@mesalvo/icons
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:cors | AI (typosquat): Scoped icon package for Mesalvo platform; name similarity to 'cors' is coincidental, not impersonation. | ai |
Versions (showing 16 of 16)
| Version | Deps | Published |
|---|---|---|
| 0.0.37885 | 0 / 14 | |
| 0.0.36854 | 0 / 14 | |
| 0.0.36777 | 0 / 14 | |
| 0.0.34988 | 0 / 14 | |
| 0.0.34981 | 0 / 14 | |
| 0.0.34930 | 0 / 14 | |
| 0.0.34913 | 0 / 14 | |
| 0.0.34902 | 0 / 14 | |
| 0.0.34895 | 0 / 14 | |
| 0.0.34890 | 0 / 14 | |
| 0.0.34831 | 0 / 14 | |
| 0.0.34152 | 0 / 14 | |
| 0.0.33536 | 0 / 14 | |
| 0.0.32411 | 0 / 14 | |
| 0.0.32402 | 0 / 14 | |
| 0.0.32156 | 0 / 14 |
v0.0.37885
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.36854
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.36777
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.34988
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.34981
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.34930
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.34913
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.34902
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.34895
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.34890
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.34831
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.34152
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.33536
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.32411
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.32402
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.32156
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.