@thesvg/react — Greenflagged

Typed React SVG components for all 3,800+ brand icons from thesvg.org

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

gdsks

Keywords

svgiconsbrandlogosreactcomponentstree-shakeableesmtypescript

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/lume.js	AI (source-diff): Auto-generated SVG icon component; long lines are inline JSON path data, not obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/baoviet-holdings.js	AI (source-diff): Auto-generated SVG icon component; long lines are minified path data, not obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/bamboo-airways.js	AI (source-diff): Auto-generated SVG icon component; long lines are minified path data, not obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/adnoc.js	AI (source-diff): Auto-generated SVG icon component; long lines are minified path data, not obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/usnews.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are minified path data, not obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/tpbank.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are minified path data, not obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/tata-consultancy-services.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are minified path data, not obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/sabeco.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are minified path data, not obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/pnj.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are minified path data, not obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/novaland.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are minified path data, not obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/microsoft-planner.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are minified path data, not obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/microsoft-loop.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are minified path data, not obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/microsoft-365-copilot.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are minified path data, not obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/lume.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are minified path data, not obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/baoviet-holdings.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are minified path data, not obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/bamboo-airways.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are minified path data, not obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/adnoc.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are minified path data, not obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/google-keep-2026.cjs	AI (source-diff): Same pattern: auto-generated SVG icon component with inline JSON path data.	ai	2026/05/29
source-diff	obfuscated-file:dist/google-slides-2026.js	AI (source-diff): ESM variant of the same auto-generated SVG icon component.	ai	2026/05/29
source-diff	obfuscated-file:dist/google-keep-2026.js	AI (source-diff): ESM variant of the same auto-generated SVG icon component.	ai	2026/05/29
source-diff	obfuscated-file:dist/google-calendar-2026.js	AI (source-diff): ESM variant of the same auto-generated SVG icon component.	ai	2026/05/29
source-diff	obfuscated-file:dist/google-slides-2026.cjs	AI (source-diff): Same pattern: auto-generated SVG icon component with inline JSON path data.	ai	2026/05/29
source-diff	obfuscated-file:dist/google-calendar-2026.cjs	AI (source-diff): Long lines are JSON-serialized SVG path data in auto-generated icon components, not obfuscation.	ai	2026/05/29
source-diff	obfuscated-file:dist/pinecone.cjs	AI (source-diff): Long lines are minified SVG path data in React components, not obfuscation; expected for an SVG icon library.	ai	2026/05/29
source-diff	obfuscated-file:dist/vinfast.cjs	AI (source-diff): Long lines are inline SVG path data in auto-generated brand icon components, not obfuscation. Pattern is stable across all icon files in this package.	ai	2026/05/22
source-diff	obfuscated-file:dist/coupang.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are inlined JSON path data, not obfuscation.	ai	2026/05/17
source-diff	obfuscated-file:dist/autodesk-inventor.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are inlined JSON path data, not obfuscation.	ai	2026/05/17
source-diff	obfuscated-file:dist/cplusplus-builder.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are SVG path data, not obfuscation.	ai	2026/05/17
source-diff	obfuscated-file:dist/corejs.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are SVG path data, not obfuscation.	ai	2026/05/17
source-diff	obfuscated-file:dist/character-animator.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are SVG path data, not obfuscation.	ai	2026/05/17
source-diff	obfuscated-file:dist/ceylon.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are SVG path data, not obfuscation.	ai	2026/05/17
source-diff	obfuscated-file:dist/capture.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are SVG path data, not obfuscation.	ai	2026/05/17
source-diff	obfuscated-file:dist/browserstack.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are SVG path data, not obfuscation.	ai	2026/05/17
source-diff	obfuscated-file:dist/bridge.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are SVG path data, not obfuscation.	ai	2026/05/17
source-diff	obfuscated-file:dist/audition.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are SVG path data, not obfuscation.	ai	2026/05/17
source-diff	obfuscated-file:dist/awk.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are SVG path data, not obfuscation.	ai	2026/05/17
source-diff	obfuscated-file:dist/denojs.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are SVG path data, not obfuscation.	ai	2026/05/17
source-diff	obfuscated-file:dist/dataspell.cjs	AI (source-diff): Auto-generated SVG icon component; long lines are SVG path data, not obfuscation.	ai	2026/05/17
source-diff	obfuscated-file:dist/adobe-aero.cjs	AI (source-diff): Same pattern: inline SVG path data in auto-generated React component.	ai	2026/05/17
source-diff	large-new-source-files	AI (source-diff): 579 new files are per-icon CJS modules expected for a 3800+ icon library expansion.	ai	2026/05/17
source-diff	obfuscated-file:dist/argocd.cjs	AI (source-diff): Same pattern: inline SVG path data in auto-generated React component.	ai	2026/05/17
source-diff	obfuscated-file:dist/apl.cjs	AI (source-diff): Same pattern: inline SVG path data in auto-generated React component.	ai	2026/05/17
source-diff	obfuscated-file:dist/anker.cjs	AI (source-diff): Same pattern: inline SVG path data in auto-generated React component.	ai	2026/05/17
source-diff	obfuscated-file:dist/amplitude.cjs	AI (source-diff): Same pattern: inline SVG path data in auto-generated React component.	ai	2026/05/17
source-diff	obfuscated-file:dist/al-jazeera.cjs	AI (source-diff): Same pattern: inline SVG path data in auto-generated React component.	ai	2026/05/17
source-diff	obfuscated-file:dist/adobe-stock.cjs	AI (source-diff): Same pattern: inline SVG path data in auto-generated React component.	ai	2026/05/17
source-diff	obfuscated-file:dist/aarch64.cjs	AI (source-diff): Long lines are inline SVG path JSON data in auto-generated icon components, not obfuscation.	ai	2026/05/17

Versions (showing 22 of 22)

Version	Deps	Published
3.0.10	0 / 3	2026-05-27
3.0.9	0 / 3	2026-05-27
3.0.8	0 / 3	2026-05-27
3.0.7	0 / 3	2026-05-25
3.0.6	0 / 3	2026-05-25
3.0.5	0 / 3	2026-05-22
3.0.4	0 / 3	2026-05-22
3.0.3	0 / 3	2026-05-21
3.0.2	0 / 3	2026-05-21
3.0.1	0 / 3	2026-05-20
3.0.0	0 / 3	2026-05-16
2.1.12	0 / 3	2026-05-16
2.1.11	0 / 3	2026-05-16
2.1.10	0 / 3	2026-05-09
2.1.9	0 / 3	2026-05-09
2.1.8	0 / 3	2026-05-05
2.1.7	0 / 3	2026-05-05
2.1.6	0 / 3	2026-04-28
2.1.5	0 / 3	2026-04-21
2.1.4	0 / 3	2026-04-18
2.1.3	0 / 3	2026-04-11
2.1.2	0 / 3	2026-04-04

v3.0.10

23 findings

HIGH New obfuscated file: dist/adnoc.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bamboo-airways.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/baoviet-holdings.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/google-calendar-2026.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/google-keep-2026.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/google-slides-2026.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/lume.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/microsoft-365-copilot.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/microsoft-loop.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/microsoft-planner.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/novaland.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/pinecone.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/pnj.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/sabeco.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/tata-consultancy-services.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/tpbank.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/usnews.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/adnoc.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bamboo-airways.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/baoviet-holdings.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/google-calendar-2026.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/google-keep-2026.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.9

22 findings