← Home

@nx/react-native

npm Repository Homepage

The Nx Plugin for React Native contains generators for managing React Native applications and libraries within an Nx workspace. It provides: -Integration with libraries such as Jest, Detox, and Storybook. -Scaffolding for creating buildable libraries th

50
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

nrwlownernrwl-jasonjack-nrwlmaxklessjameshenry

Keywords

MonorepoReactWebJestNativeCLIMobile

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:tslib AI (phantom-deps): tslib is a known implicit TypeScript runtime dependency; stable false positive. ai
semgrep semgrep:env-spread AI (semgrep): Build executor passing process.env to child processes is standard and expected for this package. ai
semgrep semgrep:child-process-import AI (semgrep): React Native build executors legitimately spawn Android/iOS build processes via child_process. ai
phantom-deps phantom-dep:ajv AI (phantom-deps): ajv is declared as a direct dependency in package.json; stable false positive for this package. ai

Versions (showing 50 of 50)

Version Deps Published
22.7.5 11 / 1
22.7.4 11 / 1
22.7.3 11 / 1
22.7.2 11 / 1
22.7.1 11 / 1
22.7.0 11 / 1
22.6.5 11 / 1
22.6.4 11 / 1
22.6.3 11 / 1
22.6.2 11 / 1
22.6.1 11 / 1
22.6.0 11 / 1
22.5.4 11 / 1
22.5.3 11 / 1
22.5.2 11 / 1
22.5.1 11 / 1
22.5.0 11 / 1
22.4.5 11 / 1
22.4.4 11 / 1
22.4.3 11 / 1
22.4.2 11 / 1
22.4.1 11 / 1
22.4.0 11 / 1
22.3.3 11 / 0
22.3.2 11 / 0
22.3.1 11 / 0
22.3.0 11 / 0
22.2.7 11 / 0
22.2.6 11 / 0
22.2.5 11 / 0
22.2.4 11 / 0
22.2.3 11 / 0
22.2.2 11 / 0
22.2.1 11 / 0
22.2.0 11 / 0
22.1.3 11 / 0
22.1.2 11 / 0
22.1.1 11 / 0
22.1.0 11 / 0
22.0.4 11 / 0
22.0.3 11 / 0
22.0.2 11 / 0
22.0.1 11 / 0
22.0.0 11 / 0
21.6.11 11 / 1
21.6.10 11 / 1
21.6.9 11 / 1
21.3.12 15 / 0
20.8.4 15 / 0
20.8.3 15 / 0

v22.7.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.7.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.7.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.7.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.7.0

5 findings
HIGH env-spread: src/executors/build-android/build-android.impl.js:20 semgrep

Spreading entire process.env into an object — may capture all secrets 18 | stdio: 'inherit', 19 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 20 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 21 | }); 22 | /**

HIGH env-spread: src/executors/build-ios/build-ios.impl.js:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | ], { 24 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 25 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 26 | }); 27 | /**

HIGH env-spread: src/executors/run-android/run-android.impl.js:34 semgrep

Spreading entire process.env into an object — may capture all secrets 32 | stdio: 'inherit', 33 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 34 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 35 | }); 36 | /**

HIGH env-spread: src/executors/run-ios/run-ios.impl.js:35 semgrep

Spreading entire process.env into an object — may capture all secrets 33 | stdio: 'inherit', 34 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 35 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 36 | }); 37 | /**

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.6.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.6.4

5 findings
HIGH env-spread: src/executors/build-android/build-android.impl.js:20 semgrep

Spreading entire process.env into an object — may capture all secrets 18 | stdio: 'inherit', 19 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 20 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 21 | }); 22 | /**

HIGH env-spread: src/executors/build-ios/build-ios.impl.js:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | ], { 24 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 25 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 26 | }); 27 | /**

HIGH env-spread: src/executors/run-android/run-android.impl.js:34 semgrep

Spreading entire process.env into an object — may capture all secrets 32 | stdio: 'inherit', 33 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 34 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 35 | }); 36 | /**

HIGH env-spread: src/executors/run-ios/run-ios.impl.js:35 semgrep

Spreading entire process.env into an object — may capture all secrets 33 | stdio: 'inherit', 34 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 35 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 36 | }); 37 | /**

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.6.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.6.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.6.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.6.0

5 findings
HIGH env-spread: src/executors/build-android/build-android.impl.js:20 semgrep

Spreading entire process.env into an object — may capture all secrets 18 | stdio: 'inherit', 19 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 20 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 21 | }); 22 | /**

HIGH env-spread: src/executors/build-ios/build-ios.impl.js:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | ], { 24 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 25 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 26 | }); 27 | /**

HIGH env-spread: src/executors/run-android/run-android.impl.js:34 semgrep

Spreading entire process.env into an object — may capture all secrets 32 | stdio: 'inherit', 33 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 34 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 35 | }); 36 | /**

HIGH env-spread: src/executors/run-ios/run-ios.impl.js:35 semgrep

Spreading entire process.env into an object — may capture all secrets 33 | stdio: 'inherit', 34 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 35 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 36 | }); 37 | /**

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.5.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.5.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.5.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.5.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.5.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.4.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.4.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.4.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.4.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.4.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.4.0

5 findings
HIGH env-spread: src/executors/build-android/build-android.impl.js:20 semgrep

Spreading entire process.env into an object — may capture all secrets 18 | stdio: 'inherit', 19 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 20 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 21 | }); 22 | /**

HIGH env-spread: src/executors/build-ios/build-ios.impl.js:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | ], { 24 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 25 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 26 | }); 27 | /**

HIGH env-spread: src/executors/run-android/run-android.impl.js:34 semgrep

Spreading entire process.env into an object — may capture all secrets 32 | stdio: 'inherit', 33 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 34 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 35 | }); 36 | /**

HIGH env-spread: src/executors/run-ios/run-ios.impl.js:35 semgrep

Spreading entire process.env into an object — may capture all secrets 33 | stdio: 'inherit', 34 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 35 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 36 | }); 37 | /**

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.3.3

5 findings
HIGH env-spread: src/executors/build-android/build-android.impl.js:20 semgrep

Spreading entire process.env into an object — may capture all secrets 18 | stdio: 'inherit', 19 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 20 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 21 | }); 22 | /**

HIGH env-spread: src/executors/build-ios/build-ios.impl.js:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | ], { 24 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 25 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 26 | }); 27 | /**

HIGH env-spread: src/executors/run-android/run-android.impl.js:34 semgrep

Spreading entire process.env into an object — may capture all secrets 32 | stdio: 'inherit', 33 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 34 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 35 | }); 36 | /**

HIGH env-spread: src/executors/run-ios/run-ios.impl.js:35 semgrep

Spreading entire process.env into an object — may capture all secrets 33 | stdio: 'inherit', 34 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 35 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 36 | }); 37 | /**

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.3.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.3.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.3.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.2.7

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.2.6

5 findings
HIGH env-spread: src/executors/build-android/build-android.impl.js:20 semgrep

Spreading entire process.env into an object — may capture all secrets 18 | stdio: 'inherit', 19 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 20 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 21 | }); 22 | /**

HIGH env-spread: src/executors/build-ios/build-ios.impl.js:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | ], { 24 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 25 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 26 | }); 27 | /**

HIGH env-spread: src/executors/run-android/run-android.impl.js:34 semgrep

Spreading entire process.env into an object — may capture all secrets 32 | stdio: 'inherit', 33 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 34 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 35 | }); 36 | /**

HIGH env-spread: src/executors/run-ios/run-ios.impl.js:35 semgrep

Spreading entire process.env into an object — may capture all secrets 33 | stdio: 'inherit', 34 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 35 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 36 | }); 37 | /**

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.2.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.2.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.2.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.2.2

5 findings
HIGH env-spread: src/executors/build-android/build-android.impl.js:20 semgrep

Spreading entire process.env into an object — may capture all secrets 18 | stdio: 'inherit', 19 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 20 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 21 | }); 22 | /**

HIGH env-spread: src/executors/build-ios/build-ios.impl.js:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | ], { 24 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 25 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 26 | }); 27 | /**

HIGH env-spread: src/executors/run-android/run-android.impl.js:34 semgrep

Spreading entire process.env into an object — may capture all secrets 32 | stdio: 'inherit', 33 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 34 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 35 | }); 36 | /**

HIGH env-spread: src/executors/run-ios/run-ios.impl.js:35 semgrep

Spreading entire process.env into an object — may capture all secrets 33 | stdio: 'inherit', 34 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 35 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 36 | }); 37 | /**

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.2.1

5 findings
HIGH env-spread: src/executors/build-android/build-android.impl.js:20 semgrep

Spreading entire process.env into an object — may capture all secrets 18 | stdio: 'inherit', 19 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 20 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 21 | }); 22 | /**

HIGH env-spread: src/executors/build-ios/build-ios.impl.js:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | ], { 24 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 25 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 26 | }); 27 | /**

HIGH env-spread: src/executors/run-android/run-android.impl.js:34 semgrep

Spreading entire process.env into an object — may capture all secrets 32 | stdio: 'inherit', 33 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 34 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 35 | }); 36 | /**

HIGH env-spread: src/executors/run-ios/run-ios.impl.js:35 semgrep

Spreading entire process.env into an object — may capture all secrets 33 | stdio: 'inherit', 34 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 35 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 36 | }); 37 | /**

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.2.0

5 findings
HIGH env-spread: src/executors/build-android/build-android.impl.js:20 semgrep

Spreading entire process.env into an object — may capture all secrets 18 | stdio: 'inherit', 19 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 20 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 21 | }); 22 | /**

HIGH env-spread: src/executors/build-ios/build-ios.impl.js:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | ], { 24 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 25 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 26 | }); 27 | /**

HIGH env-spread: src/executors/run-android/run-android.impl.js:34 semgrep

Spreading entire process.env into an object — may capture all secrets 32 | stdio: 'inherit', 33 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 34 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 35 | }); 36 | /**

HIGH env-spread: src/executors/run-ios/run-ios.impl.js:35 semgrep

Spreading entire process.env into an object — may capture all secrets 33 | stdio: 'inherit', 34 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 35 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 36 | }); 37 | /**

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.1.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.1.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.1.1

5 findings
HIGH env-spread: src/executors/build-android/build-android.impl.js:20 semgrep

Spreading entire process.env into an object — may capture all secrets 18 | stdio: 'inherit', 19 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 20 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 21 | }); 22 | /**

HIGH env-spread: src/executors/build-ios/build-ios.impl.js:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | ], { 24 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 25 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 26 | }); 27 | /**

HIGH env-spread: src/executors/run-android/run-android.impl.js:34 semgrep

Spreading entire process.env into an object — may capture all secrets 32 | stdio: 'inherit', 33 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 34 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 35 | }); 36 | /**

HIGH env-spread: src/executors/run-ios/run-ios.impl.js:35 semgrep

Spreading entire process.env into an object — may capture all secrets 33 | stdio: 'inherit', 34 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 35 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 36 | }); 37 | /**

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.1.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.0.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.0.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.0.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.0.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v22.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v21.6.11

5 findings
HIGH env-spread: src/executors/build-android/build-android.impl.js:20 semgrep

Spreading entire process.env into an object — may capture all secrets 18 | stdio: 'inherit', 19 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 20 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 21 | }); 22 | /**

HIGH env-spread: src/executors/build-ios/build-ios.impl.js:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | ], { 24 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 25 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 26 | }); 27 | /**

HIGH env-spread: src/executors/run-android/run-android.impl.js:34 semgrep

Spreading entire process.env into an object — may capture all secrets 32 | stdio: 'inherit', 33 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 34 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 35 | }); 36 | /**

HIGH env-spread: src/executors/run-ios/run-ios.impl.js:35 semgrep

Spreading entire process.env into an object — may capture all secrets 33 | stdio: 'inherit', 34 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 35 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 36 | }); 37 | /**

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v21.6.10

5 findings
HIGH env-spread: src/executors/build-android/build-android.impl.js:20 semgrep

Spreading entire process.env into an object — may capture all secrets 18 | stdio: 'inherit', 19 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 20 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 21 | }); 22 | /**

HIGH env-spread: src/executors/build-ios/build-ios.impl.js:25 semgrep

Spreading entire process.env into an object — may capture all secrets 23 | ], { 24 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 25 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 26 | }); 27 | /**

HIGH env-spread: src/executors/run-android/run-android.impl.js:34 semgrep

Spreading entire process.env into an object — may capture all secrets 32 | stdio: 'inherit', 33 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 34 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 35 | }); 36 | /**

HIGH env-spread: src/executors/run-ios/run-ios.impl.js:35 semgrep

Spreading entire process.env into an object — may capture all secrets 33 | stdio: 'inherit', 34 | cwd: (0, path_1.resolve)(workspaceRoot, projectRoot), > 35 | env: { ...process.env, RCT_METRO_PORT: options.port.toString() }, 36 | }); 37 | /**

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v21.6.9

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v21.3.12

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v20.8.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v20.8.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.