fantasticon
2
Versions
—
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
tancredi
Keywords
iconsfontsiconfontssvgvector
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:svg2ttf | AI (dependencies): Core font-conversion dep for an icon-font tool; expected and stable. | ai | |
| dependencies | unvetted-dep:ttf2eot | AI (dependencies): Core font-conversion dep; expected for this package's purpose. | ai | |
| dependencies | unvetted-dep:ttf2woff | AI (dependencies): Core font-conversion dep; expected for this package's purpose. | ai | |
| dependencies | unvetted-dep:ttf2woff2 | AI (dependencies): Core font-conversion dep; expected for this package's purpose. | ai | |
| dependencies | unvetted-dep:svgicons2svgfont | AI (dependencies): Core SVG-to-font dep; expected for this package's purpose. | ai | |
| dependencies | unvetted-dep:handlebars | AI (dependencies): Used for template rendering; well-known library, appropriate for this tool. | ai |
v4.1.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.1
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.