@astral/icons
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:cors | AI (typosquat): Scoped package @astral/icons; Levenshtein match to 'cors' is a false positive with no brand/namespace overlap. | ai | |
| phantom-deps | phantom-dep:@emotion/react | AI (phantom-deps): Listed as runtime dependency; standard MUI peer requirement, stable for this package. | ai | |
| phantom-deps | phantom-dep:@emotion/styled | AI (phantom-deps): Listed as runtime dependency; standard MUI peer requirement, stable for this package. | ai |
Versions (showing 95 of 95)
| Version | Deps | Published |
|---|---|---|
| 3.364.0 | 3 / 0 | |
| 3.363.5 | 3 / 0 | |
| 3.363.4 | 3 / 0 | |
| 3.363.3 | 3 / 0 | |
| 3.363.2 | 3 / 0 | |
| 3.363.1 | 3 / 0 | |
| 3.363.0 | 3 / 0 | |
| 3.362.3 | 3 / 0 | |
| 3.362.2 | 3 / 0 | |
| 3.362.1 | 3 / 0 | |
| 3.362.0 | 3 / 0 | |
| 3.361.0 | 3 / 0 | |
| 3.360.1 | 3 / 0 | |
| 3.360.0 | 3 / 0 | |
| 3.359.2 | 3 / 0 | |
| 3.359.1 | 3 / 0 | |
| 3.359.0 | 3 / 0 | |
| 3.358.1 | 3 / 0 | |
| 3.358.0 | 3 / 0 | |
| 3.357.2 | 3 / 0 | |
| 3.357.1 | 3 / 0 | |
| 3.357.0 | 3 / 0 | |
| 3.356.2 | 3 / 0 | |
| 3.356.1 | 3 / 0 | |
| 3.356.0 | 3 / 0 | |
| 3.355.4 | 3 / 0 | |
| 3.355.3 | 3 / 0 | |
| 3.355.2 | 3 / 0 | |
| 3.355.1 | 3 / 0 | |
| 3.355.0 | 3 / 0 | |
| 3.354.1 | 3 / 0 | |
| 3.354.0 | 3 / 0 | |
| 3.353.2 | 3 / 0 | |
| 3.353.1 | 3 / 0 | |
| 3.353.0 | 3 / 0 | |
| 3.352.0 | 3 / 0 | |
| 3.351.3 | 3 / 0 | |
| 3.351.2 | 3 / 0 | |
| 3.351.1 | 3 / 0 | |
| 3.351.0 | 3 / 0 | |
| 3.350.1 | 3 / 0 | |
| 3.350.0 | 3 / 0 | |
| 3.349.1 | 3 / 0 | |
| 3.349.0 | 3 / 0 | |
| 3.348.0 | 3 / 0 | |
| 3.347.0 | 3 / 0 | |
| 3.346.0 | 3 / 0 | |
| 3.345.6 | 3 / 0 | |
| 3.345.5 | 3 / 0 | |
| 3.345.4 | 3 / 0 | |
| 3.345.3 | 3 / 0 | |
| 3.345.2 | 3 / 0 | |
| 3.345.1 | 3 / 0 | |
| 3.345.0 | 3 / 0 | |
| 3.344.0 | 3 / 0 | |
| 3.343.0 | 3 / 0 | |
| 3.342.2 | 3 / 0 | |
| 3.342.1 | 3 / 0 | |
| 3.342.0 | 3 / 0 | |
| 3.341.2 | 3 / 0 | |
| 3.341.1 | 3 / 0 | |
| 3.341.0 | 3 / 0 | |
| 3.340.0 | 3 / 0 | |
| 3.339.0 | 3 / 0 | |
| 3.338.0 | 3 / 0 | |
| 3.337.2 | 3 / 0 | |
| 3.337.1 | 3 / 0 | |
| 3.337.0 | 3 / 0 | |
| 3.336.1 | 3 / 0 | |
| 3.336.0 | 3 / 0 | |
| 3.335.0 | 3 / 0 | |
| 3.334.0 | 3 / 0 | |
| 3.333.1 | 3 / 0 | |
| 3.333.0 | 3 / 0 | |
| 3.332.0 | 3 / 0 | |
| 3.331.0 | 3 / 0 | |
| 3.330.2 | 3 / 0 | |
| 3.330.1 | 3 / 0 | |
| 3.330.0 | 3 / 0 | |
| 3.329.2 | 3 / 0 | |
| 3.329.1 | 3 / 0 | |
| 3.329.0 | 3 / 0 | |
| 3.328.1 | 3 / 0 | |
| 3.328.0 | 3 / 0 | |
| 3.327.0 | 3 / 0 | |
| 3.326.3 | 3 / 0 | |
| 3.326.2 | 3 / 0 | |
| 3.326.1 | 3 / 0 | |
| 3.326.0 | 3 / 0 | |
| 3.325.2 | 3 / 0 | |
| 3.325.1 | 3 / 0 | |
| 3.325.0 | 3 / 0 | |
| 3.324.0 | 3 / 0 | |
| 3.323.0 | 3 / 0 | |
| 3.322.0 | 3 / 0 |
v3.364.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.363.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.363.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.363.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.363.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.363.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.363.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.362.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.362.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.362.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.362.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.361.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.360.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.360.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.359.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.359.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.359.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.358.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.358.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.357.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.357.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.357.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.356.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.356.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.356.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.355.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.355.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.355.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.355.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.355.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.354.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.354.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.353.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.353.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.353.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.352.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.351.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.351.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.351.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.351.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.350.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.350.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.349.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.349.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.348.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.347.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.346.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.345.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.345.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.345.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.345.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.345.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.345.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.345.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.344.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.343.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.342.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.342.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.342.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.341.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.341.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.341.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.340.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.339.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.338.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.337.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.337.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.337.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.336.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.336.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.335.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.334.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.333.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.333.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.332.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.331.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.330.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.330.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.330.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.329.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.329.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.329.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.328.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.328.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.327.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.326.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.326.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.326.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.326.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.325.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.325.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.325.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.324.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.323.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.322.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.