@nx/expo
The Expo Plugin for Nx contains executors and generators for managing and developing an expo application within your workspace. For example, you can directly build for different target platforms as well as generate projects and publish your code.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a declared runtime dependency used implicitly by TypeScript-compiled output; stable false positive for this package. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): Passing process.env to a child process is standard for build-tool executors; not exfiltration. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): Build/run executors legitimately spawn Expo CLI subprocesses; expected pattern for this package. | ai |
Versions (showing 50 of 50)
| Version | Deps | Published |
|---|---|---|
| 22.7.5 | 9 / 1 | |
| 22.7.4 | 9 / 1 | |
| 22.7.3 | 9 / 1 | |
| 22.7.2 | 9 / 1 | |
| 22.7.1 | 9 / 1 | |
| 22.7.0 | 9 / 1 | |
| 22.6.5 | 9 / 1 | |
| 22.6.4 | 9 / 1 | |
| 22.6.3 | 9 / 1 | |
| 22.6.2 | 9 / 1 | |
| 22.6.1 | 9 / 1 | |
| 22.6.0 | 9 / 1 | |
| 22.5.4 | 9 / 1 | |
| 22.5.3 | 9 / 1 | |
| 22.5.2 | 9 / 1 | |
| 22.5.1 | 9 / 1 | |
| 22.5.0 | 9 / 1 | |
| 22.4.5 | 9 / 1 | |
| 22.4.4 | 9 / 1 | |
| 22.4.3 | 9 / 1 | |
| 22.4.2 | 9 / 1 | |
| 22.4.1 | 9 / 1 | |
| 22.4.0 | 9 / 1 | |
| 22.3.3 | 9 / 0 | |
| 22.3.2 | 9 / 0 | |
| 22.3.1 | 9 / 0 | |
| 22.3.0 | 9 / 0 | |
| 22.2.7 | 9 / 0 | |
| 22.2.6 | 9 / 0 | |
| 22.2.5 | 9 / 0 | |
| 22.2.4 | 9 / 0 | |
| 22.2.3 | 9 / 0 | |
| 22.2.2 | 9 / 0 | |
| 22.2.1 | 9 / 0 | |
| 22.2.0 | 9 / 0 | |
| 22.1.3 | 8 / 0 | |
| 22.1.2 | 8 / 0 | |
| 22.1.1 | 8 / 0 | |
| 22.1.0 | 8 / 0 | |
| 22.0.4 | 8 / 0 | |
| 22.0.3 | 8 / 0 | |
| 22.0.2 | 8 / 0 | |
| 22.0.1 | 8 / 0 | |
| 22.0.0 | 8 / 0 | |
| 21.6.11 | 8 / 0 | |
| 21.6.10 | 8 / 0 | |
| 21.6.9 | 8 / 0 | |
| 21.3.12 | 13 / 0 | |
| 20.8.4 | 13 / 0 | |
| 20.8.3 | 13 / 0 |
v22.7.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.7.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.7.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.7.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.7.0
2 findingsSpreading entire process.env into an object — may capture all secrets 30 | childProcess = (0, child_process_1.fork)(require.resolve('@expo/cli/build/bin/cli'), ['start', ...createStartOpt 31 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 32 | env: { 33 | RCT_METRO_PORT: options.port.toString(), 34 | ...process.env,
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.4
2 findingsSpreading entire process.env into an object — may capture all secrets 29 | childProcess = (0, child_process_1.fork)(require.resolve('@expo/cli/build/bin/cli'), ['start', ...createStartOpt 30 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 31 | env: { 32 | RCT_METRO_PORT: options.port.toString(), 33 | ...process.env,
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.5.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.5.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.5.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.5.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.3.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.3.2
2 findingsSpreading entire process.env into an object — may capture all secrets 29 | childProcess = (0, child_process_1.fork)(require.resolve('@expo/cli/build/bin/cli'), ['start', ...createStartOpt 30 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 31 | env: { 32 | RCT_METRO_PORT: options.port.toString(), 33 | ...process.env,
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.3.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.1.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.1.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.0.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.0.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.0.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v21.6.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v21.6.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v21.6.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v21.3.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v20.8.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v20.8.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.