@expo/metro-runtime
Tools for making advanced Metro bundler features work
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | missing-githead | AI (provenance): Expo canary releases use a different publish pipeline that does not attach gitHead; this is consistent across Expo's canary release pattern and not indicative of supply-chain compromise. | ai | |
| publish-pattern | suspicious-version-number | AI (publish-pattern): Canary version numbering is standard practice for the Expo ecosystem; not indicative of malicious intent for this package. | ai | |
| source-diff | net-exec-file:src/async-require/fetchThenEvalJs.ts | AI (source-diff): TypeScript source for the async bundle loader. fetch+eval is the standard Metro async-require pattern. Legitimate and expected for this package. | ai | |
| source-diff | net-exec-file:build/async-require/fetchThenEvalJs.js | AI (source-diff): This is Expo Metro's async bundle loader — fetch+eval is the documented mechanism for loading JS bundles from the Metro dev server. Not malware; stable for this package. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Expo's metro-runtime is an actively developed package with many versions; adding new source files is consistent with legitimate feature growth, not injected code. | ai | |
| provenance | publisher-changed | AI (provenance): wschurman is a known 650 Industries/Expo contributor with a strong track record (1532 approved). This is a legitimate internal maintainer transition within the Expo org. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): tcdavis removal alongside known Expo contributors being added is consistent with normal team roster changes within the Expo org. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): gabrieldonadel and simek are known Expo/React Native ecosystem contributors; this is a routine org team update, not a suspicious takeover. | ai | |
| npm-metadata | suspicious-initial-version | AI (npm-metadata): 0.0.0 is a deliberate placeholder version used by the Expo monorepo (expo/router) for this package; not indicative of malicious intent. Stable pattern across all 204 versions. | ai | |
| dependencies | unvetted-dep:@expo/log-box | AI (dependencies): @expo/log-box is an official Expo monorepo package published under the same org; unvetted status is a pipeline artifact, not a real risk for this package. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): pretty-format is a well-established Meta/Jest ecosystem package; its addition to this Expo Metro runtime package is a legitimate, low-risk dependency choice. | ai | |
| semgrep | semgrep:eval-usage | AI (semgrep): eval() here evaluates Metro-served JS bundles for async module loading — a core React Native/Metro feature. Input is a fetched bundle from the dev server, not user-controlled arbitrary input. | ai | |
| dependencies | unvetted-dep:stacktrace-parser | AI (dependencies): stacktrace-parser is a widely-used, legitimate utility; expected dependency for a Metro runtime package. | ai | |
| phantom-deps | phantom-dep:anser | AI (phantom-deps): anser is a declared runtime dependency used in config/build context; phantom dep finding is a stable false positive for this package. | ai | |
| provenance | no-provenance | AI (provenance): Expo monorepo packages historically lack Sigstore provenance; not a security concern given the established package identity. | ai | |
| dependencies | unvetted-dep:anser | AI (dependencies): anser is a well-known ANSI color parser package; legitimate dependency for a Metro bundler runtime that handles log output. | ai |
Versions (showing 51 of 94)
| Version | Deps | Published |
|---|---|---|
| 56.0.13 | 5 / 5 | |
| 56.0.12 | 5 / 5 | |
| 56.0.11 | 5 / 5 | |
| 56.0.10 | 5 / 5 | |
| 56.0.9 | 5 / 5 | |
| 56.0.8 | 5 / 5 | |
| 56.0.7 | 5 / 5 | |
| 56.0.6 | 5 / 5 | |
| 56.0.5 | 5 / 5 | |
| 56.0.4 | 5 / 5 | |
| 56.0.3 | 5 / 5 | |
| 56.0.2 | 5 / 5 | |
| 56.0.1 | 5 / 4 | |
| 56.0.0 | 5 / 4 | |
| 55.0.11 | 5 / 2 | |
| 55.0.10 | 5 / 2 | |
| 55.0.9 | 5 / 2 | |
| 55.0.8 | 5 / 2 | |
| 55.0.7 | 5 / 2 | |
| 55.0.6 | 5 / 2 | |
| 55.0.5 | 5 / 2 | |
| 55.0.4 | 5 / 2 | |
| 55.0.3 | 5 / 2 | |
| 55.0.2 | 5 / 2 | |
| 55.0.1 | 5 / 2 | |
| 55.0.0 | 5 / 2 | |
| 6.1.2 | 4 / 1 | |
| 6.1.1 | 4 / 1 | |
| 6.1.0 | 4 / 1 | |
| 6.0.2 | 4 / 1 | |
| 6.0.1 | 4 / 1 | |
| 6.0.0 | 3 / 1 | |
| 5.0.5 | 0 / 0 | |
| 5.0.4 | 0 / 0 | |
| 5.0.3 | 0 / 0 | |
| 5.0.2 | 0 / 0 | |
| 5.0.1 | 0 / 0 | |
| 5.0.0 | 0 / 0 | |
| 4.0.1 | 0 / 0 | |
| 4.0.0 | 0 / 0 | |
| 3.2.3 | 0 / 0 | |
| 3.2.2 | 0 / 0 | |
| 3.2.1 | 0 / 0 | |
| 3.2.0 | 0 / 0 | |
| 3.1.3 | 0 / 0 | |
| 3.1.2 | 0 / 0 | |
| 3.1.1 | 0 / 0 | |
| 3.1.0 | 0 / 0 | |
| 3.0.4 | 0 / 0 | |
| 3.0.3 | 1 / 0 | |
| 3.0.2 | 1 / 0 |
v56.0.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v56.0.12
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (alanhughes) than the most recent previously approved version (brentvatne) on 2026-05-23, but alanhughes is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v56.0.11
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-21. This could indicate a legitimate maintainer transition or an account compromise.
v56.0.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v56.0.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v56.0.8
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-14. This could indicate a legitimate maintainer transition or an account compromise.
v56.0.7
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-13. This could indicate a legitimate maintainer transition or an account compromise.
v56.0.6
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-12. This could indicate a legitimate maintainer transition or an account compromise.
v56.0.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v56.0.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v56.0.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v56.0.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v56.0.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v56.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v55.0.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.0
4 findingsThis version was published by a different npm account than previous versions on 2024-04-18. This could indicate a legitimate maintainer transition or an account compromise.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.3
4 findingsThis version was published by a different npm account than previous versions on 2024-02-06. This could indicate a legitimate maintainer transition or an account compromise.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.2
4 findingsThis version was published by a different npm account than previous versions on 2024-01-23. This could indicate a legitimate maintainer transition or an account compromise.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.1
2 findingsThis version was published by a different npm account than previous versions on 2024-01-18. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.0
2 findingsThis version was published by a different npm account than previous versions on 2023-12-12. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.4
2 findingsThis version was published by a different npm account than previous versions on 2023-11-14. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.3
2 findingsThis version was published by a different npm account than previous versions on 2023-10-17. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.2
2 findingsThis version was published by a different npm account than previous versions on 2023-09-15. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.