Gathering detailed insights and metrics for @xhsfe/react-native-community-cli-plugin-metro
Gathering detailed insights and metrics for @xhsfe/react-native-community-cli-plugin-metro
The React Native Community CLI - command line tools to help you build RN apps
Installations
npm install @xhsfe/react-native-community-cli-plugin-metroDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Node Version
18.20.5
NPM Version
10.8.2
Releases
188
Languages
9
TypeScript
JavaScript
HTML
Java
Kotlin
Shell
Objective-C
Ruby
Batchfile
TypeScript (95.73%)
JavaScript (1.97%)
HTML (1.08%)
Java (0.57%)
Kotlin (0.42%)
Shell (0.09%)
Objective-C (0.08%)
Ruby (0.05%)
Batchfile (0.02%)
Developer
react-native-community
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
2,667 Stars
2,660 Commits
926 Forks
47 Watchers
53 Branches
551 Contributors
Updated on Jul 12, 2025
Maintainers
1
Package Meta Information
Latest Version
11.4.1-red.0
Package Id
@xhsfe/react-native-community-cli-plugin-metro@11.4.1-red.0
Unpacked Size
64.95 kB
Size
15.46 kB
File Count
42
NPM Version
10.8.2
Node Version
18.20.5
Published on
Jan 09, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
@react-native-community/cli-plugin-metro
This package is part of the React Native CLI. It contains commands for managing the Metro bundler.
Installation
1yarn add @react-native-community/cli-plugin-metro
Commands
start
Usage:
1react-native start [option]
Starts the server that communicates with connected devices
Options
--port <number>
Specify port to listen on
--projectRoot <path>
Path to a custom project root
--watchFolders <list>
Specify any additional folders to be added to the watch list
--assetPlugins <list>
Specify any additional asset plugins to be used by the packager by full filepath
--sourceExts <list>
Specify any additional source extensions to be used by the packager
--max-workers <number>
Specifies the maximum number of workers the worker-pool will spawn for transforming files. This defaults to the number of the cores available on your machine
--transformer <string>
Specify a custom transformer to be used
--reset-cache, --resetCache
Removes cached files
--custom-log-reporter-path, --customLogReporterPath <string>
Path to a JavaScript file that exports a log reporter as a replacement for TerminalReporter
--https
Enables https connections to the server
--key <path>
Path to custom SSL key
--cert <path>
Path to custom SSL cert
--config <string>
Path to the CLI configuration file
--no-interactive
Disables interactive mode
bundle
Usage:
1react-native bundle <flag>
Builds the JavaScript bundle for offline use.
--entry-file <path>
Path to the root JS file, either absolute or relative to JS root.
--platform <string>
default: ios
Either "ios" or "android".
--transformer <string>
Specify a custom transformer to be used.
--dev [boolean]
default: true
If false, warnings are disabled and the bundle is minified.
--minify [boolean]
Allows overriding whether bundle is minified. This defaults to false if dev is true, and true if dev is false. Disabling minification can be useful for speeding up production builds for testing purposes.
--bundle-output <string>
File name where to store the resulting bundle, ex. /tmp/groups.bundle.
If you are planning on building a debug APK, that will run without the packager, by invoking ./gradlew assembleDebug you can simply set bundleInDebug: true in your app/build.gradle file, inside the project.ext.react map.
Alternatively if you want to run
react-native bundle manually and then create the APK with ./gradlew assembleDebug you have to make sure to put the bundle into the right directory and give it the right name, so that gradle can find it.
For react-native versions 0.57 and above the bundle output path should be:
android/app/build/generated/assets/react/debug/index.android.js
To find out the correct path for previous react-native versions, take a look at the react.gradle file here: https://github.com/facebook/react-native/blob/0.57-stable/react.gradle or inside your node_modules/react-native directory.
The expected path for the js bundle can be found on the line that starts with jsBundleDir = .
--bundle-encoding <string>
default: utf8
Encoding the bundle should be written in (https://nodejs.org/api/buffer.html#buffer_buffer).
--max-workers <number>
Specifies the maximum number of workers the worker-pool will spawn for transforming files. This defaults to the number of the cores available on your machine.
--sourcemap-output <string>
File name where to store the sourcemap file for resulting bundle, ex. /tmp/groups.map.
--sourcemap-sources-root <string>
Path to make sourcemap sources entries relative to, ex. /root/dir.
--sourcemap-use-absolute-path
default: false
Report SourceMapURL using its full path.
--assets-dest <string>
Directory name where to store assets referenced in the bundle.
If you are planning on building a debug APK that will run without the packager, see (--bundle-output)
Alternatively if you want to run
react-native bundle manually and then create the APK with ./gradlew assembleDebug you have to make sure to put the assets into the right directory, so that gradle can find them.
For react-native versions 0.57 and above the --assets-dest path should be:
android/app/build/generated/res/react/debug
The expected path for the assets can be found in the react.gradle file on the line that starts with resourcesDir =
--reset-cache
default: false
Removes cached files.
--read-global-cache
default: false
Try to fetch transformed JS code from the global cache, if configured.
--config <string>
Path to the CLI configuration file.
ram-bundle
Usage:
1react-native ram-bundle [options]
Builds JavaScript as a "Random Access Module" bundle for offline use.
Options
Accepts all of bundle commands and following:
--indexed-ram-bundle
Force the "Indexed RAM" bundle file format, even when building for Android.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
13 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 21/30 approved changesets -- score normalized to 7
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-drafter.yml:16
- Warn: no topLevel permission defined: .github/workflows/nigthly-release.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/release-drafter.yml:10
- Warn: no topLevel permission defined: .github/workflows/stale.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nigthly-release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-community/cli/nigthly-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nigthly-release.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-community/cli/nigthly-release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-drafter.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-community/cli/release-drafter.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-community/cli/stale.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-community/cli/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-community/cli/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-community/cli/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-community/cli/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-community/cli/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-community/cli/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-community/cli/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-community/cli/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-community/cli/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-community/cli/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-community/cli/test.yml/main?enable=pin
- Info: 0 out of 11 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 4 third-party GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 21 are checked with a SAST tool
Reason
15 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
4.5
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More