expo-constants — Greenflagged

Provides system information that remains constant throughout the lifetime of your app.

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

idebrentvatneevanbaconexpoadminexponentbycedrickudochienalanhughestsapetaexpo-botphilplwschurmanccheeverjesseruderterriblebensjchmielaesamelson

Keywords

react-nativeexpoconstants

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	missing-githead	AI (provenance): Expo canary releases embed the commit hash in the version string itself; missing gitHead field is a known artifact of their canary publish pipeline, not a security signal.	ai	2026/04/23
npm-metadata	no-description	AI (npm-metadata): Empty description is expected in the initial stub release of this well-established Expo package; not a malicious signal.	ai	2026/04/23
bogus-package	bogus-package	AI (bogus-package): v0.0.1 is a known namespace-reservation stub for the legitimate Expo ecosystem package; stub characteristics do not generalize as malicious for this publisher.	ai	2026/04/23
publish-pattern	suspicious-version-number	AI (publish-pattern): Expo canary releases consistently use this date+commit-hash version format (e.g. X.Y.Z-canary-YYYYMMDD-XXXXXXX); this is a stable false positive for the expo-constants package family.	ai	2026/04/23
dependencies	unvetted-dep:ua-parser-js	AI (dependencies): ua-parser-js is a legitimate, widely-used UA parsing library. The ^0.7.19 constraint resolves to safe 0.7.x releases; the historical compromise (0.7.29/1.0.0) was quickly remediated and those versions yanked.	ai	2026/04/22
phantom-deps	phantom-dep:expo-constants-interface	AI (phantom-deps): expo-constants-interface is a companion interface package in Expo's modular architecture; not directly imported by design. Stable pattern for this package.	ai	2026/04/22
license	uncommon-license:BSD	AI (license): BSD license is used intentionally by 650 Industries/Expo across their package ecosystem; stable and legitimate for this package.	ai	2026/04/22
provenance	publisher-changed	AI (provenance): alanhughes is a known Expo team member with a strong track record (116 approved, 0 rejected). Publisher transition from brentvatne to alanhughes is consistent with legitimate Expo org maintainer rotation.	ai	2026/04/22
dependencies	unvetted-peer-dep:react-native	AI (dependencies): react-native is the canonical peer dependency for all Expo SDK packages; wildcard constraint is standard and expected for this package.	ai	2026/04/21
dependencies	unvetted-peer-dep:expo	AI (dependencies): expo is the canonical peer dependency for all Expo SDK packages; wildcard constraint is standard and expected for this package.	ai	2026/04/21
dependencies	unvetted-dep:@expo/config	AI (dependencies): @expo/config is a first-party Expo package from the same monorepo (expo/expo); it is a stable, expected dependency for expo-constants across all versions.	ai	2026/04/21
dependencies	unvetted-dep:@expo/env	AI (dependencies): @expo/env is a first-party Expo package from the same monorepo (expo/expo); it is a stable, expected dependency for expo-constants across all versions.	ai	2026/04/21
provenance	no-provenance	AI (provenance): expo-constants is a well-established Expo SDK package published from the official expo/expo monorepo; lack of Sigstore provenance is not a meaningful risk signal here.	ai	2026/04/21

Versions (showing 51 of 143)

Show 38 prereleases View all versions

Version	Deps	Published
56.0.16	1 / 5	2026-05-26
56.0.15	1 / 5	2026-05-23
56.0.14	1 / 5	2026-05-21
56.0.13	1 / 5	2026-05-20
56.0.12	1 / 5	2026-05-19
56.0.11	1 / 5	2026-05-15
56.0.10	1 / 5	2026-05-14
56.0.9	1 / 5	2026-05-13
56.0.8	1 / 5	2026-05-13
56.0.7	1 / 5	2026-05-11
56.0.6	1 / 5	2026-05-08
56.0.5	1 / 5	2026-05-07
56.0.4	1 / 5	2026-05-06
56.0.3	1 / 5	2026-05-06
56.0.2	1 / 5	2026-05-06
56.0.1	1 / 4	2026-05-05
56.0.0	1 / 4	2026-05-05
55.0.16	1 / 1	2026-05-05
55.0.15	1 / 1	2026-04-21
55.0.14	2 / 1	2026-04-13
55.0.13	2 / 1	2026-04-09
55.0.12	2 / 1	2026-04-07
55.0.11	2 / 1	2026-04-02
55.0.10	2 / 1	2026-04-02
55.0.9	2 / 1	2026-03-19
55.0.8	2 / 1	2026-03-17
55.0.7	2 / 1	2026-02-25
55.0.6	2 / 1	2026-02-20
55.0.5	2 / 1	2026-02-16
55.0.4	2 / 1	2026-02-08
55.0.3	2 / 1	2026-02-03
55.0.2	2 / 1	2026-01-26
55.0.1	2 / 1	2026-01-22
55.0.0	2 / 1	2026-01-21
18.0.13	2 / 1	2026-01-06
18.0.12	2 / 1	2025-12-12
18.0.11	2 / 1	2025-12-05
18.0.10	2 / 1	2025-10-21
18.0.9	2 / 1	2025-09-16
18.0.8	2 / 1	2025-09-10
18.0.7	2 / 1	2025-09-02
18.0.6	2 / 1	2025-08-31
18.0.5	2 / 1	2025-08-27
18.0.4	2 / 1	2025-08-25
18.0.3	2 / 1	2025-08-21
18.0.2	2 / 1	2025-08-17
18.0.1	2 / 1	2025-08-15
18.0.0	2 / 1	2025-08-13
17.1.8	2 / 1	2025-12-11
17.1.7	2 / 1	2025-07-03
17.1.6	2 / 1	2025-05-06