@dwidge/components-expo
A collection of Expo components and utilities.
51
Versions
—
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
No source commit
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
dwidgedev
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Publisher change is a same-owner account transition (dwidge→dwidgedev); consistent repo URL and namespace confirm legitimate handoff. | ai | |
| maintainer-change | maintainer-takeover | AI (maintainer-change): dwidge → dwidgedev appears to be a self-managed account rename/consolidation; dwidgedev has 159 approved packages and a long clean history. Not a hostile takeover. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Package ships src/ alongside dist/ as documented in package.json 'files' field; large source file counts are expected for this component library. | ai | |
| dependencies | unvetted-dep:expo-camera | AI (dependencies): expo-camera is an official Expo SDK package; expected in an Expo component library. | ai | |
| dependencies | unvetted-dep:expo-crypto | AI (dependencies): expo-crypto is an official Expo SDK package; expected in an Expo component library. | ai | |
| dependencies | unvetted-dep:expo-router | AI (dependencies): expo-router is an official Expo SDK package; expected in an Expo component library. | ai | |
| dependencies | unvetted-dep:expo-linking | AI (dependencies): expo-linking is an official Expo SDK package; expected in an Expo component library. | ai | |
| dependencies | unvetted-dep:expo-sharing | AI (dependencies): expo-sharing is an official Expo SDK package; expected in an Expo component library. | ai | |
| dependencies | unvetted-dep:react-native | AI (dependencies): react-native is the core React Native framework; expected in any Expo/RN component library. | ai | |
| dependencies | unvetted-dep:@rneui/themed | AI (dependencies): @rneui/themed is a well-known React Native UI library; expected in an Expo component library. | ai | |
| dependencies | unvetted-dep:expo-file-system | AI (dependencies): expo-file-system is an official Expo SDK package; expected in an Expo component library. | ai | |
| dependencies | unvetted-dep:expo-image-picker | AI (dependencies): expo-image-picker is an official Expo SDK package; expected in an Expo component library. | ai | |
| dependencies | unvetted-dep:expo-document-picker | AI (dependencies): expo-document-picker is an official Expo SDK package; expected in an Expo component library. | ai | |
| dependencies | unvetted-dep:expo-image-manipulator | AI (dependencies): expo-image-manipulator is an official Expo SDK package; expected in an Expo component library. | ai | |
| dependencies | unvetted-dep:zod | AI (dependencies): zod is a widely-used, well-known validation library; expected dependency for an Expo component library. | ai | |
| dependencies | unvetted-dep:expo-av | AI (dependencies): expo-av is an official Expo SDK package; expected in an Expo component library. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Buffer.from(base64, 'base64') is a standard utility function in a crypto/file helper module; no obfuscation or exfiltration context. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Package is a legitimate Expo component library with 58 versions and 585 days of history; sparse README is cosmetic, not a spam indicator. | ai |
Versions (showing 51 of 58)
| Version | Deps | Published |
|---|---|---|
| 0.0.63 | 0 / 6 | |
| 0.0.62 | 0 / 6 | |
| 0.0.61 | 0 / 6 | |
| 0.0.59 | 0 / 6 | |
| 0.0.58 | 0 / 6 | |
| 0.0.57 | 0 / 6 | |
| 0.0.56 | 0 / 6 | |
| 0.0.55 | 0 / 6 | |
| 0.0.54 | 0 / 6 | |
| 0.0.53 | 0 / 6 | |
| 0.0.51 | 0 / 6 | |
| 0.0.50 | 0 / 6 | |
| 0.0.49 | 0 / 6 | |
| 0.0.48 | 0 / 6 | |
| 0.0.47 | 0 / 6 | |
| 0.0.46 | 0 / 6 | |
| 0.0.45 | 0 / 6 | |
| 0.0.44 | 0 / 6 | |
| 0.0.43 | 0 / 6 | |
| 0.0.42 | 0 / 6 | |
| 0.0.40 | 0 / 6 | |
| 0.0.38 | 0 / 6 | |
| 0.0.37 | 0 / 6 | |
| 0.0.36 | 0 / 6 | |
| 0.0.35 | 0 / 6 | |
| 0.0.34 | 0 / 6 | |
| 0.0.33 | 0 / 6 | |
| 0.0.32 | 0 / 6 | |
| 0.0.31 | 0 / 6 | |
| 0.0.30 | 0 / 6 | |
| 0.0.29 | 0 / 6 | |
| 0.0.28 | 0 / 6 | |
| 0.0.27 | 0 / 6 | |
| 0.0.26 | 0 / 6 | |
| 0.0.25 | 0 / 6 | |
| 0.0.24 | 0 / 6 | |
| 0.0.23 | 0 / 6 | |
| 0.0.22 | 0 / 6 | |
| 0.0.21 | 0 / 6 | |
| 0.0.20 | 0 / 6 | |
| 0.0.19 | 0 / 6 | |
| 0.0.18 | 0 / 6 | |
| 0.0.17 | 0 / 6 | |
| 0.0.16 | 0 / 6 | |
| 0.0.15 | 0 / 6 | |
| 0.0.14 | 0 / 6 | |
| 0.0.13 | 0 / 6 | |
| 0.0.12 | 0 / 6 | |
| 0.0.11 | 0 / 6 | |
| 0.0.10 | 0 / 6 | |
| 0.0.8 | 20 / 6 |