npmpackage.info

Gathering detailed insights and metrics for @medplum/expo-polyfills

@medplum/expo-polyfills - 4.3.4 | npmpackage.info

@medplum/expo-polyfills

Medplum is a healthcare platform that helps you quickly develop high-quality compliant applications.

4.3.4

1,694

Apache-2.0

TypeScript

121.52 kB

6.1

Installations

npm install @medplum/expo-polyfills

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS, ESM

Node Version

20.19.3

NPM Version

10.8.2 Pull Requests

Open

42

Total

4,892

Closed

310

Merged

4,540

Issues

Open

465

Total

2,087

Closed

1,622

Releases

223

Version 4.3.4

v4.3.4

Updated on Jul 14, 2025

Version 4.3.3

v4.3.3

Updated on Jul 04, 2025

Version 4.3.2

v4.3.2

Updated on Jul 03, 2025

Version 4.3.1

v4.3.1

Updated on Jul 02, 2025

Version 4.3.0

v4.3.0

Updated on Jun 30, 2025

Version 4.2.6

v4.2.6

Updated on Jun 30, 2025

View All 223 releases

Languages

TypeScript

MDX

Shell

HCL

JavaScript

CSS

NSIS

Dockerfile

Python

Smarty

HTML

TypeScript (88.56%)

MDX (9.81%)

Shell (0.45%)

HCL (0.44%)

JavaScript (0.28%)

CSS (0.28%)

NSIS (0.1%)

Dockerfile (0.02%)

Python (0.02%)

Smarty (0.02%)

HTML (0.01%)

Developer

medplum

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

Apache-2.0 License

1,694 Stars

4,799 Commits

505 Forks

20 Watchers

114 Branches

127 Contributors

Updated on Jul 14, 2025

Maintainers

View All 127 Contributors

Package Meta Information

Latest Version

4.3.4

Package Id

@medplum/expo-polyfills@4.3.4

Unpacked Size

121.52 kB

Size

31.90 kB

File Count

NPM Version

10.8.2

Node Version

20.19.3

Published on

Jul 14, 2025

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

@medplum/expo-polyfills

A module for polyfilling the minimum necessary web APIs for using the Medplum client on React Native

Installation in managed Expo projects

For managed Expo projects, please follow the installation instructions in the API documentation for the latest stable release. If you follow the link and there is no documentation available then this library is not yet usable within managed projects — it is likely to be included in an upcoming Expo SDK release.

Expo SDK Compatibility

It's recommended you use the latest Expo SDK (SDK 51 as of May 2024).

However, this package should be compatible with Expo SDK 49+.

Going forward, each version of this package will advertise the minimum compatible Expo SDK required which is subject to change based on the breaking changes of underlying Expo packages.

Installation in bare React Native projects

For bare React Native projects, you must ensure that you have installed and configured the expo package before continuing.

Add the package to your npm dependencies

npm install @medplum/expo-polyfills

Overview

There are currently two major components to this package:

The polyfills for getting MedplumClient working without errors in React Native. See: [polyfillMedplumWebAPIs]
The ExpoClientStorage class, which enables MedplumClient to persist what is normally stored in LocalStorage on the web client into a secure storage on a mobile device. Under the hood it uses Expo's SecureStore, but abstracts away the complexity of its asynchronous APIs, since the Storage interface is normally synchronous in nature.

Usage

To get full compatibility with the MedplumClient in React Native, call the polyfillMedplumWebAPIs in the app root and pass in an ExpoClientStorage into your MedplumClient. If you want to wait to load components until after the MedplumClient has initialized, you can conditionally render based on the loading property from the useMedplumContext hook.

1import { MedplumClient } from '@medplum/core';
2import { MedplumProvider, useMedplumContext } from '@medplum/react-hooks';
3import { polyfillMedplumWebAPIs, ExpoClientStorage } from '@medplum/expo-polyfills';
4
5polyfillMedplumWebAPIs();
6
7const medplum = new MedplumClient({ storage: new ExpoClientStorage() });
8
9function Home(): JSX.Element {
10  const { loading } = useMedplumContext();
11  return loading ? <div>Loading...</div> : <div>Loaded!</div>;
12}
13
14function App(): JSX.Element {
15  return (
16    <MedplumProvider medplum={medplum}>
17      <Home />
18    </MedplumProvider>
19  );
20}

Usage with `Expo Router`

When using MedplumClient with Expo Router, you will likely need to disable the polyfill for window.location; Expo Router provides a polyfill that better interoperates with the package than the Medplum-provided one. See: https://expo.github.io/router/docs/lab/runtime-location#native

To disable the Medplum window.location polyfill, simply pass the following config to polyfillMedplumWebAPIs:

1polyfillMedplumWebAPIs({ location: false });

Usage with the Medplum `useSubscription` hook

When using useSubscription in your Expo app, there is one more function you should call in the root of your app: initWebSocketManager. The function just takes the MedplumClient instance you will be using. You can get useSubscription working in your Expo app like so:

1import { MedplumClient, useSubscription } from '@medplum/core';
2import { MedplumProvider, useMedplumContext } from '@medplum/react-hooks';
3import { polyfillMedplumWebAPIs, ExpoClientStorage, initWebSocketManager } from '@medplum/expo-polyfills';
4
5polyfillMedplumWebAPIs();
6
7const medplum = new MedplumClient({ storage: new ExpoClientStorage() });
8
9initWebSocketManager(medplum);
10
11function Counter(): JSX.Element {
12  const [count, setCount] = useState(0);
13
14  useSubscription(
15    'Communication',
16    (_bundle: Bundle) => {
17      setCount((s) => s + 1);
18    }
19  );
20
21  return <div>Count: {count}</div>
22}
23
24function Home(): JSX.Element {
25  const { loading } = useMedplumContext();
26  return loading ? <div>Loading...</div> : <Counter />;
27}
28
29function App(): JSX.Element {
30  return (
31    <MedplumProvider medplum={medplum}>
32      <Home />
33    </MedplumProvider>
34  );
35}

Managing backgrounding of app when using `useSubscription`

Due to stability concerns on both the mobile app and Medplum server, we automatically close the WebSocket connection when the mobile app is backgrounded / goes inactive. However, we will automatically seamlessly reconnect the WebSocket when the app becomes active again. This means that you may miss notifications for a subscription in between disconnecting and reconnecting. We try to make it more ergonomic for managing the "catch-up" process for developers by providing lifecycle "hooks" (not React hooks, but options in the useSubscription hook itself). We have the following lifecycle events that you can use to make sure you don't miss an event for a resource:

onWebSocketOpen - When the WebSocket itself makes a successful connection.
onWebSocketOpen - When the WebSocket itself closes.
onSubscriptionConnect - When a particular subscription has been established and we are sure that we are receiving notification events for it.
onSubscriptionDisconnect - When a particular subscription is disconnected and we are no longer getting notification events for it.

Here is how you can use these lifecycle callbacks to notify the user that the connection has been lost and find any messages that have been missed after it reconnects to this particular subscription:

1import { MedplumClient } from '@medplum/core';
2import { MedplumProvider, useMedplumContext, useMedplum, useSubscription } from '@medplum/react-hooks';
3import { polyfillMedplumWebAPIs, ExpoClientStorage, initWebSocketManager } from '@medplum/expo-polyfills';
4
5polyfillMedplumWebAPIs();
6
7const medplum = new MedplumClient({ storage: new ExpoClientStorage() });
8
9initWebSocketManager(medplum);
10
11function Counter(): JSX.Element {
12  const medplum = useMedplum();
13  const [count, setCount] = useState(0);
14  const [reconnecting, setReconnecting] = useState(false);
15  const lastMessageTime = useRef<string>(new Date().toISOString());
16
17  useSubscription(
18    'Communication',
19    (_bundle: Bundle) => {
20      setCount((s) => s + 1);
21      lastMessageTime.current = new Date().toISOString();
22    },
23    {
24      onWebSocketClose: useCallback(() => {
25        if (!reconnecting) {
26          setReconnecting(true);
27        }
28        showNotification({ color: 'red', message: 'Live chat disconnected. Attempting to reconnect...' });
29      }, [setReconnecting, reconnecting]),
30      onWebSocketOpen: useCallback(() => {
31        if (reconnecting) {
32          showNotification({ color: 'green', message: 'Live chat reconnected.' });
33        }
34      }, [reconnecting]),
35      onSubscriptionConnect: useCallback(() => {
36        if (reconnecting) {
37          const searchParams = new URLSearchParams();
38          searchParams.append('_sort', '-_lastUpdated');
39          // Get messages that are greater than the last received timestamp
40          if (lastMessageTime.current) {
41            searchParams.append('_lastUpdated', `gt${lastMessageTime.current}`);
42          }
43          lastMessageTime.current = new Date().toISOString();
44          medplum.searchResources('Communication', searchParams, { cache: 'no-cache' })
45            .then((communications: Communication[]) => {
46              setCount(s => s + communications.length);
47            })
48            .catch((err) => showNotification({ color: 'red', message: normalizeErrorString(err) }));
49          setReconnecting(false);
50        }
51      }, [reconnecting, setReconnecting, medplum]),
52    }
53  );
54
55  return <div>Count: {count}</div>
56}
57
58function Home(): JSX.Element {
59  const { loading } = useMedplumContext();
60  return loading ? <div>Loading...</div> : <Counter />;
61}
62
63function App(): JSX.Element {
64  return (
65    <MedplumProvider medplum={medplum}>
66      <Home />
67    </MedplumProvider>
68  );
69}

No vulnerabilities found.

10

Security-Policy

Determines if the project has published a security policy.

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Maintained

Determines if the project is "actively maintained".

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Dependency-Update-Tool

Determines if the project uses a dependency update tool.

10

License

Determines if the project has defined a license.

10

SAST

Determines if the project uses static code analysis.

10

CI-Tests

Determines if the project runs tests before pull requests are merged.

10

Contributors

Determines if the project has a set of contributors from multiple organizations (e.g., companies).

8

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

5

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

3

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 3

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/add-issue-to-project.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/add-issue-to-project.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/add-issue-to-project.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/add-issue-to-project.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/assign-pull-request.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/assign-pull-request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/autofix-ci.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/autofix-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/autofix-ci.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/autofix-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build-agent.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build-agent.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build-agent.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build-agent.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build-agent.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build-agent.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build-agent.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build-agent.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:203: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build-agent.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:221: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build-agent.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:224: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build-agent.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:230: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build-agent.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-agent.yml:277: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build-agent.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-deb.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build-deb.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-deb.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build-deb.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-deb.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build-deb.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-deb.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build-deb.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:192: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:195: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:241: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:287: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:290: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:295: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:366: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:386: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:389: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:394: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/build.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/chromatic.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/chromatic.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/chromatic.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/chromatic.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/claude.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/claude.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/claude.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/claude.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coveralls.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/coveralls.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coveralls.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/coveralls.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/coveralls.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/coveralls.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/labeler.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/labeler.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/madge.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/madge.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/madge.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/madge.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/madge.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/madge.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/madge.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/madge.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/madge.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/madge.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prepare-release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/prepare-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prepare-release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/prepare-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-meta.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/publish-meta.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/publish.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/publish.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/publish.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/publish.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:166: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:224: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:270: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:273: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:279: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:308: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scorecard.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/scorecard.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sonar.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/sonar.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sonar.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/sonar.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sonar.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/sonar.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/staging.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/staging.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/staging.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/staging.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/staging.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/staging.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/staging.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/staging.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/staging.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/staging.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/staging.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/staging.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-dependencies.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/upgrade-dependencies.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-dependencies.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/medplum/medplum/upgrade-dependencies.yml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:14: pin your Docker image by updating node:20-slim to node:20-slim@sha256:fa43945ad45c5f8c50dbea0633d888ddeb739f7d4e06c7696a9d68b54054238a
Warn: containerImage not pinned by hash: packages/agent/Dockerfile:1: pin your Docker image by updating debian:bullseye-slim to debian:bullseye-slim@sha256:b5f9bc44bdfbd9d551dfdd432607cbc6bb5d9d6dea726a1191797d7749166973
Warn: containerImage not pinned by hash: packages/app/Dockerfile:1: pin your Docker image by updating nginxinc/nginx-unprivileged:alpine to nginxinc/nginx-unprivileged:alpine@sha256:7ee77c5c1690b76bdb00d0555aa9ff251d7386dce48277a902f69ed478f7a3b0
Warn: downloadThenRun not pinned by hash: scripts/build-agent-installer-win64.sh:89
Warn: downloadThenRun not pinned by hash: scripts/build-agent-installer-win64.sh:110
Warn: npmCommand not pinned by hash: scripts/deploy-bot-layer.sh:33
Warn: npmCommand not pinned by hash: scripts/reinstall.sh:26
Warn: npmCommand not pinned by hash: .github/workflows/madge.yml:48
Info: 2 out of 76 GitHub-owned GitHubAction dependencies pinned
Info: 2 out of 22 third-party GitHubAction dependencies pinned
Info: 0 out of 3 containerImage dependencies pinned
Info: 18 out of 21 npmCommand dependencies pinned
Info: 0 out of 2 downloadThenRun dependencies pinned

0

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

Reason

detected GitHub workflow tokens with excessive permissions

Details

Info: jobLevel 'actions' permission set to 'read': .github/workflows/build-agent.yml:19
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/build-agent.yml:20
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/build-agent.yml:144
Info: jobLevel 'actions' permission set to 'read': .github/workflows/build-agent.yml:143
Info: jobLevel 'actions' permission set to 'read': .github/workflows/build-agent.yml:217
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/build-agent.yml:218
Info: jobLevel 'actions' permission set to 'read': .github/workflows/build-deb.yml:23
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/build-deb.yml:24
Info: jobLevel 'contents' permission set to 'read': .github/workflows/claude.yml:22
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/claude.yml:23
Info: jobLevel 'issues' permission set to 'read': .github/workflows/claude.yml:24
Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:34
Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:35
Info: jobLevel 'contents' permission set to 'read': .github/workflows/labeler.yml:8
Info: jobLevel 'actions' permission set to 'read': .github/workflows/publish.yml:110
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/publish.yml:111
Info: jobLevel 'actions' permission set to 'read': .github/workflows/publish.yml:266
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/publish.yml:267
Info: jobLevel 'actions' permission set to 'read': .github/workflows/publish.yml:20
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/publish.yml:21
Warn: no topLevel permission defined: .github/workflows/add-issue-to-project.yml:1
Warn: no topLevel permission defined: .github/workflows/assign-pull-request.yml:1
Warn: no topLevel permission defined: .github/workflows/autofix-ci.yml:1
Warn: no topLevel permission defined: .github/workflows/build-agent.yml:1
Warn: no topLevel permission defined: .github/workflows/build-deb.yml:1
Warn: no topLevel permission defined: .github/workflows/build.yml:1
Warn: no topLevel permission defined: .github/workflows/chromatic.yml:1
Warn: no topLevel permission defined: .github/workflows/claude.yml:1
Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
Warn: no topLevel permission defined: .github/workflows/coveralls.yml:1
Warn: no topLevel permission defined: .github/workflows/deploy.yml:1
Warn: no topLevel permission defined: .github/workflows/labeler.yml:1
Warn: no topLevel permission defined: .github/workflows/madge.yml:1
Warn: no topLevel permission defined: .github/workflows/prepare-release.yml:1
Warn: no topLevel permission defined: .github/workflows/publish-meta.yml:1
Warn: no topLevel permission defined: .github/workflows/publish.yml:1
Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:20
Warn: no topLevel permission defined: .github/workflows/sonar.yml:1
Warn: no topLevel permission defined: .github/workflows/staging.yml:1
Warn: no topLevel permission defined: .github/workflows/upgrade-dependencies.yml:1

0

Signed-Releases

Determines if the project cryptographically signs release artifacts.

0

Fuzzing

Determines if the project uses fuzzing.

Score

6.1

/10

Last Scanned on 2025-07-14T21:51:42Z

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

@medplum/expo-polyfills

Installations

Developer Guide

Yes

CommonJS, ESM

20.19.3

10.8.2

Pull Requests

42

4,892

310

4,540

Issues

465

2,087

1,622

Releases

Languages

Developer

Download Statistics

GitHub Statistics

Maintainers

Package Meta Information

Total Downloads

NaN

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Peer Dependencies

Dev Dependencies

@medplum/expo-polyfills

Installation in managed Expo projects

Expo SDK Compatibility

Installation in bare React Native projects

Add the package to your npm dependencies

Overview

Usage

Usage with Expo Router

Usage with the Medplum useSubscription hook

Managing backgrounding of app when using useSubscription

10

10

10

10

10

10

10

10

10

8

5

3

0

0

0

0

6.1

/10

Usage with `Expo Router`

Usage with the Medplum `useSubscription` hook

Managing backgrounding of app when using `useSubscription`