RepoJournal
Meta

Meta

React, React Native, and Jest — the open source under what Meta ships

Pick a date

  1. Fri 1 may
  2. Sat 2 may
  3. Sun 3 may
  4. Mon 4 may
  5. Tue 5 may
  6. Wed 6 may
  7. Thu 7 may
  8. Fri 8 may
  9. Sat 9 may
  10. Sun 10 may
  11. Tue 12 may
  12. Wed 13 may
  13. Thu 14 may
  14. Sat 16 may
  15. Sun 17 may
  16. Tue 19 may
  17. Wed 20 may
  18. Thu 21 may
  19. Sat 23 may
  20. Sun 24 may
  21. Tue 26 may
  22. Thu 28 may
  23. Fri 29 may
  24. Sat 30 may
  25. Sun 31 may
  26. Mon 1 jun
  27. Mon 8 jun
  28. Tue 9 jun
  29. Today 10 jun

The Wire · Showcase

REACT HARDENS RELEASE PIPELINE, JEST PLUGS SUPPLY CHAIN RISK

By RepoJournal · Filed · About Meta

React now signs artifacts across all release branches, closing a gap that could have left older versions unverified in production.

React's CI pipeline expanded artifact attestation beyond main to all release branches [1], meaning backport releases and older version patches now ship with the same cryptographic proof as cutting-edge builds. This matters because unverified artifacts create supply chain exposure, and older versions often run in enterprise environments that can't upgrade quickly. On the same front, Jest disabled build scripts in its own pipeline [2], a direct move to cut off one vector for supply chain attacks. React Native is grinding through internal consistency fixes across codegen fixtures [3] and manually patching files that codemods missed [4], cleanup work tied to broader infrastructure changes landing in Metro and Relay. The trio of moves signals coordinated hardening: React securing its release gates, Jest tightening its build process, and Native cleaning up after structural shifts.

Action items

References

  1. [1] [ci] Create artifact attestations for builds on backport branches ↗ facebook/react
  2. [2] chore: disable build scripts ↗ facebook/jest
  3. [3] Fix variance in react-native-github/packages/react-native-codegen/e2e/deep_imports/__test_fixtures__/modules/ (#56992) facebook/react-native
  4. [4] manually fix a few more files (#56983) facebook/react-native

FAQ

What changed in Meta on May 29, 2026?
React now signs artifacts across all release branches, closing a gap that could have left older versions unverified in production.
What should Meta teams do about it?
Review your React release process - backport releases now carry attestations • Update Jest to latest once build changes land stable • Monitor React Native codegen for the fixture and codemod fixes to reach your build
Which Meta repositories shipped on May 29, 2026?
facebook/react, facebook/jest, facebook/react-native

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.