{"id":13601878,"url":"https://github.com/microsoft/rnx-kit","last_synced_at":"2026-05-13T08:10:53.143Z","repository":{"id":37015973,"uuid":"222007330","full_name":"microsoft/rnx-kit","owner":"microsoft","description":"Modern, scalable tools. Exceptional developer experience.","archived":false,"fork":false,"pushed_at":"2026-05-07T19:38:13.000Z","size":134744,"stargazers_count":1716,"open_issues_count":58,"forks_count":117,"subscribers_count":15,"default_branch":"main","last_synced_at":"2026-05-07T19:39:06.367Z","etag":null,"topics":["android","cli","cross-platform","dependency-manager","desktop","desktop-development","developer-experience","developer-tools","devtools","ios","macos","mobile","mobile-development","monorepo","react-native","typescript","visionos","windows"],"latest_commit_sha":null,"homepage":"https://microsoft.github.io/rnx-kit/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/microsoft.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2019-11-15T21:38:13.000Z","updated_at":"2026-05-07T18:08:02.000Z","dependencies_parsed_at":"2023-09-23T15:53:11.105Z","dependency_job_id":"b26e6eb5-2a7f-4f6e-a9f5-fd57360f4759","html_url":"https://github.com/microsoft/rnx-kit","commit_stats":{"total_commits":3076,"total_committers":54,"mean_commits":56.96296296296296,"dds":0.7148894668400521,"last_synced_commit":"8575769a4713497a8b20cc3932192665a06e5f61"},"previous_names":[],"tags_count":1437,"template":false,"template_full_name":null,"purl":"pkg:github/microsoft/rnx-kit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Frnx-kit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Frnx-kit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Frnx-kit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Frnx-kit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/microsoft","download_url":"https://codeload.github.com/microsoft/rnx-kit/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Frnx-kit/sbom","scorecard":{"id":643485,"data":{"date":"2025-08-11","repo":{"name":"github.com/microsoft/rnx-kit","commit":"4bca263867c03125c2a01c57396cbbd98f2dea66"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":7.3,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":8,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: found token with 'none' permissions: .github/workflows/align-deps.yml:1","Info: found token with 'none' permissions: .github/workflows/pr.yml:1","Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr.yml:218","Info: found token with 'none' permissions: .github/workflows/pr.yml:1","Info: found token with 'none' permissions: .github/workflows/pr.yml:1","Info: found token with 'none' permissions: .github/workflows/pr.yml:1","Info: found token with 'none' permissions: .github/workflows/rnx-build.yml:1","Info: found token with 'none' permissions: .github/workflows/rnx-build.yml:1","Info: found token with 'none' permissions: .github/workflows/rnx-build.yml:1","Info: found token with 'none' permissions: .github/workflows/rnx-build.yml:1","Info: found token with 'none' permissions: .github/workflows/rnx-build.yml:1","Warn: no topLevel permission defined: .github/workflows/align-deps.yml:1","Warn: no topLevel permission defined: .github/workflows/build.yml:1","Warn: no topLevel permission defined: .github/workflows/pr.yml:1","Warn: no topLevel permission defined: .github/workflows/rnx-build.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Warn: 'stale review dismissal' is disabled on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Info: codeowner review is required on branch 'main'","Info: 'last push approval' is required to merge on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: packages/test-app/android/gradle/wrapper/gradle-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/align-deps.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/align-deps.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/align-deps.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/align-deps.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/align-deps.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/align-deps.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/align-deps.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/align-deps.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/pr.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr.yml:204: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/pr.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:223: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/pr.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/pr.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/pr.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/pr.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/pr.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/pr.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr.yml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/pr.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/pr.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr.yml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/pr.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr.yml:183: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/pr.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:159: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rnx-build.yml:203: update your workflow using https://app.stepsecurity.io/secureworkflow/microsoft/rnx-kit/rnx-build.yml/main?enable=pin","Info:   0 out of  22 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  14 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"SAST","score":9,"reason":"SAST tool is not run on all commits -- score normalized to 9","details":["Warn: 29 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":4,"reason":"6 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q","Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v","Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h","Warn: Project is vulnerable to: GHSA-xffm-g5w8-qvg7","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T11:26:12.808Z","repository_id":37015973,"created_at":"2025-08-21T11:26:12.809Z","updated_at":"2025-08-21T11:26:12.809Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32785995,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-08T08:22:46.396Z","status":"ssl_error","status_checked_at":"2026-05-08T08:22:45.650Z","response_time":54,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","cli","cross-platform","dependency-manager","desktop","desktop-development","developer-experience","developer-tools","devtools","ios","macos","mobile","mobile-development","monorepo","react-native","typescript","visionos","windows"],"created_at":"2024-08-01T18:01:09.343Z","updated_at":"2026-05-13T08:10:53.136Z","avatar_url":"https://github.com/microsoft.png","language":"TypeScript","funding_links":[],"categories":["By Industry","TypeScript","cli"],"sub_categories":["Mobile Development"],"readme":"# `rnx-kit` - React Native tooling by and for developers\n\n[![Open in Visual Studio Code](https://img.shields.io/static/v1?logo=visualstudiocode\u0026label=\u0026message=Open%20in%20Visual%20Studio%20Code\u0026color=007acc\u0026labelColor=444444\u0026logoColor=007acc)](https://vscode.dev/github/microsoft/rnx-kit)\n[![Build](https://github.com/microsoft/rnx-kit/actions/workflows/build.yml/badge.svg)](https://github.com/microsoft/rnx-kit/actions/workflows/build.yml)\n\n`rnx-kit` is a collection of battle-tested tools created by Microsoft engineers\nto optimize the React Native developer experience. It helps fill gaps in the\nReact Native ecosystem and streamlines the developer workflow.\n\nThese tools are actively used every day to ship React Native apps at scale\nacross Microsoft; now they're open source and available for any React Native\nproject.\n\n## What's included\n\n`rnx-kit` includes tools for:\n\n- Dependency management - Ensure consistent dependency versions across large\n  projects with `align-deps`.\n- Native builds (experimental) - Build Android and iOS apps in the cloud with\n  `build`. Avoid installing heavy native toolchains.\n- Better bundling - `metro-serializer` allows the enhancement of Metro to add\n  features such as TypeScript validation with Metro, tree shaking, duplicate and\n  cyclic dependencies detection.\n- Microsoft-tailored defaults - you can find Babel preset for Metro opinionated\n  for Microsoft usage.\n\nAnd many more!\n\n## Get started\n\nPlease follow\n[Introduction guide](https://microsoft.github.io/rnx-kit/docs/introduction) on\nthe documentation website to learn about how you can quickly add the \"all in\none\" CLI to your project and get most of the tools set out of the box.\n\nOr follow the\n[Getting started guide](https://microsoft.github.io/rnx-kit/docs/guides/getting-started)\nfor an easy introduction to our dependency management tool.\n\nIf you want to use only a specific tool, you can refer to its `README` for\ndetails; they are all easily readable in the\n[Tools section](https://microsoft.github.io/rnx-kit/docs/tools/overview) of the\ndocumentation.\n\n## Contributing\n\n`rnx-kit` is built for the community, by the community - and maintained by\nMicrosoft engineers. Your contributions are welcome!\n\nTake a look at\n[CONTRIBUTING](https://github.com/microsoft/rnx-kit/tree/main/CONTRIBUTING.md)\nfor details.\n\nIf you are interested in proposing \"substantial\" changes, please refer to our\n[RFC process](https://github.com/microsoft/rnx-kit/tree/rfcs).\n\n## License\n\n[MIT License](LICENSE)\n\n## Code of Conduct\n\nThis project has adopted the\n[Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).\nFor more information see the\n[Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or\ncontact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any\nadditional questions or comments.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmicrosoft%2Frnx-kit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmicrosoft%2Frnx-kit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmicrosoft%2Frnx-kit/lists"}