Use Expo Router by manuthecoder · Pull Request #399 · hackclub/hcb-mobile

manuthecoder · 2026-02-15T08:29:55Z

Rewrites HCB Mobile from React Native navigation → Expo Router for better code quality

Move App.tsx to app/_layout.tsx and rename the component to Layout Replace NavigationContainer with expo-router Stack and update imports Move login page into app/ routing and adjust tsconfig include paths Add a minimal test page and fix asset/import path references

Introduce events index and event detail pages with transactions UI and Tap-to-Pay / mock transaction support. Add events Stack layout. Refactor app layout: move AppContent into expo-router layout, add cards/receipts/settings routes, share-intent handling, and reorderable organizations list. Add TS path aliases and SWRCacheProvider context.

Add app/(app)/(events)/[id]/transactions.tsx to host the transactions list and related logic. Introduce ListItemButton and ListItemText helpers in index.tsx, update imports (router, Ionicons, Pressable, Text, ScrollView), and register the new route in _layout.tsx. Remove unused tab bar/footer code and adjust navigation/data fetching usage.

Set the default fontSize to 16 in components/Text and remove the explicit fontSize from ListItemText so it uses the new default. Add a TabBarStyling component to the events layout that uses usePathname/useNavigation to hide the tab bar when the events stack is not at its root path.

Move full Cards and Receipts implementations into app/(app) routes and remove the legacy src/pages versions. Add a reusable PageTitle component and use it in Cards (and import into Events). Update Navigator imports to point to the new Cards page location.

Add PageTitle as the ListHeaderComponent for Receipts and increase contentContainerStyle paddingTop to 62 to prevent header overlap

Implement a detailed transaction viewer (sharing, comments, admin tools, type-specific renderers). Use NavigationProp for TransactionViewProps to align with expo-router and remove unused imports in receipts

socket-security · 2026-05-22T18:43:06Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Quality	Maintenance
	expo-insights@0.10.7 ⏵ 56.0.12	⁺¹	⁺⁴	⁺¹
	expo-router@56.2.5
	expo-status-bar@3.0.8 ⏵ 56.0.4	⁺¹	⁺¹	⁺¹
	expo-system-ui@6.0.8 ⏵ 56.0.5	⁺¹	⁺¹
	expo-haptics@15.0.7 ⏵ 56.0.3	⁺¹		⁺¹
	expo-checkbox@5.0.7 ⏵ 56.0.1	⁺¹		⁺¹
	expo-document-picker@14.0.7 ⏵ 56.0.4	⁺¹	⁺¹
	expo-linear-gradient@15.0.7 ⏵ 56.0.4	⁺¹	⁺¹
	eas-build-cache-provider@16.4.2 ⏵ 16.30.0	⁺¹		^-2
	expo-constants@17.1.7 ⏵ 56.0.14	⁺¹	⁺¹	⁺¹
	expo-linking@7.1.7 ⏵ 56.0.11		⁺¹	⁺²
	expo-clipboard@8.0.7 ⏵ 56.0.3		⁺¹
	expo-font@14.0.9 ⏵ 56.0.5	⁺¹	⁺¹	⁺²
	expo@54.0.18 ⏵ 56.0.3	^-21	⁺¹	⁺¹
	expo-task-manager@14.0.8 ⏵ 56.0.13	^-23	⁺¹	⁺¹
	expo-build-properties@1.0.9 ⏵ 56.0.13	^-22	⁺¹	⁺¹
	expo-crypto@15.0.7 ⏵ 56.0.3	⁺²	⁺²
	expo-web-browser@15.0.8 ⏵ 56.0.5
	expo-image-picker@17.0.8 ⏵ 56.0.12	^-23		⁺¹
	react-native-qrcode-styled@0.3.3
	@expo/ui@56.0.12
	expo-splash-screen@31.0.10 ⏵ 56.0.9	⁺⁴
	expo-auth-session@7.0.8 ⏵ 56.0.11	^-21	⁺¹	⁺¹
	expo-image@3.0.10 ⏵ 56.0.8	⁺¹	⁺¹
	react-native-safe-area-context@5.7.0
	expo-notifications@0.32.12 ⏵ 56.0.12	^-21	⁺¹	⁺²
	expo-dev-client@6.0.16 ⏵ 56.0.14			⁺¹
	expo-file-system@19.0.17 ⏵ 56.0.7	⁺¹	⁺¹	⁺²
	@types/react@19.1.17 ⏵ 19.2.14	⁺¹	⁺¹
	react-native-gesture-handler@2.31.2
	react-native-alert-notification@0.4.2
	react-native-progress@5.0.1
See 28 more rows in the dashboard

View full report

socket-security · 2026-05-24T20:51:09Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Obfuscated code: npm `@expo/cli` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → `npm/expo@56.0.3` → `npm/@expo/cli@56.1.10` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@expo/cli@56.1.10`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `@react-native/debugger-frontend` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → `npm/react-native@0.85.3` → `npm/expo@56.0.3` → `npm/@react-native/debugger-frontend@0.85.3` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@react-native/debugger-frontend@0.85.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `@react-native/debugger-frontend` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → `npm/react-native@0.85.3` → `npm/expo@56.0.3` → `npm/@react-native/debugger-frontend@0.85.3` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@react-native/debugger-frontend@0.85.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `@sentry-internal/feedback` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → `npm/@sentry/react-native@7.11.0` → `npm/@sentry-internal/feedback@10.37.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@sentry-internal/feedback@10.37.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `@sentry/browser` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → `npm/@sentry/react-native@7.11.0` → `npm/@sentry/browser@10.37.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@sentry/browser@10.37.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `@sentry/core` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → `npm/@sentry/react-native@7.11.0` → `npm/@sentry/core@10.37.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@sentry/core@10.37.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `expo-updates` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → `npm/expo-updates@56.0.15` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/expo-updates@56.0.15`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm `node-forge` is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → `npm/expo-updates@56.0.15` → `npm/expo@56.0.3` → `npm/node-forge@1.4.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/node-forge@1.4.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

    }

+    if (reason) {
+      console.error("[TokenManager] Forced logout", { reason });


+  const [refreshing, setRefreshing] = useState(false);
+
+  const handleDragStart = useCallback(() => {
+    "worklet";


+  }, [refreshing]);
+
+  const handleDragEnd = useCallback(() => {
+    "worklet";


 import * as Haptics from "./haptics";
-import { renderMoney } from "./util";
+import parse from "date-fns/esm/fp/parse/index.js";


Set up basic structure

09e6c15

Copilot AI review requested due to automatic review settings February 15, 2026 08:29

manuthecoder requested a review from a team as a code owner February 15, 2026 08:29

manuthecoder marked this pull request as draft February 15, 2026 08:30

Copilot started reviewing on behalf of manuthecoder February 15, 2026 08:30 View session

Fix files

23d967f

This comment was marked as spam.

Sign in to view

manuthecoder added 3 commits February 15, 2026 18:52

Fix imports

62f6db2

github-code-quality Bot found potential problems Feb 18, 2026

View reviewed changes

Comment thread app/(app)/(events)/index.tsx Fixed

Comment thread app/(app)/(events)/index.tsx Fixed

Comment thread app/(app)/(events)/_layout.tsx Fixed

Comment thread app/(app)/(events)/index.tsx Fixed

manuthecoder added 4 commits February 18, 2026 01:22

please dont make me undo this i love this update

09002a7

this too

0b9b35b

github-code-quality Bot found potential problems Feb 19, 2026

View reviewed changes

Comment thread app/(app)/_layout.tsx Fixed

github-code-quality Bot found potential problems Feb 19, 2026

View reviewed changes

Comment thread app/(app)/(events)/index.tsx Fixed

Comment thread app/(app)/(events)/index.tsx Fixed

Comment thread app/(app)/receipts.tsx Fixed

Comment thread app/(app)/receipts.tsx Fixed

Remove legacy pages index and add receipts header

ffff58c

Add PageTitle as the ListHeaderComponent for Receipts and increase contentContainerStyle paddingTop to 62 to prevent header overlap

github-code-quality Bot found potential problems Feb 19, 2026

View reviewed changes

Comment thread app/(app)/receipts.tsx Fixed

manuthecoder added 4 commits February 19, 2026 11:20

Add card page

8236435

LintFix lint

53d4ae3

Update index.tsx

cf37fe3

Update index.tsx

a82dcca

github-code-quality Bot found potential problems Feb 19, 2026

View reviewed changes

Comment thread app/(app)/receipts.tsx Fixed

Comment thread app/(app)/receipts.tsx Fixed

Comment thread app/(app)/receipts.tsx Fixed

manuthecoder added 5 commits February 19, 2026 13:48

Add transaction page and update nav prop

5e0b8fd

Implement a detailed transaction viewer (sharing, comments, admin tools, type-specific renderers). Use NavigationProp for TransactionViewProps to align with expo-router and remove unused imports in receipts

Fix settings

68a5f61

added all other settings pages

f58855a

Fixing dark mode

d567996

Update [transactionId].tsx

66bb048

Mohamad-Mortada added 12 commits March 14, 2026 22:11

Add balance graph + moved account numbers to form sheet presentation

83f7265

make balance graph match web

4c6693b

fix bugs

a83bcbc

improve settings ui

8b9e16d

new mockup dashboard ui

386444d

add org cards page

7bdf622

add invite button functionality

6d47066

rework teams page

abf5133

Add check depositing

9bdd3ee

policy accessor revampC

2086c69

prettier

1d3742f

upgrade to expo sdk 56 && use expo ui

8f98e98

github-code-quality Bot found potential problems May 22, 2026

View reviewed changes

Comment thread app/(app)/(events)/index.tsx Fixed

Comment thread app/(app)/(events)/index.tsx Fixed

use v4 error messages instead of generic

623fd70

Mohamad-Mortada added 4 commits May 24, 2026 13:58

fix up file structure

2711b79

check deposit feature

b6eda95

improve performance of cards

13c7c39

add tags + ui changes + support ach and check transfers

118a365

github-advanced-security AI found potential problems Jun 5, 2026

View reviewed changes

Comment thread lib/tokenManager.ts

}

if (reason) {

console.error("[TokenManager] Forced logout", { reason });

github-code-quality Bot found potential problems Jun 5, 2026

View reviewed changes

Comment thread app/(app)/(events)/index.tsx Fixed

Comment thread app/(app)/(events)/index.tsx Fixed

Comment thread app/(app)/(events)/index.tsx Fixed

Mohamad-Mortada added 3 commits June 4, 2026 23:19

added share standard

47bddcf

reimbursements UI

208e948

migrating UI to web UI3 progress

35aca52

github-code-quality Bot found potential problems Jun 8, 2026

View reviewed changes

grant card sending + suborganizations + invoice sending

cb50490

github-code-quality Bot found potential problems Jun 9, 2026

View reviewed changes

Comment thread app/(app)/(events)/index.tsx Fixed

Comment thread app/(app)/(events)/index.tsx Fixed

invoices + suborganizations + more UI polishes + bug fixes

8e4205b

github-code-quality Bot found potential problems Jun 10, 2026

View reviewed changes

Conversation

manuthecoder commented Feb 15, 2026

Uh oh!

This comment was marked as spam.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

socket-security Bot commented May 22, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

socket-security Bot commented May 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

socket-security Bot commented May 22, 2026 •

edited

Loading

socket-security Bot commented May 24, 2026 •

edited

Loading