Data

Tools

Indexes

Applications

Experiments

Repos

An open API service providing repository metadata for many open source software ecosystems.

GitHub / react-native-linear-gradient / react-native-linear-gradient

A <LinearGradient /> component for react-native

JSON API: http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/react-native-linear-gradient%2Freact-native-linear-gradient
PURL: pkg:github/react-native-linear-gradient/react-native-linear-gradient

Stars: 4,951
Forks: 709
Open issues: 186

License: mit
Language: Java
Size: 2.15 MB
Dependencies parsed at: Pending

Created at: over 10 years ago
Updated at: 17 days ago
Pushed at: 9 months ago
Last synced at: 7 days ago

Commit Stats

Commits: 355
Authors: 109
Mean commits per author: 3.26
Development Distribution Score: 0.842
More commit stats: https://commits.ecosyste.ms/hosts/GitHub/repositories/react-native-linear-gradient/react-native-linear-gradient

OpenSSF Scorecard report

2.8

Overall Score

10/10 Critical Risk
13/60 High Risk
0/40 Medium Risk
10/20 Low Risk
Generated on August 11, 2025 | Scorecard vv5.2.1-40-gf6ed084d
Security Checks
10/10
Dangerous-Workflow
Critical Risk

no dangerous workflow patterns detected

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10/10
License
Low Risk

license file detected

Determines if the project has defined a license.

Show details
ℹ️ Info: project has a license file: LICENSE:0
ℹ️ Info: FSF or OSI recognized license: MIT License: LICENSE:0
9/10
Binary-Artifacts
High Risk

binaries present in source code

Determines if the project has generated executable (binary) artifacts in the source repository.

Show details
⚠️ Warn: binary detected: example/android/gradle/wrapper/gradle-wrapper.jar:1
3/10
Branch-Protection
High Risk

branch protection is not maximal on development and all release branches

Determines if the default and release branches are protected with GitHub's branch protection settings.

Show details
ℹ️ Info: 'allow deletion' disabled on branch 'master'
ℹ️ Info: 'force pushes' disabled on branch 'master'
⚠️ Warn: branch 'master' does not require approvers
⚠️ Warn: codeowners review is not required on branch 'master'
ℹ️ Info: status check found to merge onto on branch 'master'
1/10
Code-Review
High Risk

Found 2/12 approved changesets -- score normalized to 1

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0/10
CII-Best-Practices
Low Risk

no effort to earn an OpenSSF best practices badge detected

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0/10
Fuzzing
Medium Risk

project is not fuzzed

Determines if the project uses fuzzing.

Show details
⚠️ Warn: no fuzzer integrations found
0/10
Maintained
High Risk

0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0

Determines if the project is "actively maintained".

0/10
Pinned-Dependencies
Medium Risk

dependency not pinned by hash detected -- score normalized to 0

Determines if the project has declared and pinned the dependencies of its build process.

Show details
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-linear-gradient/react-native-linear-gradient/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-linear-gradient/react-native-linear-gradient/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-linear-gradient/react-native-linear-gradient/ci.yml/master?enable=pin
⚠️ Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-linear-gradient/react-native-linear-gradient/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-linear-gradient/react-native-linear-gradient/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-linear-gradient/react-native-linear-gradient/ci.yml/master?enable=pin
⚠️ Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-linear-gradient/react-native-linear-gradient/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-linear-gradient/react-native-linear-gradient/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-linear-gradient/react-native-linear-gradient/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-linear-gradient/react-native-linear-gradient/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-linear-gradient/react-native-linear-gradient/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-linear-gradient/react-native-linear-gradient/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-linear-gradient/react-native-linear-gradient/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-linear-gradient/react-native-linear-gradient/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prerelease.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-linear-gradient/react-native-linear-gradient/prerelease.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prerelease.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-linear-gradient/react-native-linear-gradient/prerelease.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-linear-gradient/react-native-linear-gradient/publish.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-linear-gradient/react-native-linear-gradient/publish.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-linear-gradient/react-native-linear-gradient/version.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-linear-gradient/react-native-linear-gradient/version.yml/master?enable=pin
ℹ️ Info: 0 out of 18 GitHub-owned GitHubAction dependencies pinned
ℹ️ Info: 0 out of 2 third-party GitHubAction dependencies pinned
0/10
SAST
Medium Risk

SAST tool is not run on all commits -- score normalized to 0

Determines if the project uses static code analysis.

Show details
⚠️ Warn: 0 commits out of 28 are checked with a SAST tool
0/10
Security-Policy
Medium Risk

security policy file not detected

Determines if the project has published a security policy.

Show details
⚠️ Warn: no security policy file detected
⚠️ Warn: no security file to analyze
⚠️ Warn: no security file to analyze
⚠️ Warn: no security file to analyze
0/10
Token-Permissions
High Risk

detected GitHub workflow tokens with excessive permissions

Determines if the project's workflows follow the principle of least privilege.

Show details
⚠️ Warn: no topLevel permission defined: .github/workflows/ci.yml:1
⚠️ Warn: no topLevel permission defined: .github/workflows/prerelease.yml:1
⚠️ Warn: no topLevel permission defined: .github/workflows/publish.yml:1
⚠️ Warn: no topLevel permission defined: .github/workflows/version.yml:1
ℹ️ Info: no jobLevel write permissions found
0/10
Vulnerabilities
High Risk

22 existing vulnerabilities detected

Determines if the project has open, known unfixed vulnerabilities.

Show details
⚠️ Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
⚠️ Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
⚠️ Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
⚠️ Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
⚠️ Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
⚠️ Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4
⚠️ Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
⚠️ Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
⚠️ Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
⚠️ Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q
⚠️ Warn: Project is vulnerable to: GHSA-rxrc-rgv4-jpvx
⚠️ Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
⚠️ Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
⚠️ Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
⚠️ Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
⚠️ Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
⚠️ Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
⚠️ Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
⚠️ Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
⚠️ Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp
⚠️ Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
⚠️ Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v
N/A
Packaging
Not Applicable

packaging workflow not detected

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

Show details
⚠️ Warn: no GitHub/GitLab publishing workflow detected.
N/A
Signed-Releases
Not Applicable

no releases found

Determines if the project cryptographically signs release artifacts.