@carbon/icon-helpers Apache-2.0 14 versions

@carbon/icon-helpers

npm Repository Homepage

Helpers used alongside icons for digital and software products using the Carbon Design System

14

Versions

Apache-2.0

License

Yes

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

carbon-design-systemcarbon-botalisonjosephleechasejeffreychewsstrubbergtay1orjones

Keywords

ibmelementscarboncarbon-elementscarbon-design-systemcomponentsreact

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	dormant-publish	AI (publish-pattern): Carbon Design System monorepo package; publishing cadence varies per sub-package. SLSA provenance attestation confirms official CI/CD pipeline, ruling out account takeover.	ai	2026/04/26
install-scripts	install-script:postinstall	AI (install-scripts): IBM telemetry postinstall is a documented, consistent pattern across all Carbon Design System packages. Not malicious — runs ibmtelemetry with a bundled config file.	ai	2026/04/25
dependencies	unvetted-dep:@ibm/telemetry-js	AI (dependencies): @ibm/telemetry-js is IBM's first-party telemetry package used across the entire Carbon ecosystem; stable dependency for this package.	ai	2026/04/25
phantom-deps	phantom-dep:@ibm/telemetry-js	AI (phantom-deps): Telemetry is invoked via CLI in postinstall script with a config file, not imported directly in source — this is the expected usage pattern.	ai	2026/04/25

Versions (showing 14 of 14)

Version	Deps	Published
10.76.0	1 / 3	2026-05-20
10.75.0	1 / 3	2026-04-22
10.74.0	1 / 3	2026-03-25
10.72.0	1 / 3	2026-02-11
10.71.0	1 / 3	2026-01-28
10.70.0	1 / 3	2025-12-17
10.68.0	1 / 3	2025-10-08
10.67.0	1 / 3	2025-09-24
10.66.0	1 / 3	2025-09-10
10.65.0	1 / 3	2025-08-27
10.63.0	1 / 3	2025-07-30
10.62.0	1 / 3	2025-07-16
10.60.0	1 / 3	2025-06-04
10.59.0	1 / 3	2025-05-07

v10.76.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.75.0

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: ibmtelemetry --config=telemetry.yml

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.74.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.72.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.71.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.70.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.59.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.