Icon library pinned at an unrelease git commit

[lanesawyer]

I noticed that the icon library (ikonate) is pinned to a specific commit (github:mikolajdobrucki/ikonate#a86b4107c6ec717e7877f880a930d1ccf0b59d89) instead of pulling from a published npm version.

That commit is v1.2.0, but it was never published. However, we upgraded to the commit because we are using the svg_controls_alt icon, which is one of the 47 new ones that were added for v1.2.0.

I think this GitHub commit pinning is what's causing build failures for #938. Claude Sonnet 4.6 seems to think it's an issue with the sub-process not dealing with the .nmprc min-release-age correctly after it translates that into --build. It very well could be a legitimate bug with npm or just my misunderstanding of how this all works.

Regardless, the commit pinning is something that bothered me a bit a few months ago when I was looking at the codebase and I think it would be good to move it to a versioned install to be in line with the other packages.

To do so, I see a few paths forward:

1. Convince the owner of ikonate to publish v1.2.0 to NPM. But that repository hasn't seen activity in years. The maintainer may be unresponsive so this could take a while or never happen.
2. Downgrade to v1.1.0 and use an existing icon from that package, either as-is, or rotate it 90 degrees (see image below)
3. Choose a different, more active, icon library. This would give us more options when choosing icons going forward, but is the most invasive option.
4. Keep it pinned and convince npm that we found a bug. Wait until they verify and fix it if this is not intended behavior.
5. Apply min-release-age as a command line argument instead of in the .npmrc in hopes that it fixes the issue during the CI jobs build time. However, that does mean we can't enforce it locally when people are installing new packages. It should be caught by the CI jobs so we'd still be safe that way, but I'm also not super experienced with this setting and don't know how the CI jobs will respond if code is pushed with that violation

Images

This is a screenshot from https://ikonate.com/. The highlighted one is the only v1.2.0 icon we're using. It got published to the website even though the version was never released. But we could use the one to its right and rotate it 90 degrees:

[chrisj]

Unfortunately, the rotated icon was also added in 1.2.

https://github.com/mikolajdobrucki/ikonate/blob/v1.2/icons/controls-alt.svg
https://github.com/mikolajdobrucki/ikonate/blob/v1.2/icons/controls-vertical-alt.svg

[jbms]

Yes, kind of unfortunate.

Not sure it is worth changing this just to fix the npm bug as there are probably other workarounds we can use, e.g. (4).

We could also just vendor the necessary icons (since there are only a few) into the neuroglancer repo.

[chrisj]

only 26 icons from my count