@sqliteai/sqlite-sync-expo SEE LICENSE IN LICENSE.md 18 versions

@sqliteai/sqlite-sync-expo

npm Repository Homepage

SQLite Sync extension for Expo - Sync on-device databases with SQLite Cloud

18

Versions

SEE LICENSE IN LICENSE.md

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

marcobambinigioetiziano_tuccelladanielebriggidamla_yildiz

Keywords

react-nativeexpoexpo-pluginsqlitesqlite-syncsyncoffline-firstdatabase-sync

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
npm-metadata	bundled-binaries	AI (npm-metadata): Native iOS/Android binaries are the expected delivery mechanism for this React Native SQLite sync library; SLSA provenance attestation validates build integrity.	ai	2026/05/02

Versions (showing 18 of 18)

Version	Deps	Published
1.0.20	0 / 0	2026-05-26
1.0.19	0 / 0	2026-05-15
1.0.18	0 / 0	2026-04-29
1.0.17	0 / 0	2026-04-24
1.0.16	0 / 0	2026-04-16
1.0.15	0 / 0	2026-04-16
1.0.14	0 / 0	2026-04-15
1.0.13	0 / 0	2026-04-14
1.0.12	0 / 0	2026-04-11
1.0.11	0 / 0	2026-04-11
1.0.10	0 / 0	2026-04-08
1.0.9	0 / 0	2026-04-08
1.0.8	0 / 0	2026-04-03
1.0.7	0 / 0	2026-04-02
1.0.6	0 / 0	2026-04-01
1.0.5	0 / 0	2026-04-01
1.0.3	0 / 0	2026-04-01
1.0.2	0 / 0	2026-04-01

v1.0.20

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.19

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.18

2 findings

HIGH Bundled binary files (4) npm-metadata

Package contains compiled binaries that could be backdoors: • ios/CloudSync.xcframework/ios-arm64/CloudSync.framework/CloudSync • android/jniLibs/arm64-v8a/cloudsync.so • android/jniLibs/armeabi-v7a/cloudsync.so • android/jniLibs/x86_64/cloudsync.so

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.17

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.16

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.15

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.14

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.13

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.12

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.11

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.