 | |
| 3.355.3 | 3 / 0 | |
| 3.355.2 | 3 / 0 | |
| 3.355.1 | 3 / 0 | |
| 3.355.0 | 3 / 0 | |
| 3.354.1 | 3 / 0 | |
| 3.354.0 | 3 / 0 | |
| 3.353.2 | 3 / 0 | |
| 3.353.1 | 3 / 0 | |
| 3.353.0 | 3 / 0 | |
| 3.352.0 | 3 / 0 | |
| 3.351.3 | 3 / 0 | |
| 3.351.2 | 3 / 0 | |
| 3.351.1 | 3 / 0 | |
| 3.351.0 | 3 / 0 | |
| 3.350.1 | 3 / 0 | |
| 3.350.0 | 3 / 0 | |
| 3.349.1 | 3 / 0 | |
| 3.349.0 | 3 / 0 | |
| 3.348.0 | 3 / 0 | |
| 3.347.0 | 3 / 0 | |
| 3.346.0 | 3 / 0 | |
| 3.345.6 | 3 / 0 | |
| 3.345.5 | 3 / 0 | |
| 3.345.4 | 3 / 0 | |
| 3.345.3 | 3 / 0 |
v3.364.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.363.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.363.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.363.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.363.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.363.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.363.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.362.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.362.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.362.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.362.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.361.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.360.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.360.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.359.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.359.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.359.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.358.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.358.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.357.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.357.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.357.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.356.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.356.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.356.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.355.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.355.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.355.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.355.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.355.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.354.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.354.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.353.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.353.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.353.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.352.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.351.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.351.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.351.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.351.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.350.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.350.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.349.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.349.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.348.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.347.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.346.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.345.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.345.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.345.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.345.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.