react-native-maps
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Moved to GitHub Actions CI/CD publishing with SLSA provenance; legitimate transition. | ai | |
| email-domain | unclaimed-email:gilbox.me | AI (email-domain): Historical maintainer email; not the active publisher account. Low hijack risk for this established org package. | ai | |
| provenance | slsa-provenance | AI (provenance): SLSA provenance attestation via CI/CD is the strongest supply chain integrity signal; stable for this package. | ai | |
| source-diff | large-new-source-files | AI (source-diff): New Architecture/Fabric migration legitimately adds many generated source files; expected for this package. | ai | |
| phantom-deps | phantom-dep:@types/geojson | AI (phantom-deps): @types/geojson is a legitimate runtime type dependency for GeoJSON type support in this maps library. | ai |
Versions (showing 53 of 53)
| Version | Deps | Published |
|---|---|---|
| 1.27.2 | 1 / 25 | |
| 1.27.1 | 1 / 25 | |
| 1.26.20 | 1 / 25 | |
| 1.26.19 | 1 / 25 | |
| 1.26.18 | 1 / 25 | |
| 1.26.17 | 1 / 25 | |
| 1.26.16 | 1 / 25 | |
| 1.26.15 | 1 / 25 | |
| 1.26.14 | 1 / 25 | |
| 1.26.13 | 1 / 25 | |
| 1.26.12 | 1 / 25 | |
| 1.26.11 | 1 / 25 | |
| 1.26.10 | 1 / 25 | |
| 1.26.9 | 1 / 25 | |
| 1.26.8 | 1 / 25 | |
| 1.26.7 | 1 / 25 | |
| 1.26.6 | 1 / 25 | |
| 1.26.5 | 1 / 25 | |
| 1.26.4 | 1 / 25 | |
| 1.26.3 | 1 / 25 | |
| 1.26.2 | 1 / 25 | |
| 1.26.1 | 1 / 25 | |
| 1.26.0 | 1 / 25 | |
| 1.25.6 | 1 / 25 | |
| 1.25.5 | 1 / 25 | |
| 1.25.4 | 1 / 25 | |
| 1.25.3 | 1 / 25 | |
| 1.25.2 | 1 / 25 | |
| 1.25.1 | 1 / 25 | |
| 1.25.0 | 1 / 25 | |
| 1.24.16 | 1 / 25 | |
| 1.24.15 | 1 / 25 | |
| 1.24.14 | 1 / 25 | |
| 1.24.13 | 1 / 25 | |
| 1.24.12 | 1 / 25 | |
| 1.24.11 | 1 / 25 | |
| 1.24.10 | 1 / 25 | |
| 1.24.9 | 1 / 25 | |
| 1.24.8 | 1 / 25 | |
| 1.24.7 | 1 / 25 | |
| 1.24.6 | 1 / 25 | |
| 1.24.5 | 1 / 25 | |
| 1.24.4 | 1 / 25 | |
| 1.24.3 | 1 / 25 | |
| 1.24.2 | 1 / 25 | |
| 1.24.1 | 1 / 25 | |
| 1.24.0 | 1 / 25 | |
| 1.23.12 | 1 / 25 | |
| 1.23.11 | 1 / 25 | |
| 1.23.10 | 1 / 25 | |
| 1.23.9 | 1 / 25 | |
| 1.23.8 | 1 / 25 | |
| 1.3.2 | 1 / 15 |
v1.27.2
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.27.1
3 findingsThis version was published by a different npm account than previous versions on 2026-02-01. This could indicate a legitimate maintainer transition or an account compromise.
Maintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.26.20
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.26.19
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.26.18
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.26.17
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.26.16
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.26.15
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.26.14
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.26.13
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.26.12
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.26.11
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.26.10
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.26.9
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.26.8
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.26.7
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.26.6
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.26.5
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.26.4
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.26.3
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.26.2
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.26.1
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.26.0
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.25.6
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.25.5
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.25.4
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.25.3
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.25.2
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.25.1
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.25.0
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.24.16
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.24.15
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.24.14
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.24.13
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.24.12
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.24.11
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.24.10
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.24.9
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.24.8
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.24.7
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.24.6
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.24.5
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.24.4
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.24.3
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.24.2
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.24.1
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.24.0
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.23.12
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.23.11
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.23.10
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.23.9
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.23.8
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.2
2 findingsMaintainer email '[email protected]' uses domain 'gilbox.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.