simple-icons
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| email-domain | unclaimed-email:adamrusted.me | AI (email-domain): Stale maintainer email; package has SLSA provenance via GitHub Actions, mitigating domain-takeover risk. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): simple-icons is a long-established package (391 versions, 3143 days old) with CI/CD publishing and SLSA attestation; dormancy gaps are not indicative of takeover for this package. | ai | |
| provenance | slsa-provenance | AI (provenance): simple-icons consistently publishes via CI/CD with SLSA provenance; this is expected and stable for this package. | ai |
Versions (showing 28 of 28)
| Version | Deps | Published |
|---|---|---|
| 16.21.0 | 0 / 25 | |
| 16.20.0 | 0 / 25 | |
| 16.19.0 | 0 / 25 | |
| 16.18.1 | 0 / 25 | |
| 16.18.0 | 0 / 25 | |
| 16.17.0 | 0 / 25 | |
| 16.16.0 | 0 / 25 | |
| 16.15.0 | 0 / 25 | |
| 16.14.0 | 0 / 25 | |
| 16.13.0 | 0 / 25 | |
| 16.12.0 | 0 / 25 | |
| 16.11.0 | 0 / 25 | |
| 16.10.0 | 0 / 25 | |
| 16.9.0 | 0 / 25 | |
| 16.8.0 | 0 / 25 | |
| 16.7.0 | 0 / 25 | |
| 16.6.1 | 0 / 25 | |
| 16.6.0 | 0 / 25 | |
| 16.5.0 | 0 / 25 | |
| 16.4.0 | 0 / 25 | |
| 16.3.0 | 0 / 25 | |
| 16.2.0 | 0 / 25 | |
| 16.1.0 | 0 / 25 | |
| 16.0.0 | 0 / 25 | |
| 15.22.0 | 0 / 25 | |
| 15.21.0 | 0 / 25 | |
| 15.20.0 | 0 / 25 | |
| 15.19.0 | 0 / 25 |
v16.21.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.20.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.19.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.18.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.18.0
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.17.0
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.16.0
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.15.0
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.14.0
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.13.0
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.12.0
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.11.0
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.10.0
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.9.0
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.8.0
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.7.0
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.6.1
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.6.0
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.5.0
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.4.0
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.3.0
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.2.0
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.1.0
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.0.0
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.22.0
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.21.0
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.20.0
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.19.0
2 findingsMaintainer email '[email protected]' uses domain 'adamrusted.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.