feat: add security data section in token details page

[sahar-fehri]

Description

Implements the Security & Trust feature on the Token Details page, based on the Token Security & Trust API to Design Mapping.

What changed:

• Added includeTokenSecurityData: true to getTrendingTokens and searchTokens API calls so security data is proactively fetched for trending and search flows
• Extended TokenDetailsRouteParams to carry securityData through navigation, avoiding redundant fetches for trending/search entry points
• Added useTokenSecurityData hook that returns prefetched data immediately or fetches on-demand (with 60s refresh) for other entry flows (e.g. wallet home, swaps)
• Added SecurityTrustEntryCard — a flat summary section on the Token Details page showing risk level, feature tags (Verified Contract, High Reputation, Listed on CEX, 0% Tax), and a timestamp
• Added SecurityTrustScreen — a full-page view navigated to from the entry card, with sections for: Security Score, Risk Factors, Contract Security, Honeypot Analysis, Buy/Sell Tax, Token Distribution, Liquidity, Audits & Reviews, Official Links, Token Info, On-chain Activity
• Registered SecurityTrust route in MainNavigator

Known gaps (blocked on API data — reason this is a draft):

• Top 100 holders percentage not returned by API (shown as N/A)
• Circulating supply not in API response (shown as N/A)
• 24h Transactions and Active Wallets not in API response (shown as N/A)
• Audits & Reviews section has no API backing yet (placeholder state)
• Slippage data not available

Changelog

CHANGELOG entry: Added Security & Trust section to Token Details page showing risk level, contract security features, buy/sell tax, token distribution, and official links powered by Blockaid.

Related issues

Fixes:

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[sahar-fehri]

To be removed

[codecov-commenter]

Codecov Report

❌ Patch coverage is 47.58621% with 152 lines in your changes missing coverage. Please review.
✅ Project coverage is 81.82%. Comparing base (2eacab6) to head (50ce71c).
⚠️ Report is 9 commits behind head on main.

Files with missing lines	Patch %	Lines
...nts/UI/SecurityTrust/Views/SecurityTrustScreen.tsx	4.05%	71 Missing ⚠️
...I/TokenDetails/components/AssetOverviewContent.tsx	31.03%	10 Missing and 10 partials ⚠️
...ents/UI/TokenDetails/hooks/useTokenSecurityData.ts	51.21%	15 Missing and 5 partials ⚠️
.../SecurityTrustEntryCard/SecurityTrustEntryCard.tsx	30.00%	4 Missing and 10 partials ⚠️
...kenDetails/components/SecurityBadgeBottomSheet.tsx	16.66%	10 Missing ⚠️
...kenDetails/components/TokenDetailsStickyFooter.tsx	64.00%	9 Missing ⚠️
.../components/UI/TokenDetails/Views/TokenDetails.tsx	50.00%	2 Missing and 3 partials ⚠️
...components/UI/SecurityTrust/utils/securityUtils.ts	97.40%	0 Missing and 2 partials ⚠️
app/components/Nav/Main/MainNavigator.js	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #27073      +/-   ##
==========================================
- Coverage   81.87%   81.82%   -0.05%     
==========================================
  Files        4691     4705      +14     
  Lines      122275   122880     +605     
  Branches    26947    27149     +202     
==========================================
+ Hits       100109   100549     +440     
- Misses      15221    15336     +115     
- Partials     6945     6995      +50     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeWalletPlatform
• Selected Performance tags: @PerformanceAssetLoading
• Risk Level: medium
• AI Confidence: 76%

click to see 🤖 AI reasoning details

E2E Test Selection:
The changes are concentrated in wallet UI layers related to Token Details, Asset Overview (Price component), Security & Trust screens, Trending token rows and hooks (useTrendingRequest, useSearchRequest, useRwaTokens), navigation routes, and analytics event definitions (MetaMetrics.events.ts). These areas directly impact the core wallet experience surfaced in the Wallet tab and Trending tab, including:

• Token details screen (AssetOverviewContent, TokenDetailsInlineHeader, StickyFooter, SecurityBadgeBottomSheet)
• Transactions list integration (app/components/UI/Transactions/index.js)
• Trending tab token rows and data fetching hooks
• Security/Trust informational UI tied to token display
• Analytics events related to wallet interactions

These are all covered under SmokeWalletPlatform, which validates:

• Trending discovery tab (including embedded Tokens/Perps/Predictions sections)
• Transaction history display
• Core wallet lifecycle and activity rendering
• Multi-SRP wallet architecture surface flows (not directly modified but same surface)

No controller, Engine, confirmation system, swap execution, network management, identity sync, or Snap-related files were modified. Therefore, SmokeConfirmations, SmokeTrade, SmokeNetworkAbstractions, SmokeNetworkExpansion, SmokeMultiChainAPI, SmokeAccounts, SmokeIdentity, SmokeCard, SmokePerps, SmokePredictions, SmokeRamps, and FlaskBuildTests are not strictly required based on the diff.

Given the UI-heavy but wallet-core nature of the changes, SmokeWalletPlatform provides sufficient regression coverage with minimal unnecessary scope.

Performance Test Selection:
Changes affect token price display, token details rendering, trending token lists, and related data-fetching hooks. These can impact asset list rendering time, balance/token display performance, and portfolio loading responsiveness. @PerformanceAssetLoading is appropriate to validate token list and balance rendering performance. No changes were made to onboarding, login, launch, swaps, predictions, or perps execution flows, so other performance suites are not required.

View GitHub Actions results

[github-actions]

✅ E2E Fixture Validation — Schema is up to date
16 value mismatches detected (expected — fixture represents an existing user).
View details

[sonarqubecloud]

Quality Gate failed

Failed conditions
68.5% Coverage on New Code (required ≥ 80%)
C Reliability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE