Gathering detailed insights and metrics for expo-font
Gathering detailed insights and metrics for expo-font
An open-source framework for making universal native apps with React. Expo runs on Android, iOS, and the web.
Installations
npm install expo-fontReleases
Unable to fetch releases
Developer
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
Yes
Node Version
20.15.1
NPM Version
10.7.0
Statistics
34,882 Stars
24,527 Commits
5,594 Forks
302 Watching
621 Branches
1,449 Contributors
Updated on 28 Nov 2024
Bundle Size
10.69 kB
Minified
3.92 kB
Minified + Gzipped
Languages
TypeScript (38.64%)
JavaScript (28.24%)
Kotlin (12.41%)
Swift (8.13%)
Objective-C (5.41%)
Java (2.87%)
C++ (1.7%)
Objective-C++ (1%)
C (0.76%)
Ruby (0.55%)
Shell (0.17%)
HTML (0.08%)
CMake (0.03%)
Total Downloads
Cumulative downloads
Total Downloads
75,202,756
Last day
-11.3%
156,279
Compared to previous day
Last week
-4.4%
853,733
Compared to previous week
Last month
15.7%
3,528,772
Compared to previous month
Last year
56.1%
30,107,100
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
2
Versions
Expo
Try Expo in the Browser • Read the Documentation • Learn more on our blog • Request a feature
Follow us on
Introduction
Expo is an open-source platform for making universal native apps that run on Android, iOS, and the web. It includes a universal runtime and libraries that let you build native apps by writing React and JavaScript.
This repository includes the Expo SDK, Modules API, Go app, CLI, Router, documentation, and various other supporting tools. Expo Application Services (EAS) is a platform of hosted services that are deeply integrated with Expo open source tools. EAS helps you build, ship, and iterate on your app as an individual or a team.
Read the Expo Community Guidelines before interacting in the repository. Thank you for helping keep the Expo community open and welcoming!
Table of contents
📚 Documentation
Learn about building and deploying universal apps in our official docs!
🗺 Project Layout
packagesAll the source code for Expo modules, if you want to edit a library or just see how it works this is where you'll find it.appsThis is where you can find Expo projects which are linked to the development modules. You'll do most of your testing in here.apps/expo-goThis is where you can find the source code for Expo Go.apps/expo-go/ios/Exponent.xcworkspaceis the Xcode workspace. When developing iOS, always open this instead ofExponent.xcodeprojbecause the workspace also loads the CocoaPods dependencies.docsThe source code for https://docs.expo.devtemplatesThe template projects you get when you runnpx create-expo-appreact-native-labThis is our fork ofreact-nativeused to build Expo Go.guidesIn-depth tutorials for advanced topics like contributing to the client.toolscontain build and configuration tools.template-filescontains templates for files that require private keys. They are populated using the keys intemplate-files/keys.json.template-files/ios/dependencies.jsonspecifies the CocoaPods dependencies of the app.
🏅 Badges
Let everyone know your app can be run instantly in the Expo Go app!
1[](https://expo.dev/client) 2 3[](https://expo.dev/client)
👏 Contributing
If you like Expo and want to help make it better then check out our contributing guide! Check out the CLI package to work on the Expo CLI.
❓ FAQ
If you have questions about Expo and want answers, then check out our Frequently Asked Questions!
If you still have questions you can ask them on our Discord and Forums or X @expo.
💙 The Team
Curious about who makes Expo? Here are our team members!
License
The Expo source code is made available under the MIT license. Some of the dependencies are licensed differently, with the BSD license, for example.
No vulnerabilities found.
Reason
30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
no dangerous workflow patterns detected
Reason
Found 27/30 approved changesets -- score normalized to 9
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codemention.yaml:9
- Warn: jobLevel 'actions' permission set to 'write': .github/workflows/pr-labeler.yml:37
- Warn: no topLevel permission defined: .github/workflows/android-instrumentation-tests.yml:1
- Warn: no topLevel permission defined: .github/workflows/android-unit-tests.yml:1
- Warn: no topLevel permission defined: .github/workflows/bare-diffs.yml:1
- Warn: no topLevel permission defined: .github/workflows/check-issues-nightly.yml:1
- Warn: no topLevel permission defined: .github/workflows/cli.yml:1
- Warn: no topLevel permission defined: .github/workflows/client-android-eas.yml:1
- Warn: no topLevel permission defined: .github/workflows/client-ios-eas.yml:1
- Warn: no topLevel permission defined: .github/workflows/code-review.yml:1
- Warn: no topLevel permission defined: .github/workflows/codemention.yaml:1
- Warn: no topLevel permission defined: .github/workflows/commentator.yml:1
- Warn: no topLevel permission defined: .github/workflows/create-expo-app.yml:1
- Warn: no topLevel permission defined: .github/workflows/development-client-e2e.yml:1
- Warn: no topLevel permission defined: .github/workflows/development-client-latest-e2e.yml:1
- Warn: no topLevel permission defined: .github/workflows/development-client.yml:1
- Warn: no topLevel permission defined: .github/workflows/docs-pr-destroy.yml:1
- Warn: no topLevel permission defined: .github/workflows/docs-pr.yml:1
- Warn: no topLevel permission defined: .github/workflows/docs.yml:1
- Warn: no topLevel permission defined: .github/workflows/expotools.yml:1
- Warn: no topLevel permission defined: .github/workflows/fingerprint.yml:1
- Warn: no topLevel permission defined: .github/workflows/home.yml:1
- Warn: no topLevel permission defined: .github/workflows/ios-unit-tests.yml:1
- Warn: no topLevel permission defined: .github/workflows/issue-closed.yml:1
- Warn: no topLevel permission defined: .github/workflows/issue-opened.yml:1
- Warn: no topLevel permission defined: .github/workflows/issue-stale.yml:1
- Warn: no topLevel permission defined: .github/workflows/issue-triage.yml:1
- Warn: no topLevel permission defined: .github/workflows/native-component-list.yml:1
- Warn: no topLevel permission defined: .github/workflows/pr-labeler.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish-canaries.yml:1
- Warn: no topLevel permission defined: .github/workflows/router-e2e.yml:1
- Warn: no topLevel permission defined: .github/workflows/sdk.yml:1
- Warn: no topLevel permission defined: .github/workflows/sync-template.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-react-native-nightly.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-suite-lint.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-suite-nightly.yml:1
- Warn: no topLevel permission defined: .github/workflows/test-suite.yml:1
- Warn: no topLevel permission defined: .github/workflows/tvos-compile-test.yml:1
- Warn: no topLevel permission defined: .github/workflows/updates-e2e-disabled.yml:1
- Warn: no topLevel permission defined: .github/workflows/updates-e2e-error-recovery.yml:1
- Warn: no topLevel permission defined: .github/workflows/updates-e2e-fingerprint.yml:1
- Warn: no topLevel permission defined: .github/workflows/updates-e2e-startup.yml:1
- Warn: no topLevel permission defined: .github/workflows/updates-e2e.yml:1
- Warn: no topLevel permission defined: .github/workflows/validate-npm-owners.yml:1
Reason
binaries present in source code
Details
- Warn: binary detected: apps/bare-expo/android/gradle/wrapper/gradle-wrapper.jar:1
- Warn: binary detected: apps/expo-go/android/app/src/main/assets/kernel.android.bundle:1
- Warn: binary detected: apps/expo-go/android/gradle/wrapper/gradle-wrapper.jar:1
- Warn: binary detected: apps/expo-go/android/versioned-react-native/gradle/wrapper/gradle-wrapper.jar:1
- Warn: binary detected: apps/expo-go/ios/Exponent/Supporting/kernel.ios.bundle:1
- Warn: binary detected: apps/fabric-tester/android/gradle/wrapper/gradle-wrapper.jar:1
- Warn: binary detected: fastlane/metadata/primary_category.txt:1
- Warn: binary detected: fastlane/metadata/secondary_category.txt:1
- Warn: binary detected: packages/expo-sqlite/android/src/main/jniLibs/arm64-v8a/libcrsqlite.so:1
- Warn: binary detected: packages/expo-sqlite/android/src/main/jniLibs/armeabi-v7a/libcrsqlite.so:1
- Warn: binary detected: packages/expo-sqlite/android/src/main/jniLibs/x86/libcrsqlite.so:1
- Warn: binary detected: packages/expo-sqlite/android/src/main/jniLibs/x86_64/libcrsqlite.so:1
- Warn: binary detected: packages/expo-sqlite/ios/crsqlite.xcframework/ios-arm64/crsqlite.framework/crsqlite:1
- Warn: binary detected: packages/expo-sqlite/ios/crsqlite.xcframework/ios-arm64_x86_64-simulator/crsqlite.framework/crsqlite:1
- Warn: binary detected: templates/expo-template-bare-minimum/android/gradle/wrapper/gradle-wrapper.jar:1
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 28 are checked with a SAST tool
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Info: Possibly incomplete results: error parsing shell code: / must be followed by an expression: docs/deploy.sh:0
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android-instrumentation-tests.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/android-instrumentation-tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android-instrumentation-tests.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/android-instrumentation-tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android-instrumentation-tests.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/android-instrumentation-tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android-instrumentation-tests.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/android-instrumentation-tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android-unit-tests.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/android-unit-tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android-unit-tests.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/android-unit-tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android-unit-tests.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/android-unit-tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android-unit-tests.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/android-unit-tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bare-diffs.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/bare-diffs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bare-diffs.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/bare-diffs.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/bare-diffs.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/bare-diffs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bare-diffs.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/bare-diffs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-issues-nightly.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/check-issues-nightly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cli.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/cli.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cli.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/cli.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cli.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/cli.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/cli.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/cli.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cli.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/cli.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cli.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/cli.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/cli.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/cli.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cli.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/cli.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cli.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/cli.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cli.yml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/cli.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/client-android-eas.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/client-android-eas.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/client-android-eas.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/client-android-eas.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/client-ios-eas.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/client-ios-eas.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/client-ios-eas.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/client-ios-eas.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/code-review.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/code-review.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/codemention.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/codemention.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commentator.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/commentator.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-expo-app.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/create-expo-app.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-expo-app.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/create-expo-app.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-expo-app.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/create-expo-app.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-expo-app.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/create-expo-app.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/development-client-e2e.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/development-client-e2e.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/development-client-e2e.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/development-client-e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/development-client-e2e.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/development-client-e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/development-client-latest-e2e.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/development-client-latest-e2e.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/development-client-latest-e2e.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/development-client-latest-e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/development-client-latest-e2e.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/development-client-latest-e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/development-client-latest-e2e.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/development-client-latest-e2e.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/development-client-latest-e2e.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/development-client-latest-e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/development-client.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/development-client.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/development-client.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/development-client.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-pr.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/docs-pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-pr.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/docs-pr.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs-pr.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/docs-pr.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs-pr.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/docs-pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-pr.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/docs-pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-pr.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/docs-pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/docs.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/docs.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/expotools.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/expotools.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fingerprint.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/fingerprint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fingerprint.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/fingerprint.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/fingerprint.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/fingerprint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/home.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/home.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/home.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/home.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/home.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/home.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ios-unit-tests.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/ios-unit-tests.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ios-unit-tests.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/ios-unit-tests.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-closed.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/issue-closed.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-opened.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/issue-opened.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-opened.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/issue-opened.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-opened.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/issue-opened.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-stale.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/issue-stale.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-triage.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/issue-triage.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-triage.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/issue-triage.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-triage.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/issue-triage.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-triage.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/issue-triage.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-triage.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/issue-triage.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-triage.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/issue-triage.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-triage.yml:237: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/issue-triage.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-triage.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/issue-triage.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-triage.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/issue-triage.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-triage.yml:215: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/issue-triage.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-triage.yml:259: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/issue-triage.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/lock.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/lock.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/native-component-list.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/native-component-list.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/native-component-list.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/native-component-list.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/native-component-list.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/native-component-list.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-labeler.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/pr-labeler.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-labeler.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/pr-labeler.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-labeler.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/pr-labeler.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-labeler.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/pr-labeler.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-labeler.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/pr-labeler.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-labeler.yml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/pr-labeler.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-labeler.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/pr-labeler.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-labeler.yml:159: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/pr-labeler.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-labeler.yml:187: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/pr-labeler.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-canaries.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/publish-canaries.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-canaries.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/publish-canaries.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-canaries.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/publish-canaries.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/router-e2e.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/router-e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/router-e2e.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/router-e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/router-e2e.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/router-e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/router-e2e.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/router-e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sdk.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/sdk.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sdk.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/sdk.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/sdk.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/sdk.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-template.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/sync-template.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-template.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/sync-template.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-react-native-nightly.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-react-native-nightly.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-react-native-nightly.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-react-native-nightly.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-react-native-nightly.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-react-native-nightly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-react-native-nightly.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-react-native-nightly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-react-native-nightly.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-react-native-nightly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-react-native-nightly.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-react-native-nightly.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-react-native-nightly.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-react-native-nightly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-react-native-nightly.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-react-native-nightly.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-react-native-nightly.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-react-native-nightly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-react-native-nightly.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-react-native-nightly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-react-native-nightly.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-react-native-nightly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-react-native-nightly.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-react-native-nightly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-react-native-nightly.yml:179: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-react-native-nightly.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-react-native-nightly.yml:185: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-react-native-nightly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite-lint.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite-lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite-lint.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite-lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite-nightly.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite-nightly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite-nightly.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite-nightly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite-nightly.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite-nightly.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-suite-nightly.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite-nightly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite-nightly.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite-nightly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite-nightly.yml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite-nightly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite-nightly.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite-nightly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite-nightly.yml:177: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite-nightly.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-suite-nightly.yml:182: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite-nightly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite-nightly.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite-nightly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite-nightly.yml:204: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite-nightly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite-nightly.yml:224: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite-nightly.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-suite-nightly.yml:229: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite-nightly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite-nightly.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite-nightly.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-suite-nightly.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite-nightly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite-nightly.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite-nightly.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-suite-nightly.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite-nightly.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-suite.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-suite.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-suite.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yml:171: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yml:201: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-suite.yml:206: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yml:226: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yml:228: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yml:241: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-suite.yml:246: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/test-suite.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tvos-compile-test.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/tvos-compile-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tvos-compile-test.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/tvos-compile-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/updates-e2e-disabled.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/updates-e2e-disabled.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/updates-e2e-disabled.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/updates-e2e-disabled.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/updates-e2e-disabled.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/updates-e2e-disabled.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/updates-e2e-error-recovery.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/updates-e2e-error-recovery.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/updates-e2e-error-recovery.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/updates-e2e-error-recovery.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/updates-e2e-error-recovery.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/updates-e2e-error-recovery.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/updates-e2e-fingerprint.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/updates-e2e-fingerprint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/updates-e2e-fingerprint.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/updates-e2e-fingerprint.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/updates-e2e-fingerprint.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/updates-e2e-fingerprint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/updates-e2e-startup.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/updates-e2e-startup.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/updates-e2e-startup.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/updates-e2e-startup.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/updates-e2e-startup.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/updates-e2e-startup.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/updates-e2e.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/updates-e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/updates-e2e.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/updates-e2e.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/updates-e2e.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/updates-e2e.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate-npm-owners.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/validate-npm-owners.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/validate-npm-owners.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/expo/expo/validate-npm-owners.yml/main?enable=pin
- Warn: downloadThenRun not pinned by hash: apps/bare-expo/scripts/start-simulator.sh:20
- Warn: npmCommand not pinned by hash: scripts/download-dependencies.sh:14
- Warn: npmCommand not pinned by hash: .github/workflows/client-android-eas.yml:49
- Warn: npmCommand not pinned by hash: .github/workflows/client-ios-eas.yml:59
- Warn: downloadThenRun not pinned by hash: .github/workflows/router-e2e.yml:49
- Warn: downloadThenRun not pinned by hash: .github/workflows/test-suite-nightly.yml:100
- Warn: downloadThenRun not pinned by hash: .github/workflows/test-suite.yml:115
- Info: 0 out of 126 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 47 third-party GitHubAction dependencies pinned
- Info: 0 out of 4 downloadThenRun dependencies pinned
- Info: 0 out of 3 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
79 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-2rxp-v6pw-ch6m
- Warn: Project is vulnerable to: GHSA-4xqq-m2hx-25v8
- Warn: Project is vulnerable to: GHSA-5866-49gr-22v4
- Warn: Project is vulnerable to: GHSA-r55c-59qm-vjw6
- Warn: Project is vulnerable to: GHSA-vmwr-mc7x-5vc3
- Warn: Project is vulnerable to: GHSA-7v5v-9h63-cj86
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
- Warn: Project is vulnerable to: GHSA-whgm-jr23-g3j9
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
- Warn: Project is vulnerable to: GHSA-cph5-m8f7-6c5x
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx
- Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-wm7h-9275-46v2
- Warn: Project is vulnerable to: GHSA-ff7x-qrg7-qggm
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-c429-5p7v-vgjp
- Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
- Warn: Project is vulnerable to: GHSA-33f9-j839-rf8h
- Warn: Project is vulnerable to: GHSA-c36v-fmgq-m8hx
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-7r28-3m3f-r2pr
- Warn: Project is vulnerable to: GHSA-r8j5-h5cx-65gg
- Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-4r62-v4vq-hr96
- Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj
- Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5
- Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp
- Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq
- Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr
- Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765
- Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g
- Warn: Project is vulnerable to: GHSA-92xj-mqp7-vmcj
- Warn: Project is vulnerable to: GHSA-wxgw-qj99-44c2
- Warn: Project is vulnerable to: GHSA-px4h-xg32-q955
- Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-x565-32qp-m3vf
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7
- Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
- Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw
- Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc
- Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
- Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
- Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc
- Warn: Project is vulnerable to: GHSA-h6q6-9hqw-rwfv
- Warn: Project is vulnerable to: GHSA-5fg8-2547-mr8q
- Warn: Project is vulnerable to: GHSA-crh6-fp67-6883
- Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
- Warn: Project is vulnerable to: GHSA-hpx4-r86g-5jrg
- Warn: Project is vulnerable to: GHSA-prr3-c3m5-p7q2
- Warn: Project is vulnerable to: GHSA-3wf4-68gx-mph8
- Warn: Project is vulnerable to: GHSA-9pv7-vfvm-6vr7
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-hhhv-q57g-882q
- Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
Score
4.4
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More