Skip to content

Expo example#2167

Merged
crutchcorn merged 5 commits into
mainfrom
expo-example
May 10, 2026
Merged

Expo example#2167
crutchcorn merged 5 commits into
mainfrom
expo-example

Conversation

@crutchcorn

@crutchcorn crutchcorn commented May 10, 2026

Copy link
Copy Markdown
Member

This PR adds an Expo/React Native example of TanStack Form's React adapter to our project

Summary by CodeRabbit

  • Chores

    • Updated React and React DOM to 19.1.0 and aligned TypeScript React types across examples and core packages.
  • New Features

    • Added a full Expo React Native example with form demo, README, project reset script, Metro/ESLint/TypeScript configs, and ignore rules for native/web builds.

Review Change Stack

@coderabbitai

coderabbitai Bot commented May 10, 2026

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 45e1d548-38ba-4ed4-9008-4155c8a3c949

📥 Commits

Reviewing files that changed from the base of the PR and between 2669934 and 0e7399a.

📒 Files selected for processing (1)
  • examples/react/expo/package.json
✅ Files skipped from review due to trivial changes (1)
  • examples/react/expo/package.json

📝 Walkthrough

Walkthrough

This PR pins React and react-dom to 19.1.0 and updates @types/react to ~19.1.0 across examples and packages, and adds a new Expo React Native example with docs, configs, Metro, ESLint, TypeScript, form UI with multiple validators, and a reset CLI.

Changes

React 19.1.0 Version Updates

Layer / File(s) Summary
Example Package Dependencies
examples/react/{array,compiler,composition,devtools,dynamic,field-errors-from-form-validators,large-form,next-server-actions,next-server-actions-zod,query-integration,remix,simple,standard-schema,tanstack-start,ui-libraries}/package.json, examples/{solid,vue}/standard-schema/package.json
React and react-dom pinned to 19.1.0, @types/react updated to ~19.1.0 across 33 manifest changes.
Core Package Dependencies
packages/react-form{,-devtools,-nextjs,-remix,-start}/package.json
React and react-dom pinned to 19.1.0, @types/react updated to ~19.1.0 in core packages.

New Expo React Native Example

Layer / File(s) Summary
Documentation and Ignores
examples/react/expo/README.md, examples/react/expo/.gitignore
Added README with setup/development/reset instructions and .gitignore for Expo/React Native artifacts.
Package and TypeScript Configuration
examples/react/expo/package.json, examples/react/expo/tsconfig.json
New package.json with scripts/deps; tsconfig.json extends Expo base, enables strict, and adds path alias.
Build and Development Configuration
examples/react/expo/app.json, examples/react/expo/metro.config.js, examples/react/expo/eslint.config.js
App metadata and plugins, Metro bundler configured for monorepo resolution and module pinning, and ESLint flat config.
Validation Schemas
examples/react/expo/app/index.tsx (lines 32–76)
Add Zod, Valibot, ArkType, and Effect schema implementations with firstName/lastName validation rules.
Form Component and Styling
examples/react/expo/app/index.tsx (lines 19–30, 78–184)
Add FieldInfo helper, wire useForm to a validator, render fields, submit button, and styles.
Reset Project Utility
examples/react/expo/scripts/reset-project.js
Interactive CLI to archive/delete existing app directories, create new app/, and write starter templates.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 Hop along, dear React forms take flight,
Nineteen-point-one shines oh so bright!
Expo now plays on mobile screens,
Validating dreams with schemas so keen,
A form reset away, all bouncing with glee! 🌟

🚥 Pre-merge checks | ✅ 2 | ❌ 3

❌ Failed checks (2 warnings, 1 inconclusive)

Check name Status Explanation Resolution
Description check ⚠️ Warning The PR description is minimal and does not follow the required template structure with sections for Changes, Checklist, and Release Impact. Complete the required template by adding detailed 'Changes' section, filling the Checklist items, and specifying whether a changeset is needed for the dependency version updates.
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check ❓ Inconclusive The title 'Expo example' is vague and generic, lacking specificity about whether this adds, updates, or modifies functionality. Revise the title to be more descriptive, such as 'Add Expo/React Native example' or 'Expo example with TanStack Form integration and dependency updates'.
✅ Passed checks (2 passed)
Check name Status Explanation
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch expo-example

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@nx-cloud

nx-cloud Bot commented May 10, 2026

Copy link
Copy Markdown

View your CI Pipeline Execution ↗ for commit 0aa88ac

Command Status Duration Result
nx affected --targets=test:sherif,test:knip,tes... ✅ Succeeded 1m 50s View ↗
nx run-many --target=build --exclude=examples/** ✅ Succeeded 1s View ↗

☁️ Nx Cloud last updated this comment at 2026-05-10 18:28:12 UTC

@github-actions

github-actions Bot commented May 10, 2026

Copy link
Copy Markdown
Contributor

🚀 Changeset Version Preview

No changeset entries found. Merging this PR will not cause a version bump for any packages.

@pkg-pr-new

pkg-pr-new Bot commented May 10, 2026

Copy link
Copy Markdown
More templates

@tanstack/angular-form

npm i https://pkg.pr.new/@tanstack/angular-form@2167

@tanstack/form-core

npm i https://pkg.pr.new/@tanstack/form-core@2167

@tanstack/form-devtools

npm i https://pkg.pr.new/@tanstack/form-devtools@2167

@tanstack/lit-form

npm i https://pkg.pr.new/@tanstack/lit-form@2167

@tanstack/preact-form

npm i https://pkg.pr.new/@tanstack/preact-form@2167

@tanstack/react-form

npm i https://pkg.pr.new/@tanstack/react-form@2167

@tanstack/react-form-devtools

npm i https://pkg.pr.new/@tanstack/react-form-devtools@2167

@tanstack/react-form-nextjs

npm i https://pkg.pr.new/@tanstack/react-form-nextjs@2167

@tanstack/react-form-remix

npm i https://pkg.pr.new/@tanstack/react-form-remix@2167

@tanstack/react-form-start

npm i https://pkg.pr.new/@tanstack/react-form-start@2167

@tanstack/solid-form

npm i https://pkg.pr.new/@tanstack/solid-form@2167

@tanstack/solid-form-devtools

npm i https://pkg.pr.new/@tanstack/solid-form-devtools@2167

@tanstack/svelte-form

npm i https://pkg.pr.new/@tanstack/svelte-form@2167

@tanstack/vue-form

npm i https://pkg.pr.new/@tanstack/vue-form@2167

commit: 0e7399a

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 5

🧹 Nitpick comments (6)
examples/vue/standard-schema/package.json (1)

16-17: ⚡ Quick win

Remove unused react and react-dom dependencies from the Vue example.

This example is Vue-only and does not import React. These dependencies add unnecessary install weight and maintenance surface; remove them from dependencies.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@examples/vue/standard-schema/package.json` around lines 16 - 17, Remove the
unused React deps from the Vue example by deleting the "react" and "react-dom"
entries from the dependencies in package.json (they are currently listed as
"react": "19.1.0" and "react-dom": "19.1.0"); after removing them, update the
lockfile (package-lock.json or yarn.lock) by running the project's package
manager to ensure the lockfile reflects the change.
examples/react/standard-schema/package.json (1)

23-24: ⚡ Quick win

Align @types/react-dom to the same minor version as @types/react.

Line 24 specifies ^19.0.3, which allows drift into minor versions beyond 19.1.x. Use ~19.1.0 instead to keep it consistent with the pinned ~19.1.0 on Line 23. For maximum reproducibility in this example, consider an exact version (e.g., @types/react-dom@19.1.0), which aligns with React's documented upgrade guidance.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@examples/react/standard-schema/package.json` around lines 23 - 24, Update the
dependency spec for "@types/react-dom" to match the minor version used for
"@types/react" (change the current "^19.0.3" spec to "~19.1.0" or pin to
"19.1.0"); locate the "@types/react-dom" entry in package.json and replace its
version string so both "@types/react" and "@types/react-dom" use the same 19.1.x
range for reproducible builds.
examples/react/ui-libraries/package.json (1)

22-23: 💤 Low value

Consider using consistent version pinning for React ecosystem packages.

The runtime packages react and react-dom use exact version pinning (19.1.0), while @types/react uses a tilde range (~19.1.0). For consistency and to match the exact pinning strategy applied to the runtime packages, consider pinning @types/react to an exact version as well.

📦 Alternative: exact version pinning
-    "react": "19.1.0",
-    "react-dom": "19.1.0"
+    "react": "19.1.0",
+    "react-dom": "19.1.0"
   },
   "devDependencies": {
     "@tanstack/react-devtools": "^0.9.7",
     "@tanstack/react-form-devtools": "^0.2.26",
-    "@types/react": "~19.1.0",
+    "@types/react": "19.1.0",

Also applies to: 28-28

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@examples/react/ui-libraries/package.json` around lines 22 - 23, The
`@types/react` devDependency is using a tilde range (~19.1.0) while runtime
packages react and react-dom are exact-pinned to 19.1.0; update the `@types/react`
entry in package.json to the exact version "19.1.0" (and any other `@types/react`
occurrences) so all React ecosystem packages use consistent exact version
pinning; ensure you update the package-lock/yarn.lock by reinstalling deps after
the change.
examples/react/query-integration/package.json (2)

21-21: ⚡ Quick win

Consider updating @types/react-dom to match the React runtime version.

The React runtime dependencies were updated to 19.1.0, and @types/react was updated to ~19.1.0, but @types/react-dom remains at ^19.0.3. This version misalignment could lead to type inconsistencies if React DOM 19.1.0 introduced API changes not reflected in the 19.0.3 type definitions.

📌 Proposed fix to align `@types/react-dom` version
-    "@types/react-dom": "^19.0.3",
+    "@types/react-dom": "19.1.0",
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@examples/react/query-integration/package.json` at line 21, Mismatch between
React runtime and DOM type package: update the `@types/react-dom` dependency in
package.json (the "@types/react-dom" entry) to align with React/runtime version
19.1.0 (e.g., use version ~19.1.0 or the exact 19.1.x that matches `@types/react`)
so the type definitions stay consistent with the updated React runtime.

14-20: ⚡ Quick win

Align version pinning strategy for React dependencies.

The React runtime dependencies use exact version pinning (19.1.0), while @types/react uses a tilde range (~19.1.0). This inconsistency could allow the type definitions to drift to patch versions (19.1.1, 19.1.2, etc.) while the runtime remains locked, potentially causing type mismatches.

For consistency and reliability in example projects, consider pinning all React-related dependencies to exact versions.

📌 Proposed fix to align version pinning
-    "@types/react": "~19.1.0",
+    "@types/react": "19.1.0",
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@examples/react/query-integration/package.json` around lines 14 - 20, The
package.json currently pins "react" and "react-dom" to exact 19.1.0 but
"@types/react" uses a tilde range (~19.1.0); update "@types/react" to the exact
same version string ("19.1.0") so all React-related packages ("react",
"react-dom", "@types/react") use consistent exact version pinning to avoid
type/runtime drift.
examples/react/field-errors-from-form-validators/package.json (1)

19-20: ⚡ Quick win

Update @types/react-dom to match @types/react version pattern for consistency.

@types/react-dom is at ^19.0.3 while @types/react is at ~19.1.0. Since @types/react-dom@19.1.x versions are available on npm, consider updating to ~19.1.0 to align with the React and TypeScript version patterns used for @types/react.

Proposed update
     "@types/react": "~19.1.0",
-    "@types/react-dom": "^19.0.3",
+    "@types/react-dom": "~19.1.0",
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@examples/react/field-errors-from-form-validators/package.json` around lines
19 - 20, The dependency versions are inconsistent: "@types/react" uses "~19.1.0"
while "@types/react-dom" is "^19.0.3"; update the "@types/react-dom" entry to
use the same version pattern and minor version as "@types/react" (e.g., change
"@types/react-dom" to "~19.1.0") so both type packages align; update
package.json and run npm/yarn install to refresh lockfile.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@examples/react/expo/app/index.tsx`:
- Around line 106-113: Add explicit accessibilityLabel props to both TextInput
instances so screen readers can reliably identify them; for the TextInput with
value={field.state.value} and handlers field.handleBlur/field.handleChange, add
accessibilityLabel (e.g., matching the adjacent Text label like "Email input")
and similarly add an accessibilityLabel to the other TextInput instance (the one
analogous at the second occurrence). Ensure each TextInput includes the
accessibilityLabel string that corresponds to its visible Text label so
assistive tech can programmatically associate label and input.
- Around line 90-93: The onSubmit handler currently logs the full submitted form
object (console.log(value)), which may contain PII like firstName/lastName;
replace that direct logging with a safe alternative: remove console.log(value)
and either call a submit/save function (e.g., sendToServer(value)) or log a
non-PII summary (e.g., log only status or a masked/ sanitized version). Update
the onSubmit implementation (the onSubmit async ({ value }) => { ... } block) to
redact or omit fields like firstName and lastName (or use a helper like
sanitizeFormData(value)) before any telemetry/logging or simply avoid logging
the value altogether.

In `@examples/react/expo/scripts/reset-project.js`:
- Around line 96-98: The catch block that logs errors for the reset script
currently only prints the error and does not signal failure; update the catch in
the reset logic (the catch handling the reset operations in reset-project.js) to
call process.exit(1) after logging so the script returns a non‑zero exit code on
error (retain the existing console.error message and append process.exit(1) to
ensure CI/shell callers detect failures).

In `@examples/react/query-integration/package.json`:
- Around line 14-15: The package.json currently pins "react" and "react-dom" to
19.1.0 which contains critical vulnerabilities (CVE-2025-55182 and others);
update the dependency entries for "react" and "react-dom" to 19.1.7 or later,
then regenerate the lockfile (npm install / yarn install / pnpm install) and run
your test/build to ensure compatibility—look for the dependency strings "react"
and "react-dom" in package.json and update their versions accordingly.

In `@examples/react/ui-libraries/package.json`:
- Around line 28-29: The package.json has mismatched React type versions:
"@types/react" is "~19.1.0" while "@types/react-dom" is "^19.0.3"; update the
"@types/react-dom" dependency to the same minor version as "@types/react" (e.g.,
"~19.1.0" or otherwise match the exact version used for "@types/react") to keep
type definitions in sync and avoid type incompatibilities; modify the dependency
entry for "@types/react-dom" in package.json and run your package manager
install to update lockfiles.

---

Nitpick comments:
In `@examples/react/field-errors-from-form-validators/package.json`:
- Around line 19-20: The dependency versions are inconsistent: "@types/react"
uses "~19.1.0" while "@types/react-dom" is "^19.0.3"; update the
"@types/react-dom" entry to use the same version pattern and minor version as
"@types/react" (e.g., change "@types/react-dom" to "~19.1.0") so both type
packages align; update package.json and run npm/yarn install to refresh
lockfile.

In `@examples/react/query-integration/package.json`:
- Line 21: Mismatch between React runtime and DOM type package: update the
`@types/react-dom` dependency in package.json (the "@types/react-dom" entry) to
align with React/runtime version 19.1.0 (e.g., use version ~19.1.0 or the exact
19.1.x that matches `@types/react`) so the type definitions stay consistent with
the updated React runtime.
- Around line 14-20: The package.json currently pins "react" and "react-dom" to
exact 19.1.0 but "@types/react" uses a tilde range (~19.1.0); update
"@types/react" to the exact same version string ("19.1.0") so all React-related
packages ("react", "react-dom", "@types/react") use consistent exact version
pinning to avoid type/runtime drift.

In `@examples/react/standard-schema/package.json`:
- Around line 23-24: Update the dependency spec for "@types/react-dom" to match
the minor version used for "@types/react" (change the current "^19.0.3" spec to
"~19.1.0" or pin to "19.1.0"); locate the "@types/react-dom" entry in
package.json and replace its version string so both "@types/react" and
"@types/react-dom" use the same 19.1.x range for reproducible builds.

In `@examples/react/ui-libraries/package.json`:
- Around line 22-23: The `@types/react` devDependency is using a tilde range
(~19.1.0) while runtime packages react and react-dom are exact-pinned to 19.1.0;
update the `@types/react` entry in package.json to the exact version "19.1.0" (and
any other `@types/react` occurrences) so all React ecosystem packages use
consistent exact version pinning; ensure you update the package-lock/yarn.lock
by reinstalling deps after the change.

In `@examples/vue/standard-schema/package.json`:
- Around line 16-17: Remove the unused React deps from the Vue example by
deleting the "react" and "react-dom" entries from the dependencies in
package.json (they are currently listed as "react": "19.1.0" and "react-dom":
"19.1.0"); after removing them, update the lockfile (package-lock.json or
yarn.lock) by running the project's package manager to ensure the lockfile
reflects the change.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2b1d86c6-c3ea-4d84-ba0f-c488d18ae946

📥 Commits

Reviewing files that changed from the base of the PR and between 360b4ae and 2669934.

⛔ Files ignored due to path filters (11)
  • examples/react/expo/assets/images/android-icon-background.png is excluded by !**/*.png
  • examples/react/expo/assets/images/android-icon-foreground.png is excluded by !**/*.png
  • examples/react/expo/assets/images/android-icon-monochrome.png is excluded by !**/*.png
  • examples/react/expo/assets/images/favicon.png is excluded by !**/*.png
  • examples/react/expo/assets/images/icon.png is excluded by !**/*.png
  • examples/react/expo/assets/images/partial-react-logo.png is excluded by !**/*.png
  • examples/react/expo/assets/images/react-logo.png is excluded by !**/*.png
  • examples/react/expo/assets/images/react-logo@2x.png is excluded by !**/*.png
  • examples/react/expo/assets/images/react-logo@3x.png is excluded by !**/*.png
  • examples/react/expo/assets/images/splash-icon.png is excluded by !**/*.png
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (31)
  • examples/react/array/package.json
  • examples/react/compiler/package.json
  • examples/react/composition/package.json
  • examples/react/devtools/package.json
  • examples/react/dynamic/package.json
  • examples/react/expo/.gitignore
  • examples/react/expo/README.md
  • examples/react/expo/app.json
  • examples/react/expo/app/index.tsx
  • examples/react/expo/eslint.config.js
  • examples/react/expo/metro.config.js
  • examples/react/expo/package.json
  • examples/react/expo/scripts/reset-project.js
  • examples/react/expo/tsconfig.json
  • examples/react/field-errors-from-form-validators/package.json
  • examples/react/large-form/package.json
  • examples/react/next-server-actions-zod/package.json
  • examples/react/next-server-actions/package.json
  • examples/react/query-integration/package.json
  • examples/react/remix/package.json
  • examples/react/simple/package.json
  • examples/react/standard-schema/package.json
  • examples/react/tanstack-start/package.json
  • examples/react/ui-libraries/package.json
  • examples/solid/standard-schema/package.json
  • examples/vue/standard-schema/package.json
  • packages/react-form-devtools/package.json
  • packages/react-form-nextjs/package.json
  • packages/react-form-remix/package.json
  • packages/react-form-start/package.json
  • packages/react-form/package.json

Comment on lines +90 to +93
onSubmit: async ({ value }) => {
// Do something with form data
console.log(value)
},

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Avoid logging submitted PII in the example flow.

Line 92 logs firstName/lastName directly. Even in example code, this encourages unsafe logging patterns.

Suggested change
     onSubmit: async ({ value }) => {
-      // Do something with form data
-      console.log(value)
+      // Do something with form data
+      if (__DEV__) {
+        console.log('Form submitted')
+      }
     },
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
onSubmit: async ({ value }) => {
// Do something with form data
console.log(value)
},
onSubmit: async ({ value }) => {
// Do something with form data
if (__DEV__) {
console.log('Form submitted')
}
},
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@examples/react/expo/app/index.tsx` around lines 90 - 93, The onSubmit handler
currently logs the full submitted form object (console.log(value)), which may
contain PII like firstName/lastName; replace that direct logging with a safe
alternative: remove console.log(value) and either call a submit/save function
(e.g., sendToServer(value)) or log a non-PII summary (e.g., log only status or a
masked/ sanitized version). Update the onSubmit implementation (the onSubmit
async ({ value }) => { ... } block) to redact or omit fields like firstName and
lastName (or use a helper like sanitizeFormData(value)) before any
telemetry/logging or simply avoid logging the value altogether.

Comment on lines +106 to +113
<TextInput
style={styles.input}
value={field.state.value}
onBlur={field.handleBlur}
onChangeText={(text) => field.handleChange(text)}
autoCapitalize="none"
autoCorrect={false}
/>

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add explicit accessibility labels to both TextInput fields.

The adjacent Text label is not reliably programmatically associated with TextInput in React Native, which can hinder screen-reader users.

Suggested change
               <TextInput
                 style={styles.input}
                 value={field.state.value}
+                accessibilityLabel="First Name"
                 onBlur={field.handleBlur}
                 onChangeText={(text) => field.handleChange(text)}
                 autoCapitalize="none"
                 autoCorrect={false}
               />
@@
               <TextInput
                 style={styles.input}
                 value={field.state.value}
+                accessibilityLabel="Last Name"
                 onBlur={field.handleBlur}
                 onChangeText={(text) => field.handleChange(text)}
                 autoCapitalize="none"
                 autoCorrect={false}
               />

Also applies to: 126-133

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@examples/react/expo/app/index.tsx` around lines 106 - 113, Add explicit
accessibilityLabel props to both TextInput instances so screen readers can
reliably identify them; for the TextInput with value={field.state.value} and
handlers field.handleBlur/field.handleChange, add accessibilityLabel (e.g.,
matching the adjacent Text label like "Email input") and similarly add an
accessibilityLabel to the other TextInput instance (the one analogous at the
second occurrence). Ensure each TextInput includes the accessibilityLabel string
that corresponds to its visible Text label so assistive tech can
programmatically associate label and input.

Comment on lines +96 to +98
} catch (error) {
console.error(`❌ Error during script execution: ${error.message}`)
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Return a failing exit code when reset operations error out.

On Line 96-98, failures are logged but the process still exits as success. That can hide broken resets in scripted workflows.

Suggested fix
   } catch (error) {
     console.error(`❌ Error during script execution: ${error.message}`)
+    process.exitCode = 1
   }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
} catch (error) {
console.error(`❌ Error during script execution: ${error.message}`)
}
} catch (error) {
console.error(`❌ Error during script execution: ${error.message}`)
process.exitCode = 1
}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@examples/react/expo/scripts/reset-project.js` around lines 96 - 98, The catch
block that logs errors for the reset script currently only prints the error and
does not signal failure; update the catch in the reset logic (the catch handling
the reset operations in reset-project.js) to call process.exit(1) after logging
so the script returns a non‑zero exit code on error (retain the existing
console.error message and append process.exit(1) to ensure CI/shell callers
detect failures).

Comment on lines +14 to +15
"react": "19.1.0",
"react-dom": "19.1.0"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

Is React 19.1.0 a valid published version on npm? Are there any known security vulnerabilities in React 19.1.0?

💡 Result:

Yes—React 19.1.0 is a valid published npm version (it appears in the npm package’s version history). [1] Known security vulnerabilities affecting React 19.1.0: 1) Critical: Remote Code Execution (CVE-2025-55182) in React Server Components (Server Function endpoints) affects React Server DOM packages including the versions 19.1.0 (and also 19.1.1 and 19.2.0). This is an unauthenticated pre-auth RCE condition via unsafe deserialization of payloads sent to Server Function endpoints. [2][3] 2) Denial of Service (CVE-2026-23869) in React Server Components affects react-server-dom-* packages including version 19.1.0. It can be triggered by specially crafted HTTP requests leading to excessive CPU usage / out-of-memory/CPU exhaustion scenarios. [4] 3) Denial of Service (CVE-2026-23870) in React Server Components also lists 19.1.0 as affected for react-server-dom-* packages; patched versions include 19.1.7. [5] Important scoping note: the React advisories state these vulnerabilities are tied to React Server Components / Server Function endpoints; if your app does not use RSC (and supporting tooling like React Server DOM), it is not affected. [5][4][3] If you need a mitigation, the advisories recommend upgrading to the fixed versions for the affected react-server-dom-* packages (e.g., the RCE fix is addressed in patched versions listed in the advisory, and DoS issues are fixed in 19.1.6/19.1.7/19.1.7 depending on the specific CVE). [5][4][3]

Citations:


Upgrade React 19.1.0 to a patched version; critical security vulnerability detected.

React 19.1.0 contains a critical unauthenticated RCE vulnerability (CVE-2025-55182) in React Server Components via unsafe deserialization of payloads sent to Server Function endpoints. Additionally, two DoS vulnerabilities (CVE-2026-23869, CVE-2026-23870) affect react-server-dom packages in this version.

Upgrade to React 19.1.7 or later. Note: These vulnerabilities are scoped to React Server Components; verify whether your application uses RSC or react-server-dom packages. If not used, the risk is mitigated, but upgrading is still recommended.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@examples/react/query-integration/package.json` around lines 14 - 15, The
package.json currently pins "react" and "react-dom" to 19.1.0 which contains
critical vulnerabilities (CVE-2025-55182 and others); update the dependency
entries for "react" and "react-dom" to 19.1.7 or later, then regenerate the
lockfile (npm install / yarn install / pnpm install) and run your test/build to
ensure compatibility—look for the dependency strings "react" and "react-dom" in
package.json and update their versions accordingly.

Comment on lines +28 to 29
"@types/react": "~19.1.0",
"@types/react-dom": "^19.0.3",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Update @types/react-dom to match the React version alignment.

While @types/react was updated to ~19.1.0, @types/react-dom remains at ^19.0.3. Type definition packages for React and ReactDOM should typically be kept in sync to avoid potential type incompatibilities between the two libraries' APIs.

📦 Suggested fix
     "@types/react": "~19.1.0",
-    "@types/react-dom": "^19.0.3",
+    "@types/react-dom": "~19.1.0",
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
"@types/react": "~19.1.0",
"@types/react-dom": "^19.0.3",
"@types/react": "~19.1.0",
"@types/react-dom": "~19.1.0",
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@examples/react/ui-libraries/package.json` around lines 28 - 29, The
package.json has mismatched React type versions: "@types/react" is "~19.1.0"
while "@types/react-dom" is "^19.0.3"; update the "@types/react-dom" dependency
to the same minor version as "@types/react" (e.g., "~19.1.0" or otherwise match
the exact version used for "@types/react") to keep type definitions in sync and
avoid type incompatibilities; modify the dependency entry for "@types/react-dom"
in package.json and run your package manager install to update lockfiles.

@sentry

sentry Bot commented May 10, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.71%. Comparing base (6892ed0) to head (0e7399a).
⚠️ Report is 193 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #2167      +/-   ##
==========================================
+ Coverage   90.35%   90.71%   +0.36%     
==========================================
  Files          38       59      +21     
  Lines        1752     2198     +446     
  Branches      444      550     +106     
==========================================
+ Hits         1583     1994     +411     
- Misses        149      183      +34     
- Partials       20       21       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@crutchcorn crutchcorn merged commit eb0a13b into main May 10, 2026
9 checks passed
@crutchcorn crutchcorn deleted the expo-example branch May 10, 2026 18:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant