← Home

ionicons

npm Repository Homepage
25
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

ionicjsbrandyscarneyliamdebeasi

Keywords

icon packioniciconsvgmobileweb componentcomponentcustom elementmaterial designios

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/ionicons/p-7ae0014f.system.entry.js AI (source-diff): Standard Stencil.js SystemJS minified build output; not obfuscated. Expected for this package. ai
source-diff obfuscated-file:dist/ionicons/p-380d7d75.entry.js AI (source-diff): Standard Stencil.js minified build output for web component entry; not obfuscated. Expected for this package. ai
source-diff obfuscated-file:dist/ionicons/p-891520aa.entry.js AI (source-diff): Standard Stencil.js minified build output for the ionicons web component; expected for this package. ai
source-diff obfuscated-file:dist/ionicons/p-cf81387e.system.entry.js AI (source-diff): Standard Stencil.js SystemJS minified build output for the ionicons web component; expected for this package. ai
source-diff obfuscated-file:dist/ionicons/p-c20d7e9f.js AI (source-diff): Minified Stencil runtime chunk in dist/; standard for this web component library. ai
source-diff large-new-source-files AI (source-diff): Hash-named build chunks rotate each release; new file count reflects normal Stencil rebuild. ai
source-diff obfuscated-file:dist/ionicons/p-6b015702.system.entry.js AI (source-diff): Minified Stencil build output in dist/; standard for this web component library. ai
source-diff obfuscated-file:dist/esm-es5/index-c73a3717.js AI (source-diff): Minified Stencil build output in dist/; standard for this web component library. ai
source-diff obfuscated-file:dist/ionicons/p-09f23f67.system.js AI (source-diff): Minified Stencil build output in dist/; standard for this web component library. ai
source-diff obfuscated-file:dist/ionicons/p-2c25132f.entry.js AI (source-diff): Minified Stencil build output in dist/; standard for this web component library. ai
source-diff obfuscated-file:dist/ionicons/p-7a41fcdf.entry.js AI (source-diff): Stencil.js build artifact — hashed chunk files are standard minified compiler output for this icon library, not obfuscation. Pattern is stable across all ionicons versions. ai
publish-pattern dormant-publish AI (publish-pattern): Ionicons v8 is a legitimate revival by the official ionicjs publisher (649 approved packages), backed by SLSA provenance attestation. Dormancy is explained by the major version gap. ai
source-diff obfuscated-file:dist/ionicons/p-Z3yp5Yym.js AI (source-diff): Stencil.js build artifact — hashed chunk files are standard minified compiler output for this icon library, not obfuscation. Pattern is stable across all ionicons versions. ai

Versions (showing 25 of 25)

Version Deps Published
8.0.13 1 / 18
8.0.12 1 / 18
8.0.11 1 / 18
8.0.10 1 / 17
8.0.9 1 / 17
8.0.8 1 / 17
8.0.7 1 / 17
8.0.6 1 / 17
8.0.5 1 / 17
8.0.4 1 / 17
8.0.3 1 / 17
8.0.2 1 / 17
8.0.1 1 / 17
8.0.0 1 / 17
7.4.0 1 / 14
7.3.1 1 / 14
7.3.0 1 / 14
7.2.3 1 / 14
7.2.2 1 / 14
7.2.1 1 / 14
7.2.0 1 / 14
7.1.2 1 / 14
7.1.1 1 / 14
7.1.0 1 / 14
7.0.0 1 / 14

v8.0.13

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.12

3 findings
HIGH New obfuscated file: dist/ionicons/p-7a41fcdf.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/ionicons/p-Z3yp5Yym.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.11

3 findings
HIGH New obfuscated file: dist/ionicons/p-7a41fcdf.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/ionicons/p-Z3yp5Yym.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.10

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.9

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.8

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.7

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.6

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.4.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.3.1

3 findings
HIGH New obfuscated file: dist/ionicons/p-891520aa.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/ionicons/p-cf81387e.system.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.3.0

3 findings
HIGH New obfuscated file: dist/ionicons/p-891520aa.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/ionicons/p-cf81387e.system.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.2.3

3 findings
HIGH New obfuscated file: dist/ionicons/p-891520aa.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/ionicons/p-cf81387e.system.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.2.2

3 findings
HIGH New obfuscated file: dist/ionicons/p-380d7d75.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/ionicons/p-7ae0014f.system.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.2.1

6 findings
HIGH New obfuscated file: dist/esm-es5/index-c73a3717.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/ionicons/p-09f23f67.system.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/ionicons/p-2c25132f.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/ionicons/p-6b015702.system.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/ionicons/p-c20d7e9f.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.2.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.1.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v7.1.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v7.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v7.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.