@react-native-vector-icons/codemod
Tool to help users migrate from react-native-vector-icons to @react-native-vector-icons/*
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:env-spread | AI (semgrep): env-spread is used only to pass process.env + FORCE_COLOR to a child jscodeshift process; no secret exfiltration risk. | ai |
Versions (showing 7 of 7)
| Version | Deps | Published |
|---|---|---|
| 13.2.1 | 4 / 10 | |
| 13.2.0 | 4 / 10 | |
| 13.1.0 | 4 / 10 | |
| 13.0.1 | 4 / 10 | |
| 13.0.0 | 4 / 10 | |
| 12.3.2 | 4 / 10 | |
| 12.3.1 | 3 / 7 |
v13.2.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v13.2.0
7 findingsSpreading entire process.env into an object — may capture all secrets 16 | const cmd = `jscodeshift --transform ${transformFilePath} --extensions js,ts,jsx,tsx --parser tsx --ignore-pattern '**/ 17 | const proc = (0, _nodeChild_process.exec)(cmd, { > 18 | env: { 19 | ...process.env, 20 | FORCE_COLOR: 'true'
Spreading entire process.env into an object — may capture all secrets 15 | const cmd = `jscodeshift --transform ${transformFilePath} --extensions js,ts,jsx,tsx --parser tsx --ignore-pattern '**/ 16 | const proc = (0, _nodeChild_process.exec)(cmd, { > 17 | env: { 18 | ...process.env, 19 | FORCE_COLOR: 'true'
Spreading entire process.env into an object — may capture all secrets 15 | const cmd = `jscodeshift --transform ${transformFilePath} --extensions js,ts,jsx,tsx --parser tsx --ignore-pattern '**/ 16 | const proc = exec(cmd, { > 17 | env: { 18 | ...process.env, 19 | FORCE_COLOR: 'true'
Spreading entire process.env into an object — may capture all secrets 14 | const cmd = `jscodeshift --transform ${transformFilePath} --extensions js,ts,jsx,tsx --parser tsx --ignore-pattern '**/ 15 | const proc = exec(cmd, { > 16 | env: { 17 | ...process.env, 18 | FORCE_COLOR: 'true'
Spreading entire process.env into an object — may capture all secrets 17 | const cmd = `jscodeshift --transform ${transformFilePath} --extensions js,ts,jsx,tsx --parser tsx --ignore-pattern '**/ 18 | > 19 | const proc = exec(cmd, { env: { ...process.env, FORCE_COLOR: 'true' } }); 20 | 21 | const pkgs = new Set<string>();
Spreading entire process.env into an object — may capture all secrets 16 | const cmd = `jscodeshift --transform ${transformFilePath} --extensions js,ts,jsx,tsx --parser tsx --ignore-pattern '**/ 17 | > 18 | const proc = exec(cmd, { env: { ...process.env, FORCE_COLOR: 'true' } }); 19 | 20 | proc.stdout?.on('data', (data: string) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v13.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v13.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v13.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.3.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v12.3.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.