@jobber/components-native
React Native implementation of Atlantis
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | large-new-source-files | AI (source-diff): Active component library; large file additions are routine for new component releases across 622 versions. | ai | |
| dependencies | unvetted-dep:react-native-modalize | AI (dependencies): react-native-modalize is a well-known RN modal library; appropriate for a RN component package. | ai | |
| dependencies | unvetted-dep:react-native-portalize | AI (dependencies): react-native-portalize is a companion to react-native-modalize; appropriate for a RN component package. | ai | |
| dependencies | unvetted-peer-dep:react-native-keyboard-controller | AI (dependencies): Stable peer dependency for this package; pre-existing and accepted. | ai | |
| dependencies | unvetted-dep:@react-native-clipboard/clipboard | AI (dependencies): Official React Native community clipboard package; well-known ecosystem dep. | ai | |
| dependencies | unvetted-dep:ts-xor | AI (dependencies): Legitimate TypeScript utility; stable dependency for this package. | ai | |
| dependencies | unvetted-dep:@react-native-picker/picker | AI (dependencies): Official React Native community picker package; well-known ecosystem dep. | ai | |
| dependencies | unvetted-dep:react-native-keyboard-controller | AI (dependencies): Popular React Native keyboard management library; no risk indicators. | ai | |
| provenance | no-provenance | AI (provenance): Established org package; lack of provenance is common and not a risk signal here. | ai |
Versions (showing 61 of 61)
| Version | Deps | Published |
|---|---|---|
| 0.101.9 | 11 / 33 | |
| 0.101.8 | 11 / 33 | |
| 0.101.7 | 11 / 33 | |
| 0.101.6 | 11 / 33 | |
| 0.101.5 | 11 / 33 | |
| 0.101.4 | 11 / 32 | |
| 0.101.3 | 11 / 25 | |
| 0.101.2 | 11 / 25 | |
| 0.101.1 | 11 / 25 | |
| 0.101.0 | 11 / 24 | |
| 0.100.2 | 11 / 24 | |
| 0.100.1 | 11 / 24 | |
| 0.100.0 | 11 / 24 | |
| 0.99.0 | 13 / 23 | |
| 0.98.5 | 13 / 23 | |
| 0.98.4 | 13 / 23 | |
| 0.98.3 | 13 / 23 | |
| 0.98.2 | 13 / 23 | |
| 0.98.1 | 13 / 23 | |
| 0.98.0 | 13 / 23 | |
| 0.97.1 | 13 / 23 | |
| 0.97.0 | 13 / 23 | |
| 0.96.0 | 13 / 23 | |
| 0.95.4 | 13 / 23 | |
| 0.95.3 | 13 / 23 | |
| 0.95.2 | 13 / 23 | |
| 0.95.1 | 13 / 23 | |
| 0.95.0 | 13 / 23 | |
| 0.94.0 | 13 / 23 | |
| 0.93.0 | 13 / 22 | |
| 0.92.0 | 13 / 22 | |
| 0.91.4 | 13 / 22 | |
| 0.91.3 | 13 / 22 | |
| 0.91.2 | 13 / 22 | |
| 0.91.1 | 13 / 22 | |
| 0.91.0 | 13 / 22 | |
| 0.90.0 | 13 / 22 | |
| 0.89.4 | 13 / 22 | |
| 0.89.3 | 13 / 22 | |
| 0.89.2 | 13 / 22 | |
| 0.89.1 | 13 / 22 | |
| 0.89.0 | 13 / 22 | |
| 0.88.1 | 13 / 22 | |
| 0.88.0 | 13 / 22 | |
| 0.87.1 | 13 / 23 | |
| 0.87.0 | 13 / 23 | |
| 0.86.1 | 13 / 23 | |
| 0.86.0 | 13 / 23 | |
| 0.85.0 | 13 / 15 | |
| 0.84.3 | 13 / 13 | |
| 0.84.2 | 13 / 9 | |
| 0.84.1 | 13 / 9 | |
| 0.84.0 | 13 / 9 | |
| 0.83.0 | 13 / 9 | |
| 0.82.0 | 13 / 9 | |
| 0.81.2 | 14 / 9 | |
| 0.81.1 | 14 / 9 | |
| 0.81.0 | 14 / 9 | |
| 0.80.2 | 14 / 9 | |
| 0.80.1 | 14 / 9 | |
| 0.80.0 | 14 / 9 |
v0.101.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.101.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.101.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.101.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.101.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.99.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.98.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.98.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.98.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.98.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.98.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.98.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.97.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.97.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.96.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.95.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.95.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.95.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.95.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.95.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.94.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.93.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.92.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.91.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.91.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.91.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.91.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.91.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.90.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.89.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.89.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.89.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.89.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.89.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.88.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.88.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.87.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.87.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.86.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.86.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.85.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.84.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.84.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.84.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.84.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.83.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.82.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.81.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.81.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.81.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.80.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.80.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.80.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.