Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@icon/themify-icons
Advanced tools
This repository is a module of the full standard-icons repository.
This repository is distributed with npm. After installing npm, you can install @icon/themify-icons
with this command.
npm install --save @icon/themify-icons
There are many ways/formats of how to use themify-icons. The fastest and recommended way is via SVG directly. Or use the webfont version if you want to include all icons at once:
1 . If you want to use just a few icons. Find the icons you need in "icons" folder. Then use them as regular images:
<img height="32" width="32" src="@icon/themify-icons/icons/arrow-up.svg" />
2 . Icons can be served from a CDN such as Unpkg. Simply use the @icon/themify-icons
npm package in the URL like the following:
<img height="32" width="32" src="https://unpkg.com/@icon/themify-icons/icons/arrow-up.svg" />
1 . Install @icon/themify-icons
with this command. In the <head>
of your html, reference the location to your themify-icons.css
.
<head>
...
<link rel="stylesheet" href="@icon/themify-icons/themify-icons.css">
...
</head>
2 . Use unpkg.com to load directly themify-icons without installing anything:
<head>
...
<link rel="stylesheet" href="https://unpkg.com/@icon/themify-icons/themify-icons.css">
...
</head>
Place themify-icons with
<i>
tag in your html like this. Icon class names are to be used with theti
class prefix.
<i class="ti ti-arrow-up"></i>
If you have any ideas or found bugs, please send me Pull Requests or let me know with GitHub Issues.
Themify-icons is copyright by Themify, font is licensed under the SIL OFL 1.1, code are licensed under the MIT License.
FAQs
Themify Icon Font
We found that @icon/themify-icons demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.