@trackunit/ui-icons
The `@trackunit/ui-icons` package is used by the Icon component in [@trackunit/react-components](https://www.npmjs.com/package/@trackunit/react-components).
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): Long-standing package; provenance absence is a best-practice gap, not a security blocker. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Established icon library; README link dump and missing keywords are metadata quirks, not spam indicators. | ai | |
| dependencies | unvetted-dep:svgo | AI (dependencies): svgo is a standard SVG optimizer; expected dependency for an icon library package. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Established Trackunit org package with 723 versions and 8 approved dependents; dormancy likely reflects org publishing cadence, not takeover. | ai | |
| phantom-deps | phantom-dep:glob | AI (phantom-deps): Build tooling dep; not a runtime import, stable pattern for this icon package. | ai | |
| phantom-deps | phantom-dep:string-ts | AI (phantom-deps): Build tooling dep; not a runtime import, stable pattern for this icon package. | ai | |
| phantom-deps | phantom-dep:prettier | AI (phantom-deps): Build tooling dep; not a runtime import, stable pattern for this icon package. | ai | |
| phantom-deps | phantom-dep:jsdom | AI (phantom-deps): Build tooling dep; not a runtime import, stable pattern for this icon package. | ai |
Versions (showing 100 of 193)
| Version | Deps | Published |
|---|---|---|
| 1.13.16 | 5 / 0 | |
| 1.13.15 | 5 / 0 | |
| 1.13.14 | 5 / 0 | |
| 1.13.13 | 5 / 0 | |
| 1.13.12 | 5 / 0 | |
| 1.13.11 | 5 / 0 | |
| 1.13.10 | 5 / 0 | |
| 1.13.9 | 5 / 0 | |
| 1.13.8 | 5 / 0 | |
| 1.13.7 | 5 / 0 | |
| 1.13.6 | 5 / 0 | |
| 1.13.5 | 5 / 0 | |
| 1.13.4 | 5 / 0 | |
| 1.13.3 | 5 / 0 | |
| 1.13.2 | 5 / 0 | |
| 1.13.1 | 5 / 0 | |
| 1.13.0 | 5 / 0 | |
| 1.12.9 | 5 / 0 | |
| 1.12.8 | 5 / 0 | |
| 1.12.7 | 5 / 0 | |
| 1.12.6 | 5 / 0 | |
| 1.12.5 | 5 / 0 | |
| 1.12.4 | 5 / 0 | |
| 1.12.3 | 5 / 0 | |
| 1.12.2 | 5 / 0 | |
| 1.11.113 | 5 / 0 | |
| 1.11.112 | 5 / 0 | |
| 1.11.111 | 5 / 0 | |
| 1.11.108 | 5 / 0 | |
| 1.11.107 | 5 / 0 | |
| 1.11.106 | 5 / 0 | |
| 1.11.105 | 5 / 0 | |
| 1.11.104 | 5 / 0 | |
| 1.11.102 | 5 / 0 | |
| 1.11.98 | 5 / 0 | |
| 1.11.96 | 5 / 0 | |
| 1.11.95 | 5 / 0 | |
| 1.11.94 | 5 / 0 | |
| 1.11.93 | 5 / 0 | |
| 1.11.91 | 5 / 0 | |
| 1.11.89 | 5 / 0 | |
| 1.11.87 | 5 / 0 | |
| 1.11.85 | 5 / 0 | |
| 1.11.81 | 5 / 0 | |
| 1.11.80 | 5 / 0 | |
| 1.11.79 | 5 / 0 | |
| 1.7.45 | 5 / 0 | |
| 1.7.44 | 5 / 0 | |
| 1.7.43 | 5 / 0 | |
| 1.7.42 | 5 / 0 | |
| 1.7.41 | 5 / 0 | |
| 1.7.39 | 5 / 0 | |
| 1.7.38 | 5 / 0 | |
| 1.7.36 | 5 / 0 | |
| 1.7.34 | 5 / 0 | |
| 1.7.33 | 5 / 0 | |
| 1.7.31 | 5 / 0 | |
| 1.7.29 | 5 / 0 | |
| 1.7.28 | 5 / 0 | |
| 1.7.26 | 5 / 0 | |
| 1.7.24 | 5 / 0 | |
| 1.7.23 | 5 / 0 | |
| 1.7.21 | 5 / 0 | |
| 1.7.20 | 5 / 0 | |
| 1.7.19 | 5 / 0 | |
| 1.7.18 | 5 / 0 | |
| 1.7.15 | 5 / 0 | |
| 1.7.13 | 5 / 0 | |
| 1.7.10 | 5 / 0 | |
| 1.7.8 | 5 / 0 | |
| 1.7.6 | 5 / 0 | |
| 1.7.5 | 5 / 0 | |
| 1.6.64 | 5 / 0 | |
| 1.6.60 | 5 / 0 | |
| 1.6.55 | 5 / 0 | |
| 1.6.53 | 5 / 0 | |
| 1.6.52 | 5 / 0 | |
| 1.6.51 | 5 / 0 | |
| 1.6.49 | 5 / 0 | |
| 1.6.47 | 5 / 0 | |
| 1.6.44 | 5 / 0 | |
| 1.6.42 | 5 / 0 | |
| 1.6.40 | 5 / 0 | |
| 1.6.39 | 5 / 0 | |
| 1.6.37 | 5 / 0 | |
| 1.6.33 | 5 / 0 | |
| 1.6.32 | 5 / 0 | |
| 1.6.29 | 5 / 0 | |
| 1.6.27 | 5 / 0 | |
| 1.6.25 | 5 / 0 | |
| 1.6.24 | 5 / 0 | |
| 1.6.23 | 5 / 0 | |
| 1.6.21 | 5 / 0 | |
| 1.6.20 | 5 / 0 | |
| 1.6.19 | 5 / 0 | |
| 1.6.18 | 5 / 0 | |
| 1.6.17 | 5 / 0 | |
| 1.6.16 | 5 / 0 | |
| 1.6.15 | 5 / 0 | |
| 1.6.14 | 5 / 0 |
v1.13.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.13.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.12.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.113
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.112
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.108
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.107
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.106
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.105
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.104
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.102
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.98
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.96
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.95
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.94
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.93
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.91
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.89
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.87
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.85
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.81
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.80
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.11.79
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.7.45
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.7.44
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.43
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.42
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.41
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.39
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.38
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.36
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.34
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.33
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.31
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.29
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.28
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.26
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.24
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.23
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.21
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.20
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.19
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.18
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.64
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.60
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.55
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.53
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.52
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.51
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.49
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.47
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.44
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.42
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.40
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.39
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.37
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.33
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.32
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.29
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.27
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.25
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.24
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.23
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.21
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.20
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.19
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.18
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.17
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.