@hot-updater/js MIT 7 versions

@hot-updater/js

npm Repository Homepage

React Native OTA solution for self-hosted

7

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

gronxb

Keywords

react-nativereact-native-code-pushcode-pusheaseas-updateexpoexpo-updateself-hosted

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
typosquat	typosquat.levenshtein:qs	AI (typosquat): Scoped @hot-updater monorepo package; no impersonation of 'qs'. Levenshtein match is coincidental.	ai	2026/05/14
typosquat	typosquat.levenshtein:jest	AI (typosquat): Scoped @hot-updater monorepo package; no impersonation of 'jest'.	ai	2026/05/14
typosquat	typosquat.levenshtein:pg	AI (typosquat): Scoped @hot-updater monorepo package; no impersonation of 'pg'.	ai	2026/05/14
typosquat	typosquat.levenshtein:rxjs	AI (typosquat): Scoped @hot-updater monorepo package; no impersonation of 'rxjs'.	ai	2026/05/14
typosquat	typosquat.levenshtein:joi	AI (typosquat): Scoped @hot-updater monorepo package; no impersonation of 'joi'.	ai	2026/05/14
typosquat	typosquat.levenshtein:ajv	AI (typosquat): Scoped @hot-updater monorepo package; no impersonation of 'ajv'.	ai	2026/05/14

Versions (showing 7 of 108)

Version	Deps	Published
0.18.5	1 / 4	2025-06-10
0.18.4	1 / 4	2025-06-09
0.18.3	1 / 4	2025-06-05
0.18.2	1 / 4	2025-06-03
0.18.1	1 / 4	2025-05-30
0.18.0	1 / 4	2025-05-29
0.17.0	1 / 4	2025-04-30

v0.18.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.18.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.18.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.18.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.18.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.18.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.17.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.