@trackunit/ui-icons SEE LICENSE IN LICENSE.txt 3 versions

@trackunit/ui-icons

The `@trackunit/ui-icons` package is used by the Icon component in [@trackunit/react-components](https://www.npmjs.com/package/@trackunit/react-components).

Versions

SEE LICENSE IN LICENSE.txt

License

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

sandbankemtandrupkla-trackunitmta-tutu-publisher

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	no-provenance	AI (provenance): Long-standing package; provenance absence is a best-practice gap, not a security blocker.	ai	2026/05/02
bogus-package	bogus-package	AI (bogus-package): Established icon library; README link dump and missing keywords are metadata quirks, not spam indicators.	ai	2026/05/02
dependencies	unvetted-dep:svgo	AI (dependencies): svgo is a standard SVG optimizer; expected dependency for an icon library package.	ai	2026/04/30
publish-pattern	dormant-publish	AI (publish-pattern): Established Trackunit org package with 723 versions and 8 approved dependents; dormancy likely reflects org publishing cadence, not takeover.	ai	2026/04/30
phantom-deps	phantom-dep:glob	AI (phantom-deps): Build tooling dep; not a runtime import, stable pattern for this icon package.	ai	2026/04/29
phantom-deps	phantom-dep:string-ts	AI (phantom-deps): Build tooling dep; not a runtime import, stable pattern for this icon package.	ai	2026/04/29
phantom-deps	phantom-dep:prettier	AI (phantom-deps): Build tooling dep; not a runtime import, stable pattern for this icon package.	ai	2026/04/29
phantom-deps	phantom-dep:jsdom	AI (phantom-deps): Build tooling dep; not a runtime import, stable pattern for this icon package.	ai	2026/04/29

Versions (showing 3 of 206)

Version	Deps	Published
1.3.83	5 / 0	2025-05-01
1.3.79	5 / 0	2025-04-28
1.3.77	5 / 0	2025-04-28

v1.3.83

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.3.79

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.3.77

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.