@instantdb/react-native-mmkv
React Native MMKV interface for Instant DB
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | suspicious-initial-version | AI (npm-metadata): 0.0.0 is the standard coordinated versioning pattern for the @instantdb/ monorepo family; not indicative of malicious intent for this scoped package. | ai | |
| dependencies | unvetted-dep:@instantdb/core | AI (dependencies): @instantdb/core is a sibling package in the same instantdb/instant monorepo, always published at the same version. This dependency relationship is stable and expected for this package. | ai |
Versions (showing 16 of 122)
| Version | Deps | Published |
|---|---|---|
| 0.22.127 | 1 / 7 | |
| 0.22.126 | 1 / 7 | |
| 0.22.125 | 1 / 7 | |
| 0.22.124 | 1 / 7 | |
| 0.22.123 | 1 / 7 | |
| 0.22.122 | 1 / 7 | |
| 0.22.121 | 1 / 7 | |
| 0.22.120 | 1 / 7 | |
| 0.22.119 | 1 / 7 | |
| 0.22.118 | 1 / 7 | |
| 0.22.117 | 1 / 7 | |
| 0.22.116 | 1 / 7 | |
| 0.22.115 | 1 / 7 | |
| 0.22.114 | 1 / 7 | |
| 0.22.113 | 1 / 7 | |
| 0.0.0 | 1 / 7 |
v0.22.127
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.126
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.125
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.124
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.123
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.122
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.121
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.120
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.119
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.118
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.117
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.116
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.115
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.114
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.113
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.