@bunchtogether/boost-client

## API

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

bunchtogether

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@callstack/async-storage	AI (phantom-deps): @callstack/async-storage is explicitly declared in dependencies and referenced in build config; phantom-dep false positive for this package.	ai	2026/04/21
source-diff	large-new-source-files	AI (source-diff): Package has 111 versions and a long history; new source files reflect legitimate package growth/refactoring, not injected code. Publisher has clean track record.	ai	2026/04/21
dependencies	unvetted-dep:superagent	AI (dependencies): superagent is a well-established HTTP client library; its use is consistent with this package's client-side data-fetching purpose.	ai	2026/04/21
dependencies	unvetted-dep:query-string	AI (dependencies): query-string is a popular, well-maintained URL query string utility; no risk concerns.	ai	2026/04/21
dependencies	unvetted-dep:superagent-use	AI (dependencies): superagent-use is a standard superagent plugin mechanism; expected alongside superagent dependency.	ai	2026/04/21
dependencies	unvetted-dep:superagent-prefix	AI (dependencies): superagent-prefix is a standard superagent plugin for URL prefixing; expected alongside superagent dependency.	ai	2026/04/21
dependencies	unvetted-dep:@callstack/async-storage	AI (dependencies): @callstack/async-storage is a well-known React Native async storage library from a reputable org; no risk concerns.	ai	2026/04/21
provenance	no-provenance	AI (provenance): Package predates Sigstore provenance adoption; lack of attestation is expected for packages of this age and is not a risk signal.	ai	2026/04/21
dependencies	unvetted-dep:redux-saga	AI (dependencies): redux-saga is a well-known, widely-used Redux middleware library; its presence is expected and benign for this package.	ai	2026/04/21

Versions (showing 51 of 111)

View all versions

Version	Deps	Published
1.3.20	9 / 26	2022-11-09
1.3.19	9 / 26	2022-03-29
1.3.18	9 / 26	2022-03-29
1.3.17	9 / 26	2022-02-14
1.3.16	9 / 26	2022-02-11
1.3.15	9 / 26	2022-02-07
1.3.14	9 / 26	2022-02-03
1.3.13	9 / 26	2022-02-03
1.3.12	9 / 26	2022-02-02
1.3.11	9 / 26	2022-01-24
1.3.10	9 / 26	2022-01-21
1.3.9	9 / 26	2022-01-13
1.3.8	9 / 26	2022-01-05
1.3.7	9 / 26	2021-12-23
1.3.6	9 / 26	2021-12-23
1.3.5	9 / 26	2021-12-22
1.3.4	9 / 26	2021-12-21
1.3.3	9 / 26	2021-12-20
1.3.2	9 / 26	2021-12-17
1.3.1	9 / 26	2021-12-16
1.3.0	9 / 26	2021-12-10
1.2.4	10 / 26	2021-09-29
1.2.3	10 / 26	2021-09-17
1.2.2	10 / 26	2021-07-13
1.2.1	10 / 26	2021-07-11
1.2.0	10 / 26	2021-07-07
1.1.33	10 / 26	2021-07-06
1.1.32	10 / 26	2021-06-30
1.1.31	10 / 26	2021-06-30
1.1.30	10 / 26	2021-06-30
1.1.29	10 / 26	2021-06-30
1.1.28	10 / 26	2021-06-24
1.1.27	10 / 26	2021-06-22
1.1.26	10 / 26	2021-06-21
1.1.25	10 / 24	2021-06-16
1.1.24	10 / 24	2021-05-28
1.1.23	10 / 24	2021-05-14
1.1.22	10 / 24	2021-03-30
1.1.21	10 / 24	2021-02-25
1.1.20	10 / 24	2021-01-29
1.1.19	10 / 24	2021-01-28
1.1.18	10 / 24	2021-01-28
1.1.17	10 / 24	2021-01-18
1.1.16	10 / 24	2020-12-29
1.1.15	10 / 24	2020-12-28
1.1.14	10 / 24	2020-12-22
1.1.13	10 / 24	2020-12-14
1.1.12	10 / 24	2020-12-14
1.1.11	10 / 24	2020-12-10
1.1.10	10 / 24	2020-12-09
1.1.9	10 / 24	2020-12-09