← Home

@explorins/pers-sdk-react-native

npm Repository Homepage

React Native SDK for PERS Platform - Tourism Loyalty System with Blockchain Transaction Signing and WebAuthn Authentication

65
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

josepexplorinsflowa99supidani

Keywords

perssdkreact-nativetourismloyaltyblockchainweb3webauthntransaction-signingrewardsauthenticationbiometricssecure-storage

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff large-new-source-files AI (source-diff): Size growth matches addition of blockchain/WebAuthn/DFNS features; no malicious patterns found. ai
source-diff source-size-tripled AI (source-diff): Tripling explained by bundling ethers + DFNS SDK + ENS normalization data; consistent with feature additions. ai
phantom-deps phantom-dep:react-native-keychain AI (phantom-deps): Platform-specific native module; not directly imported in JS but used via native bridge. ai
phantom-deps phantom-dep:@dfns/sdk-react-native AI (phantom-deps): Platform-specific binary package; stable for React Native SDK. ai
phantom-deps phantom-dep:@dfns/sdk AI (phantom-deps): Platform-specific SDK; referenced in config but not direct imports. ai
phantom-deps phantom-dep:@explorins/web3-ts AI (phantom-deps): Internal org scoped package; likely used indirectly via pers-sdk dependency. ai
phantom-deps phantom-dep:typedoc AI (phantom-deps): Documentation tool referenced in config; stable pattern for this package. ai
phantom-deps phantom-dep:typedoc-plugin-markdown AI (phantom-deps): Documentation plugin referenced in config; stable pattern for this package. ai
source-diff encoded-string-file:dist/index.js AI (source-diff): Encoded string is the ENS normalize compressed data blob from ethers.js dependency; SHA-256 verified, not malicious. ai
semgrep semgrep:base64-decode AI (semgrep): atob polyfill for React Native; standard Buffer.from base64 decode, not hiding payloads. ai
phantom-deps phantom-dep:react-native-passkey AI (phantom-deps): Platform-specific binary package; conditional import is expected for RN native modules. ai
phantom-deps phantom-dep:ethers AI (phantom-deps): ethers is a declared runtime dep; used transitively or conditionally in this RN SDK. ai

Versions (showing 65 of 65)

Version Deps Published
2.3.6 5 / 23
2.3.5 5 / 23
2.3.4 5 / 23
2.3.3 5 / 23
2.3.2 5 / 23
2.2.2 5 / 23
2.2.1 5 / 23
2.2.0 5 / 23
2.1.23 8 / 13
2.1.22 8 / 13
2.1.21 8 / 13
2.1.20 8 / 13
2.1.19 8 / 13
2.1.18 8 / 13
2.1.17 8 / 13
2.1.13 8 / 13
2.1.12 8 / 13
2.1.11 8 / 13
2.1.10 8 / 12
2.1.8 8 / 12
2.1.7 8 / 12
2.1.6 8 / 12
2.1.5 8 / 11
2.1.3 8 / 11
2.1.2 8 / 11
2.1.1 8 / 11
2.0.5 10 / 11
2.0.4 10 / 11
2.0.3 10 / 11
2.0.2 10 / 11
2.0.1 10 / 11
2.0.0 10 / 11
1.5.36 10 / 11
1.5.35 10 / 11
1.5.34 10 / 11
1.5.33 10 / 11
1.5.32 10 / 11
1.5.31 10 / 11
1.5.30 10 / 11
1.5.29 10 / 11
1.5.28 10 / 11
1.5.27 10 / 11
1.5.26 9 / 11
1.5.25 9 / 11
1.5.23 10 / 11
1.5.22 10 / 11
1.5.21 10 / 11
1.5.20 10 / 11
1.5.18 13 / 10
1.5.17 13 / 10
1.5.16 13 / 10
1.5.15 13 / 10
1.5.13 13 / 10
1.5.12 13 / 10
1.5.11 13 / 10
1.5.10 13 / 10
1.5.8 13 / 10
1.5.7 13 / 10
1.5.6 13 / 10
1.5.5 13 / 10
1.5.4 13 / 10
1.5.3 13 / 10
1.5.2 13 / 10
1.5.1 10 / 9
1.3.2 5 / 7

v2.3.6

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO OSV query failed osv

Unexpected character ('<' (code 60)): expected a valid value (JSON String, Number, Array, Object or token 'null', 'true' or 'false') at [Source: REDACTED (`StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION` disabled); line: 2, column: 1]

v2.3.5

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO OSV query failed osv

Unexpected character ('<' (code 60)): expected a valid value (JSON String, Number, Array, Object or token 'null', 'true' or 'false') at [Source: REDACTED (`StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION` disabled); line: 2, column: 1]

v2.3.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.3.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.3.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.22

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.21

2 findings
HIGH Long encoded string in modified file: dist/index.js source-diff

Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.20

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.19

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.18

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.17

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.36

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.35

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.34

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.33

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.32

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.31

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.30

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.29

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.28

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.27

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.26

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.25

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.23

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.22

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.21

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.20

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.18

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.17

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.16

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.15

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.13

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.12

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.11

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.8

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.5.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.3.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.