@trackunit/ui-icons
The `@trackunit/ui-icons` package is used by the Icon component in [@trackunit/react-components](https://www.npmjs.com/package/@trackunit/react-components).
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): Long-standing package; provenance absence is a best-practice gap, not a security blocker. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Established icon library; README link dump and missing keywords are metadata quirks, not spam indicators. | ai | |
| dependencies | unvetted-dep:svgo | AI (dependencies): svgo is a standard SVG optimizer; expected dependency for an icon library package. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Established Trackunit org package with 723 versions and 8 approved dependents; dormancy likely reflects org publishing cadence, not takeover. | ai | |
| phantom-deps | phantom-dep:glob | AI (phantom-deps): Build tooling dep; not a runtime import, stable pattern for this icon package. | ai | |
| phantom-deps | phantom-dep:string-ts | AI (phantom-deps): Build tooling dep; not a runtime import, stable pattern for this icon package. | ai | |
| phantom-deps | phantom-dep:prettier | AI (phantom-deps): Build tooling dep; not a runtime import, stable pattern for this icon package. | ai | |
| phantom-deps | phantom-dep:jsdom | AI (phantom-deps): Build tooling dep; not a runtime import, stable pattern for this icon package. | ai |
Versions (showing 51 of 193)
| Version | Deps | Published |
|---|---|---|
| 1.13.16 | 5 / 0 | |
| 1.13.15 | 5 / 0 | |
| 1.13.14 | 5 / 0 | |
| 1.13.13 | 5 / 0 | |
| 1.13.12 | 5 / 0 | |
| 1.13.11 | 5 / 0 | |
| 1.13.10 | 5 / 0 | |
| 1.13.9 | 5 / 0 | |
| 1.13.8 | 5 / 0 | |
| 1.13.7 | 5 / 0 | |
| 1.13.6 | 5 / 0 | |
| 1.13.5 | 5 / 0 | |
| 1.13.4 | 5 / 0 | |
| 1.13.3 | 5 / 0 | |
| 1.13.2 | 5 / 0 | |
| 1.13.1 | 5 / 0 | |
| 1.13.0 | 5 / 0 | |
| 1.12.9 | 5 / 0 | |
| 1.12.8 | 5 / 0 | |
| 1.12.7 | 5 / 0 | |
| 1.12.6 | 5 / 0 | |
| 1.12.5 | 5 / 0 | |
| 1.12.4 | 5 / 0 | |
| 1.12.3 | 5 / 0 | |
| 1.12.2 | 5 / 0 | |
| 1.11.113 | 5 / 0 | |
| 1.11.112 | 5 / 0 | |
| 1.11.111 | 5 / 0 | |
| 1.11.108 | 5 / 0 | |
| 1.11.107 | 5 / 0 | |
| 1.11.106 | 5 / 0 | |
| 1.11.105 | 5 / 0 | |
| 1.11.104 | 5 / 0 | |
| 1.11.102 | 5 / 0 | |
| 1.11.98 | 5 / 0 | |
| 1.11.96 | 5 / 0 | |
| 1.11.95 | 5 / 0 | |
| 1.11.94 | 5 / 0 | |
| 1.11.93 | 5 / 0 | |
| 1.11.91 | 5 / 0 | |
| 1.11.89 | 5 / 0 | |
| 1.11.87 | 5 / 0 | |
| 1.11.85 | 5 / 0 | |
| 1.11.81 | 5 / 0 | |
| 1.11.80 | 5 / 0 | |
| 1.11.79 | 5 / 0 | |
| 1.7.45 | 5 / 0 | |
| 1.7.44 | 5 / 0 | |
| 1.7.43 | 5 / 0 | |
| 1.7.42 | 5 / 0 | |
| 1.7.41 | 5 / 0 |
v1.13.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.113
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.112
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.108
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.107
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.106
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.105
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.104
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.102
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.98
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.96
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.95
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.94
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.93
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.91
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.89
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.87
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.85
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.81
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.80
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.79
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.7.45
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.7.44
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.43
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.42
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.41
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.