← Home

@nativescript/core

npm Repository Homepage

A JavaScript library providing an easy to use api for interacting with iOS and Android platform APIs.

1
Versions
Apache-2.0
License
Yes
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

rigor789nativescript-bot

Keywords

NativeScriptJavaScriptAndroidiOSTypeScript

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
install-scripts install-script:postinstall AI (install-scripts): NativeScript CLI hook registration via postinstall is documented and consistent across all 1196 versions of this package. ai
npm-metadata bundled-binaries AI (npm-metadata): iOS xcframework binaries are expected artifacts for a mobile cross-platform framework targeting iOS/visionOS. ai
typosquat typosquat.levenshtein:cors AI (typosquat): Scoped package @nativescript/core is the canonical NativeScript framework; no relation to the cors package. ai
phantom-deps phantom-dep:source-map AI (phantom-deps): source-map is a declared dependency used in build tooling/config; stable false positive for this package. ai

Versions (showing 1 of 1)

Version Deps Published
9.0.18 12 / 0

v9.0.18

4 findings
HIGH Package has 'postinstall' script install-scripts

Script: node cli-hooks/postinstall.mjs

HIGH Bundled binary files (8) npm-metadata

Package contains compiled binaries that could be backdoors: • platforms/ios/NSCWinterTC.xcframework/ios-arm64/dSYMs/NSCWinterTC.framework.dSYM/Contents/Resources/DWARF/NSCWinterTC • platforms/ios/NSCWinterTC.xcframework/ios-arm64/NSCWinterTC.framework/NSCWinterTC • platforms/ios/NSCWinterTC.xcframework/xros-arm64/dSYMs/NSCWinterTC.framework.dSYM/Contents/Resources/DWARF/NSCWinterTC • platforms/ios/NSCWinterTC.xcframework/xros-arm64/NSCWinterTC.framework/NSCWinterTC • platforms/ios/TNSWidgets.xcframework/ios-arm64/dSYMs/TNSWidgets.framework.dSYM/Contents/Resources/DWARF/TNSWidgets • platforms/ios/TNSWidgets.xcframework/ios-arm64/TNSWidgets.framework/TNSWidgets • platforms/ios/TNSWidgets.xcframework/xros-arm64/dSYMs/TNSWidgets.framework.dSYM/Contents/Resources/DWARF/TNSWidgets • platforms/ios/TNSWidgets.xcframework/xros-arm64/TNSWidgets.framework/TNSWidgets

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@nativescript/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.