Modern, scalable tools. Exceptional developer experience.
Installations
npm install @rnx-kit/chromium-edge-launcherReleases
@rnx-kit/react-native-test-app-msal@5.0.0
Published on 27 Nov 2024
@rnx-kit/cli@0.18.3
Published on 27 Nov 2024
@react-native-webapis/web-storage@0.4.0
Published on 27 Nov 2024
@react-native-webapis/battery-status@0.3.0
Published on 27 Nov 2024
@rnx-kit/tools-react-native@2.0.2
Published on 21 Nov 2024
@rnx-kit/config@0.7.1
Published on 21 Nov 2024
Developer
Developer Guide
Module System
CommonJS
Min. Node Version
>=14.15
Typescript Support
Yes
Node Version
16.20.2
NPM Version
8.19.4
Statistics
1,533 Stars
3,118 Commits
98 Forks
19 Watching
11 Branches
10,000 Contributors
Updated on 28 Nov 2024
Bundle Size
60.72 kB
Minified
20.28 kB
Minified + Gzipped
Languages
TypeScript (67.05%)
JavaScript (18.73%)
Kotlin (2.83%)
MDX (2.71%)
Objective-C (2.04%)
Swift (1.72%)
Rust (1.5%)
Objective-C++ (1.43%)
CSS (0.59%)
Ruby (0.53%)
C++ (0.51%)
Shell (0.3%)
C (0.05%)
Total Downloads
Cumulative downloads
Total Downloads
19,485,600
Last day
-8%
112,456
Compared to previous day
Last week
-5.5%
621,834
Compared to previous week
Last month
-5.3%
3,024,554
Compared to previous month
Last year
132,076.2%
19,470,869
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
rnx-kit - React Native tooling by and for developers
rnx-kit is a collection of battle-tested tools created by Microsoft engineers
to optimize the React Native developer experience. It helps filling gaps in the
React Native ecosystem and streamlines the developer workflow.
These tools are actively used every day to ship React Native apps at scale across Microsoft; now they're open source and available for any React Native project.
What's included
rnx-kit includes tools for:
- Dependency management - Ensure consistent dependency versions across large
projects with
align-deps. - Native builds (experimental) - Build Android and iOS apps in the cloud with
build. Avoid installing heavy native toolchains. - Better bundling -
metro-serializerallows the enhancement of Metro to add features such as TypeScript validation with Metro, tree shaking, duplicate and cyclic dependencies detection. - Microsoft-tailored defaults - you can find Babel preset for Metro opinionated for Microsoft usage.
And many more!
Get started
Please follow Introduction guide on the documentation website to learn about how you can quickly add the "all in one" CLI to your project and get most of the tools set out of the box.
Or follow the Getting started guide for an easy introduction to our dependency management tool.
If you want to use only a specific tool, you can refer to its README for
details; they are all easily readable in the
Tools section of the
documentation.
Contributing
rnx-kit is built for the community, by the community - and maintained by
Microsoft engineers. Your contributions are welcome!
Take a look at CONTRIBUTING for details.
If you are interested in proposing "substantial" changes, please refer to our RFC process.
License
Code of Conduct
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
SAST tool is run on all commits
Details
- Info: all commits (30) are checked with a SAST tool
Reason
binaries present in source code
Details
- Warn: binary detected: packages/test-app/android/gradle/wrapper/gradle-wrapper.jar:1
Reason
Found 12/15 approved changesets -- score normalized to 8
Reason
3 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr.yml:184
- Warn: no topLevel permission defined: .github/workflows/build.yml:1
- Warn: no topLevel permission defined: .github/workflows/pr.yml:1
- Warn: no topLevel permission defined: .github/workflows/rnx-build.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/pr.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr.yml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:168: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:185: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:198: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin
- Info: 0 out of 18 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 7 third-party GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
6.6
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More