← Home

@procore/core-icons

npm Repository Homepage
19
Versions
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

dancingshelljustinmwattsantonyayoubrysmithprocorerobbiegprocorejadamsssjeremy.bouzigardjgentesfaraz.haniftimdohertyajaykumar-procoreb.bookoutjalyngchadryderhtaelrefaiepcnjames.lawsonvinayakaprabhudavidshurejames.clearyjl4everandersonbispoprocoredev-account-adminbrockpcorrowan.ibrahimsseanwangramysaid2vinaya-procorelalovar-procorebhargavrndihor.diachenko_procorefarismmkgideon-procoredannyporrelloalanprocorechance.eakin.procorestevenliprocorejavio-procorekani-procoreenyagadanny.oumessanjahdavid-christensen-procoreshradha.khardwinson.chueyvettesoulzhou888jnhoang1nickprocoreneil.mckeemanpam-whisenhuntjgee67youssefamermike-arndt-procorebob.laskowskicagmzmariah_delaneylukenispelfabriciobdbikash.sahoobbreyel921kimhin267andy.mayerphil.custerelijah.procorejuliana.hernandezjudy-lu-pcprocore-it-supportandrewburke-pcjkleintechrachel.arkebauerprocore-npm-botgrafffffffyoyis3000james.dabbs-procorelaurenbrandsteinprocorescottbieser-procoreamir-iskanderzach.mckenzie.procoreamyprocoreshayonj_procoreheplayskeysmike.souththomasoboyledischordederek-carter-procoredlgassercfprocoreevan.waitsjeremy-marcusjmejia-fslersgonzalotimofeeestephan-procorealeclarsenprocoresarah.freitasyihai.zweifeljay-rajanjacky-leiapcarroll_procoreprocore_halzymehrdad-panahandehpeter.jinuddhavjoglekarbrookyboy009denzylbalramchangprocoreallenanle.procoredevin.cunningham.procoreari-procorenoor.alihgouhierprocorecyrille.baibrad.uranidmccraw-procorepatrick.lardinabhijit.patwardhanmatt.harris0223alan.bresanijesse.olsendtorres-procoredineshkumar.jayakjason-kayeyadhu.prakashleandro-procandrew.wheelersherylnapigkitlydiaharakahliholmessateesh-kadiyala-procoreepalinprocoredennis.heckmanjamie-dugan-procoreviktoriia_azarovskadaniel.ferreira-contractorwillpankonienladavargasteven.hinkletxin1chris.berberetokarevritchleekarina.mendez-contractorworldofsatyakigreg.sparkskyle.williamskuldeepsingh4556jeremy.lundbrocktillotsonprocorestajicsryanfuentesprocoretyler.wasden.procorefabiomelo513cody_schindler_procoreamit.gurav-contractoryoasyo25kalyani.gosavihectorthieleandersontr15vishal-procoreomar.wagdyyogevfine1charan_procorescorgiat-procorembartlett413attachiahmed.ghorabvaromiralyelashram_procoreilya.dryha-contractorevan.cerwonka.procorevsobol-cdmitri_wmkellikearnsrichard.bunnchaitra-m-15conner-procoremishaelowoyemipeterknifaleh.haurylenia-contractormiguel.garcia-procorecodyrobertsprocorea.elbadaweilnspatz914melch-procoremustafa-abdelrahmanatoaimajasaswiniadarsh.gautamamin.jaipurimax.helmetags_kudrykhyogmankyle.liudavidkangprostevenkang3cbathgatevictorbendeck-pcsarah.herediamoaz-ashrafaly-el-kerdanyprocore-oss-userabhishekkumar123stephanie.breretonsaurasumprocoremona.khairbekelewando-procorejyang-procoretedyangdeiabjgreene_procoreasamaykenny.foisyganesh.raghupathyrajatmenhdirattayzhou2024dlameter-procoredecha-sansonkylepietzconnie-feng-procoreroger-procorematheusprocorefernandocamilottisimona.iancujacksonleach-procoreg2mitchelltatsiana.cliftonphunguyen-pcorpmfrawleybrian.smith1scottsternneil1023srichaitanya.peddintijake-pitkinerikthoresonlhuang325abhijit-procorerodayna.ehabfairchildmustafa-u-abdelrahmanaberkowitzpwhisenhunt-procoremariia.solodovniknigeld-procoresamad.viranibohdan-horai-procoremathenes_procorevinoth.kuppusamyzayteralan.facchini-contractorcassianomatos-procoreamitk030sflang-procoretracy.ottodaniel-pierre-procoreglidenorashish.sharma2024gaurav.sharma.procoreandres-mendez-procoreroobo-romeskikylemartinez-procoresean.spearman.procoregturkadzejeffgiaquintoezrasimeloffbill-wagnerkellen.stewartrodrigo.dejuanasaranahal2andrew.isaacagamaleldinmostafaeltazymagdyyxxandreszorrilla-procoremohitsharma97tejeshwarswati.jadhavsquidbeakssmishra06subham.panigrahideepak.kumartsvaibhav6521bagnaram-procoremahesh-s96mohamed.adelnubs-procorerana.eltayarmahmoud-sharsharsyamphanindraveroniaosamaimanselimhelmy162-procorepclemonssamuelvelez8383vinitdeshkar-procoremariam_mazenmina-elnagardaniel_andrewsmohanad-aymanarsenii.derkach-procorestepanvanzuriakprocorend-procoremarwansalem-prcyoussefothmanandrii.datsenko-contractor

Keywords

icons

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/icons/Webhook.js AI (source-diff): Generated React icon component with long SVG path data; consistent with this package's build output pattern. ai
source-diff obfuscated-file:coverage/lcov-report/prettify.js AI (source-diff): Google Code Prettify minified syntax highlighter bundled by Istanbul coverage reports; not malicious. ai
maintainer-change maintainer-added AI (maintainer-change): Large enterprise org with frequent team changes; publisher is the official procore-npm-bot with clean history. ai
maintainer-change maintainer-removed AI (maintainer-change): Routine org churn for a large enterprise package; no takeover indicators. ai
publish-pattern dormant-publish AI (publish-pattern): Major version gap (v11→v12) explains dormancy; publisher and repo are consistent with official Procore org. ai
source-diff large-new-source-files AI (source-diff): Icon set package; 152 new files consistent with major version icon additions. ai

Versions (showing 19 of 19)

Version Deps Published
12.18.0 0 / 35
12.17.0 0 / 35
12.16.0 0 / 35
12.15.0 0 / 35
12.14.0 0 / 35
12.13.0 0 / 35
12.12.0 0 / 35
12.11.0 0 / 36
12.10.1 0 / 36
12.10.0 0 / 36
12.9.1 0 / 36
12.9.0 0 / 36
12.8.0 0 / 35
12.7.0 0 / 35
12.6.1 0 / 35
12.6.0 0 / 35
12.5.0 0 / 35
12.4.0 0 / 37
11.0.5 0 / 29

v12.18.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.16.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.15.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.14.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.13.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.12.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.11.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.10.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.10.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.9.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.9.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.8.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.7.0

2 findings
HIGH New obfuscated file: coverage/lcov-report/prettify.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.6.1

2 findings
HIGH New obfuscated file: coverage/lcov-report/prettify.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.6.0

3 findings
HIGH New obfuscated file: coverage/lcov-report/prettify.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/icons/Webhook.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.5.0

3 findings
HIGH New obfuscated file: coverage/lcov-report/prettify.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/icons/Webhook.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v12.4.0

3 findings
HIGH New obfuscated file: coverage/lcov-report/prettify.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/icons/Webhook.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.