npmpackage.info

Gathering detailed insights and metrics for react-addons-shallow-compare

Other packages similar to react-addons-shallow-compare

enzyme-shallow-equal

1.0.7

Adaptation of react-addons-shallow-compare, for independent usage

@types/react-addons-shallow-compare

0.14.25

TypeScript definitions for react-addons-shallow-compare

domino-react-addons-shallow-compare

66.0.0

Security holding package

kinopoisk-react-addons-shallow-compare

66.0.0

Security holding package

Gathering detailed insights and metrics for react-addons-shallow-compare

react-addons-shallow-compare - 15.6.3 | npmpackage.info

react-addons-shallow-compare

The library for web and native user interfaces.

15.6.3

237,206

MIT

JavaScript

6.4

Installations

npm install react-addons-shallow-compare

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Node Version

15.2.1

NPM Version

7.0.8 Score

99.7

Supply Chain

83.1

Quality

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

206

Total

17,704

Closed

5,549

Merged

11,949

Issues

Open

808

Total

13,799

Closed

12,991

Releases

104

19.1.0 (March 28, 2025)

v19.1.0

Updated on Mar 28, 2025

19.0.0 (December 5, 2024)

v19.0.0

Updated on Dec 05, 2024

eslint-plugin-react-hooks@5.0.0 (Oct 11, 2024)

eslint-plugin-react-hooks@5.0.0

Updated on Oct 11, 2024

18.3.1 (April 26, 2024)

v18.3.1

Updated on Apr 26, 2024

18.3.0 (April 25, 2024)

v18.3.0

Updated on Apr 26, 2024

18.2.0 (June 14, 2022)

v18.2.0

Updated on Jun 14, 2022

View All 104 releases

Languages

JavaScript

TypeScript

HTML

CSS

C++

CoffeeScript

Shell

Python

Makefile

JavaScript (67.75%)

TypeScript (28.8%)

HTML (1.52%)

CSS (0.97%)

C++ (0.58%)

CoffeeScript (0.25%)

C (0.07%)

Shell (0.06%)

Developer

facebook

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

MIT License

237,206 Stars

20,597 Commits

48,915 Forks

6,725 Watchers

560 Branches

1,755 Contributors

Updated on Jul 13, 2025

Maintainers

View All 1,755 Contributors

Package Meta Information

Latest Version

15.6.3

Package Id

react-addons-shallow-compare@15.6.3

Size

4.38 kB

NPM Version

7.0.8

Node Version

15.2.1

Published on

Dec 04, 2020

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

object-assign

Dev Dependencies

jest react react-dom webpack

react-addons-shallow-compare

Note: This is a legacy React addon, and is no longer maintained.

We don't encourage using it in new code, but it exists for backwards compatibility.
The recommended migration path is to use React.PureComponent instead.

Importing

1import shallowCompare from 'react-addons-shallow-compare'; // ES6
2var shallowCompare = require('react-addons-shallow-compare'); // ES5 with npm

If you prefer a <script> tag, you can get it from React.addons.shallowCompare with:

1<!-- development version -->
2<script src="https://unpkg.com/react-addons-shallow-compare/react-addons-shallow-compare.js"></script>
3
4<!-- production version -->
5<script src="https://unpkg.com/react-addons-shallow-compare/react-addons-shallow-compare.min.js"></script>

In this case, make sure to put the <script> tag after React.

Overview

Before React.PureComponent was introduced, shallowCompare was commonly used to achieve the same functionality as PureRenderMixin while using ES6 classes with React.

If your React component's render function is "pure" (in other words, it renders the same result given the same props and state), you can use this helper function for a performance boost in some cases.

Example:

1export class SampleComponent extends React.Component {
2  shouldComponentUpdate(nextProps, nextState) {
3    return shallowCompare(this, nextProps, nextState);
4  }
5
6  render() {
7    return <div className={this.props.className}>foo</div>;
8  }
9}

shallowCompare performs a shallow equality check on the current props and nextProps objects as well as the current state and nextState objects.
It does this by iterating on the keys of the objects being compared and returning true when the values of a key in each object are not strictly equal.

shallowCompare returns true if the shallow comparison for props or state fails and therefore the component should update.
shallowCompare returns false if the shallow comparison for props and state both pass and therefore the component does not need to update.

No vulnerabilities found.

10

Maintained

Determines if the project is "actively maintained".

10

License

Determines if the project has defined a license.

10

Security-Policy

Determines if the project has published a security policy.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

Reason

GitHub workflow tokens follow principle of least privilege

Details

Info: jobLevel 'contents' permission set to 'read': .github/workflows/compiler_discord_notify.yml:31
Info: jobLevel 'actions' permission set to 'read': .github/workflows/devtools_regression_tests.yml:25
Info: jobLevel 'actions' permission set to 'read': .github/workflows/runtime_build_and_test.yml:822
Info: jobLevel 'actions' permission set to 'read': .github/workflows/runtime_commit_artifacts.yml:37
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/runtime_commit_artifacts.yml:214
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/runtime_commit_artifacts.yml:303
Info: jobLevel 'contents' permission set to 'read': .github/workflows/runtime_discord_notify.yml:31
Info: jobLevel 'actions' permission set to 'read': .github/workflows/runtime_prereleases.yml:54
Info: jobLevel 'actions' permission set to 'read': .github/workflows/runtime_prereleases_manual.yml:58
Info: jobLevel 'actions' permission set to 'read': .github/workflows/runtime_prereleases_manual.yml:85
Info: jobLevel 'actions' permission set to 'read': .github/workflows/runtime_prereleases_nightly.yml:19
Info: jobLevel 'actions' permission set to 'read': .github/workflows/runtime_prereleases_nightly.yml:36
Info: jobLevel 'contents' permission set to 'read': .github/workflows/shared_check_maintainer.yml:25
Warn: jobLevel 'actions' permission set to 'write': .github/workflows/shared_cleanup_merged_branch_caches.yml:22
Info: jobLevel 'contents' permission set to 'read': .github/workflows/shared_cleanup_merged_branch_caches.yml:23
Warn: jobLevel 'actions' permission set to 'write': .github/workflows/shared_cleanup_stale_branch_caches.yml:18
Info: jobLevel 'contents' permission set to 'read': .github/workflows/shared_cleanup_stale_branch_caches.yml:19
Info: jobLevel 'contents' permission set to 'read': .github/workflows/shared_label_core_team_prs.yml:32
Info: found token with 'none' permissions: .github/workflows/compiler_discord_notify.yml:1
Info: found token with 'none' permissions: .github/workflows/compiler_playground.yml:1
Info: found token with 'none' permissions: .github/workflows/compiler_prereleases.yml:1
Info: found token with 'none' permissions: .github/workflows/compiler_prereleases_manual.yml:1
Info: found token with 'none' permissions: .github/workflows/compiler_prereleases_nightly.yml:1
Info: found token with 'none' permissions: .github/workflows/compiler_typescript.yml:1
Info: found token with 'none' permissions: .github/workflows/devtools_regression_tests.yml:1
Info: found token with 'none' permissions: .github/workflows/runtime_build_and_test.yml:1
Info: found token with 'none' permissions: .github/workflows/runtime_commit_artifacts.yml:1
Info: found token with 'none' permissions: .github/workflows/runtime_discord_notify.yml:1
Info: found token with 'none' permissions: .github/workflows/runtime_eslint_plugin_e2e.yml:1
Info: found token with 'none' permissions: .github/workflows/runtime_fuzz_tests.yml:1
Info: found token with 'none' permissions: .github/workflows/runtime_prereleases.yml:1
Info: found token with 'none' permissions: .github/workflows/runtime_prereleases_manual.yml:1
Info: found token with 'none' permissions: .github/workflows/runtime_prereleases_nightly.yml:1
Info: found token with 'none' permissions: .github/workflows/runtime_releases_from_npm_manual.yml:1
Info: found token with 'none' permissions: .github/workflows/shared_check_maintainer.yml:1
Info: found token with 'none' permissions: .github/workflows/shared_cleanup_merged_branch_caches.yml:1
Info: found token with 'none' permissions: .github/workflows/shared_cleanup_stale_branch_caches.yml:1
Info: found token with 'none' permissions: .github/workflows/shared_close_direct_sync_branch_prs.yml:1
Info: found token with 'none' permissions: .github/workflows/shared_label_core_team_prs.yml:1
Info: found token with 'none' permissions: .github/workflows/shared_lint.yml:1

9

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

9

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

2

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

SAST

Determines if the project uses static code analysis.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Info: Possibly incomplete results: error parsing shell code: invalid parameter name: .github/workflows/compiler_prereleases.yml:59
Info: Possibly incomplete results: error parsing shell code: invalid parameter name: .github/workflows/runtime_commit_artifacts.yml:289
Info: Possibly incomplete results: error parsing shell code: invalid parameter name: .github/workflows/runtime_commit_artifacts.yml:463
Warn: third-party GitHubAction not pinned by hash: .github/workflows/compiler_discord_notify.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/compiler_discord_notify.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compiler_playground.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/compiler_playground.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compiler_playground.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/compiler_playground.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compiler_playground.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/compiler_playground.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compiler_playground.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/compiler_playground.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compiler_playground.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/compiler_playground.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compiler_prereleases.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/compiler_prereleases.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compiler_prereleases.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/compiler_prereleases.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compiler_prereleases.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/compiler_prereleases.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/compiler_prereleases_manual.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/compiler_prereleases_manual.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/compiler_prereleases_nightly.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/compiler_prereleases_nightly.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compiler_typescript.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/compiler_typescript.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compiler_typescript.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/compiler_typescript.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compiler_typescript.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/compiler_typescript.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compiler_typescript.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/compiler_typescript.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compiler_typescript.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/compiler_typescript.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compiler_typescript.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/compiler_typescript.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compiler_typescript.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/compiler_typescript.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compiler_typescript.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/compiler_typescript.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compiler_typescript.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/compiler_typescript.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compiler_typescript.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/compiler_typescript.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools_regression_tests.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/devtools_regression_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools_regression_tests.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/devtools_regression_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools_regression_tests.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/devtools_regression_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools_regression_tests.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/devtools_regression_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools_regression_tests.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/devtools_regression_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools_regression_tests.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/devtools_regression_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools_regression_tests.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/devtools_regression_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools_regression_tests.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/devtools_regression_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools_regression_tests.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/devtools_regression_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools_regression_tests.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/devtools_regression_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools_regression_tests.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/devtools_regression_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools_regression_tests.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/devtools_regression_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools_regression_tests.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/devtools_regression_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools_regression_tests.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/devtools_regression_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools_regression_tests.yml:142: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/devtools_regression_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools_regression_tests.yml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/devtools_regression_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools_regression_tests.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/devtools_regression_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools_regression_tests.yml:169: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/devtools_regression_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools_regression_tests.yml:178: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/devtools_regression_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools_regression_tests.yml:186: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/devtools_regression_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devtools_regression_tests.yml:201: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/devtools_regression_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:649: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:652: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:661: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:678: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:687: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:701: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:707: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:255: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:258: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:266: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:289: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:290: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:298: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:531: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:534: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:540: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:554: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:571: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:574: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:580: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:594: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:608: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:611: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:617: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:628: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:770: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:208: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:326: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:329: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:336: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:341: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:366: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:780: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:783: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:789: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:803: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:421: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:424: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:432: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:448: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:466: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:469: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:475: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:489: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:507: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:514: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:723: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:726: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:732: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:746: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:758: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:825: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:828: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:834: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:865: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_build_and_test.yml:879: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_build_and_test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_commit_artifacts.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_commit_artifacts.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_commit_artifacts.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_commit_artifacts.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_commit_artifacts.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_commit_artifacts.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_commit_artifacts.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_commit_artifacts.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_commit_artifacts.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_commit_artifacts.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_commit_artifacts.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_commit_artifacts.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_commit_artifacts.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_commit_artifacts.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_commit_artifacts.yml:197: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_commit_artifacts.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_commit_artifacts.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_commit_artifacts.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_commit_artifacts.yml:216: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_commit_artifacts.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_commit_artifacts.yml:221: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_commit_artifacts.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_commit_artifacts.yml:307: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_commit_artifacts.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_commit_artifacts.yml:312: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_commit_artifacts.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_commit_artifacts.yml:362: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_commit_artifacts.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/runtime_discord_notify.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_discord_notify.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_eslint_plugin_e2e.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_eslint_plugin_e2e.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_eslint_plugin_e2e.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_eslint_plugin_e2e.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_eslint_plugin_e2e.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_eslint_plugin_e2e.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_fuzz_tests.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_fuzz_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_fuzz_tests.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_fuzz_tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_prereleases.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_prereleases.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_prereleases.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_prereleases.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_prereleases.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_prereleases.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/runtime_prereleases_manual.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_prereleases_manual.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/runtime_prereleases_manual.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_prereleases_manual.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/runtime_prereleases_nightly.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_prereleases_nightly.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/runtime_prereleases_nightly.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_prereleases_nightly.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_releases_from_npm_manual.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_releases_from_npm_manual.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_releases_from_npm_manual.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_releases_from_npm_manual.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_releases_from_npm_manual.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_releases_from_npm_manual.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runtime_releases_from_npm_manual.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/runtime_releases_from_npm_manual.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shared_check_maintainer.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/shared_check_maintainer.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shared_close_direct_sync_branch_prs.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/shared_close_direct_sync_branch_prs.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/shared_label_core_team_prs.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/shared_label_core_team_prs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shared_label_core_team_prs.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/shared_label_core_team_prs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shared_lint.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/shared_lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shared_lint.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/shared_lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shared_lint.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/shared_lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shared_lint.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/shared_lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shared_lint.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/shared_lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shared_lint.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/shared_lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shared_lint.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/shared_lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shared_lint.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/shared_lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shared_lint.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/shared_lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shared_lint.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/shared_lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shared_lint.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/shared_lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shared_lint.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/shared_lint.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shared_stale.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/facebook/react/shared_stale.yml/main?enable=pin
Info: 0 out of 157 GitHub-owned GitHubAction dependencies pinned
Info: 5 out of 14 third-party GitHubAction dependencies pinned

0

Fuzzing

Determines if the project uses fuzzing.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

220 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
Warn: Project is vulnerable to: GHSA-3h52-269p-cp9r
Warn: Project is vulnerable to: GHSA-f82v-jwr5-mffw
Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v
Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
Warn: Project is vulnerable to: GHSA-832h-xg76-4gv6
Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx
Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
Warn: Project is vulnerable to: GHSA-9vvw-cc9w-f27h
Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
Warn: Project is vulnerable to: GHSA-hr2v-3952-633q
Warn: Project is vulnerable to: GHSA-qrmc-fj45-qfc2
Warn: Project is vulnerable to: GHSA-8r6j-v8pm-fqw3
Warn: Project is vulnerable to: MAL-2023-462
Warn: Project is vulnerable to: GHSA-xf7w-r453-m56c
Warn: Project is vulnerable to: GHSA-44pw-h2cw-w3vq
Warn: Project is vulnerable to: GHSA-jp4x-w63m-7wgm
Warn: Project is vulnerable to: GHSA-c429-5p7v-vgjp
Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-w9mr-4mfr-499f
Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-6g33-f262-xjp4
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-2m39-62fm-q8r3
Warn: Project is vulnerable to: GHSA-mf6x-7mm4-x2g7
Warn: Project is vulnerable to: GHSA-j44m-qm6p-hp7m
Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-g7q5-pjjr-gqvp
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-whgm-jr23-g3j9
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
Warn: Project is vulnerable to: GHSA-wxhq-pm8v-cw75
Warn: Project is vulnerable to: GHSA-257v-vj4p-3w2h
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-h6ch-v84p-w6p9
Warn: Project is vulnerable to: GHSA-3wcq-x3mq-6r9p
Warn: Project is vulnerable to: GHSA-ff7x-qrg7-qggm
Warn: Project is vulnerable to: GHSA-vh7m-p724-62c2
Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w
Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh
Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
Warn: Project is vulnerable to: GHSA-6h5x-7c5m-7cr7
Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
Warn: Project is vulnerable to: GHSA-mpcf-4gmh-23w8
Warn: Project is vulnerable to: GHSA-9qj9-36jm-prpv
Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44
Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988
Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m
Warn: Project is vulnerable to: GHSA-6x33-pw7p-hmpq
Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-7r28-3m3f-r2pr
Warn: Project is vulnerable to: GHSA-r8j5-h5cx-65gg
Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546
Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-pp57-mqmh-44h7
Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3
Warn: Project is vulnerable to: GHSA-f9cm-qmx5-m98h
Warn: Project is vulnerable to: GHSA-7wpw-2hjm-89gp
Warn: Project is vulnerable to: GHSA-wrvr-8mpx-r7pp
Warn: Project is vulnerable to: GHSA-ff6r-5jwm-8292
Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
Warn: Project is vulnerable to: GHSA-92xj-mqp7-vmcj
Warn: Project is vulnerable to: GHSA-wxgw-qj99-44c2
Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5
Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp
Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq
Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr
Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765
Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g
Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p
Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
Warn: Project is vulnerable to: GHSA-6394-6h9h-cfjg
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6
Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59
Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Warn: Project is vulnerable to: GHSA-hxcm-v35h-mg2x
Warn: Project is vulnerable to: GHSA-29gp-92wp-94q8
Warn: Project is vulnerable to: GHSA-5q6m-3h65-w53x
Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7
Warn: Project is vulnerable to: GHSA-c9g6-9335-x697
Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v
Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
Warn: Project is vulnerable to: GHSA-662x-fhqg-9p8v
Warn: Project is vulnerable to: GHSA-394c-5j6w-4xmx
Warn: Project is vulnerable to: GHSA-78cj-fxph-m83p
Warn: Project is vulnerable to: GHSA-fhg7-m89q-25r3
Warn: Project is vulnerable to: GHSA-3329-pjwv-fjpg
Warn: Project is vulnerable to: GHSA-p6j9-7xhc-rhwp
Warn: Project is vulnerable to: GHSA-89gv-h8wf-cg8r
Warn: Project is vulnerable to: GHSA-gcv8-gh4r-25x6
Warn: Project is vulnerable to: GHSA-gmv4-r438-p67f
Warn: Project is vulnerable to: GHSA-8h2f-7jc4-7m3m
Warn: Project is vulnerable to: GHSA-3vjf-82ff-p4r3
Warn: Project is vulnerable to: GHSA-g694-m8vq-gv9h
Warn: Project is vulnerable to: GHSA-pv4c-p2j5-38j4
Warn: Project is vulnerable to: GHSA-46c4-8wrp-j99v
Warn: Project is vulnerable to: GHSA-9m6j-fcg5-2442
Warn: Project is vulnerable to: GHSA-hh27-ffr2-f2jc
Warn: Project is vulnerable to: GHSA-rqff-837h-mm52
Warn: Project is vulnerable to: GHSA-8v38-pw62-9cw2
Warn: Project is vulnerable to: GHSA-hgjh-723h-mx2j
Warn: Project is vulnerable to: GHSA-jf5r-8hm2-f872
Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
Warn: Project is vulnerable to: GHSA-cf66-xwfp-gvc4
Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v
Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h
Warn: Project is vulnerable to: GHSA-g78m-2chm-r7qv
Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
Warn: Project is vulnerable to: GHSA-36jr-mh4h-2g58
Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Warn: Project is vulnerable to: GHSA-rq8g-5pc5-wrhr
Warn: Project is vulnerable to: GHSA-mvjj-gqq2-p4hw
Warn: Project is vulnerable to: GHSA-4hpf-3wq7-5rpr
Warn: Project is vulnerable to: GHSA-f522-ffg8-j8r6
Warn: Project is vulnerable to: GHSA-282f-qqgm-c34q
Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
Warn: Project is vulnerable to: GHSA-fvqr-27wr-82fm
Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574
Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm
Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
Warn: Project is vulnerable to: GHSA-7px7-7xjx-hxm8
Warn: Project is vulnerable to: GHSA-x5pg-88wf-qq4p
Warn: Project is vulnerable to: GHSA-p9wx-2529-fp83
Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj
Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf
Warn: Project is vulnerable to: GHSA-28xh-wpgr-7fm8
Warn: Project is vulnerable to: GHSA-gqgv-6jq5-jjj9
Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
Warn: Project is vulnerable to: GHSA-xc7v-wxcw-j472
Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
Warn: Project is vulnerable to: GHSA-wqq4-5wpv-mx2g
Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3
Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672
Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7
Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975
Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3
Warn: Project is vulnerable to: GHSA-xq7p-g2vc-g82p
Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp
Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
Warn: Project is vulnerable to: GHSA-4www-5p9h-95mh
Warn: Project is vulnerable to: GHSA-9gqv-wp59-fq42
Warn: Project is vulnerable to: GHSA-hc9w-4p87-j549
Warn: Project is vulnerable to: GHSA-wg6g-ppvx-927h
Warn: Project is vulnerable to: GHSA-qh2h-chj9-jffq
Warn: Project is vulnerable to: GHSA-pc58-wgmc-hfjr
Warn: Project is vulnerable to: GHSA-vvv8-xw5f-3f88
Warn: Project is vulnerable to: GHSA-x3m3-4wpv-5vgc
Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
Warn: Project is vulnerable to: GHSA-px4h-xg32-q955
Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
Warn: Project is vulnerable to: GHSA-gp2j-mg4w-2rh5
Warn: Project is vulnerable to: GHSA-jc84-3g44-wf2q
Warn: Project is vulnerable to: GHSA-w7q9-p3jq-fmhm
Warn: Project is vulnerable to: GHSA-xvf7-4v9q-58w6
Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Warn: Project is vulnerable to: GHSA-c2gp-86p4-5935
Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
Warn: Project is vulnerable to: GHSA-pp7h-53gx-mx7r
Warn: Project is vulnerable to: GHSA-p7v2-p9m8-qqg7
Warn: Project is vulnerable to: GHSA-7x97-j373-85x5
Warn: Project is vulnerable to: GHSA-7m48-wc93-9g85
Warn: Project is vulnerable to: GHSA-6r2x-8pq8-9489
Warn: Project is vulnerable to: GHSA-x3cc-x39p-42qx
Warn: Project is vulnerable to: GHSA-mhxj-85r3-2x55
Warn: Project is vulnerable to: GHSA-m5qc-5hw7-8vg7
Warn: Project is vulnerable to: GHSA-8g77-54rh-46hx
Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3
Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx
Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch
Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
Warn: Project is vulnerable to: GHSA-x2mc-8fgj-3wmr
Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx
Warn: Project is vulnerable to: GHSA-29xr-v42j-r956
Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc

Score

6.4

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More