Skip to content

Fund SDK Component #2726

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
jribbink wants to merge 9 commits into
base: master
Choose a base branch
from
Draft

Fund SDK Component #2726

jribbink wants to merge 9 commits into from

Conversation

@jribbink
Copy link
Contributor

@jribbink jribbink commented Dec 2, 2025

No description provided.

chasefleming and others added 2 commits November 26, 2025 16:31
@chasefleming
Setup Fund component (#2707)
dfe12d6 
* Setup Fund component

* Run prettier

---------

Co-authored-by: Chase Fleming <[email protected]>
@chasefleming
Add Tabs UI, setup tabs in Fund, and setup playground (#2712)
54e76f9 
* Setup Fund component

* Run prettier

* Create tabs

* Use tabs

* Add dark mode

* Add tabs to UI and put in playground

* Run prettier

---------

Co-authored-by: Chase Fleming <[email protected]>
@changeset-bot
Copy link

changeset-bot bot commented Dec 2, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 70a004f

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@onflow/fcl-bundle Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@vercel
Copy link

vercel bot commented Dec 2, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
react-sdk-demo Ready Ready Preview Comment Dec 9, 2025 1:58am

@github-actions
Copy link
Contributor

github-actions bot commented Dec 2, 2025
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 11 package(s) with unknown licenses.
  • ⚠️ 1 packages with OpenSSF Scorecard issues.
See the Details below.

License Issues

package-lock.json

PackageVersionLicenseIssue Type
packages/fcl1.20.6NullUnknown License
packages/fcl-core1.22.3NullUnknown License
packages/fcl-ethereum-provider0.0.13NullUnknown License
packages/fcl-rainbowkit-adapter0.2.9NullUnknown License
packages/fcl-react-native1.13.6NullUnknown License
packages/fcl-wagmi-adapter0.0.13NullUnknown License
packages/fcl-wc6.0.11NullUnknown License
packages/payments0.0.1NullUnknown License
packages/payments-provider-relay0.0.1NullUnknown License
packages/sdk1.12.0NullUnknown License
packages/transport-http1.15.0NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@rollup/plugin-json 6.1.0 🟢 3.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 3Found 6/20 approved changesets -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Security-Policy⚠️ 0security policy file not detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 7binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 021 existing vulnerabilities detected
npm/@types/qrcode 1.5.6 🟢 6.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 7Found 23/29 approved changesets -- score normalized to 7
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
License🟢 9license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
npm/iconv-lite 0.6.3 UnknownUnknown
npm/packages/fcl 1.20.6 UnknownUnknown
npm/packages/fcl-core 1.22.3 UnknownUnknown
npm/packages/fcl-ethereum-provider 0.0.13 UnknownUnknown
npm/packages/fcl-rainbowkit-adapter 0.2.9 UnknownUnknown
npm/packages/fcl-react-native 1.13.6 UnknownUnknown
npm/packages/fcl-wagmi-adapter 0.0.13 UnknownUnknown
npm/packages/fcl-wc 6.0.11 UnknownUnknown
npm/packages/payments 0.0.1 UnknownUnknown
npm/packages/payments-provider-relay 0.0.1 UnknownUnknown
npm/packages/sdk 1.12.0 UnknownUnknown
npm/packages/transport-http 1.15.0 UnknownUnknown
npm/safer-buffer 2.1.2 🟢 3.2
Details
CheckScoreReason
Pinned-Dependencies⚠️ -1no dependencies found
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Dangerous-Workflow⚠️ -1no workflows found
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ -1No tokens found
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@rollup/plugin-json ^6.1.0 🟢 3.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 3Found 6/20 approved changesets -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Security-Policy⚠️ 0security policy file not detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 7binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 021 existing vulnerabilities detected
npm/@babel/preset-typescript ^7.25.7 🟢 6.3
Details
CheckScoreReason
Code-Review🟢 8Found 26/30 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 2badge detected: InProgress
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 033 existing vulnerabilities detected
npm/@babel/runtime ^7.25.7 🟢 6.3
Details
CheckScoreReason
Code-Review🟢 8Found 26/30 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 2badge detected: InProgress
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 033 existing vulnerabilities detected
npm/@onflow/fcl-bundle 1.7.1 UnknownUnknown
npm/@onflow/fcl-core UnknownUnknown
npm/@types/jest ^29.5.13 🟢 6.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 7Found 23/29 approved changesets -- score normalized to 7
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
License🟢 9license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
npm/@typescript-eslint/eslint-plugin ^6.21.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 20/25 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 037 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/parser ^6.21.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 8Found 20/25 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities⚠️ 037 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/eslint ^8.57.1 🟢 6.6
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 6Found 18/26 approved changesets -- score normalized to 6
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Security-Policy🟢 10security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 10no binaries found in the repo
Signed-Releases⚠️ -1no releases found
Vulnerabilities🟢 100 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
npm/eslint-plugin-jsdoc ^46.10.1 🟢 4.7
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 0Found 0/14 approved changesets -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 9license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Packaging🟢 10packaging workflow detected
Vulnerabilities🟢 64 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/jest ^29.7.0 UnknownUnknown
npm/@types/qrcode ^1.5.6 🟢 6.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 7Found 23/29 approved changesets -- score normalized to 7
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
License🟢 9license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
npm/qrcode ^1.5.3 ⚠️ 2.1
Details
CheckScoreReason
Code-Review🟢 3Found 6/16 approved changesets -- score normalized to 3
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow⚠️ -1no workflows found
Token-Permissions⚠️ -1No tokens found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ -1no dependencies found
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Vulnerabilities⚠️ 035 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • package-lock.json
  • packages/fcl-bundle/package.json
  • packages/payments/package.json
  • packages/react-sdk/package.json

@jribbink jribbink changed the title Feature/fund Fund SDK Component Dec 2, 2025
@jribbink jribbink added the Epic label Dec 2, 2025
@chasefleming
Add Input component to system and Fund UI (#2727)
843beba 
* Add input component

* Run prettier

---------

Co-authored-by: Chase Fleming <[email protected]>
@chasefleming
Add listbox UI and use on Fund content (#2728)
961bcb9 
* Add listbox

* Fix build

* Add token listbox

* Add chain

* Run prettier

---------

Co-authored-by: Chase Fleming <[email protected]>
@chasefleming
Add crypto tab UI for Fund component (#2730)
a139b74 
* Change language

* Casing and language

* Placeholder

* Make qr code placeholder

* Change to tailwind

* Add tbd

* Add address component

* Run prettier

---------

Co-authored-by: Chase Fleming <[email protected]>
@jribbink
Create @onflow/payments Package & Base Crypto Integration Interfaces (
6caac67 
#2718)

* Create `@onflow/payments` Package with Relay.Link Deposit Address Integration

* refactor: split out Relay provider to separate PR

Core @onflow/payments package with:
- Types (FundingIntent, FundingSession, FundingProvider)
- Client with Cadence vault ID conversion
- Bridge service for Flow EVM Bridge queries
- Constants and utilities

Relay provider will be added in a stacked PR.

* Remove unnecessary try-catch blocks and test file from bridge-service

* feat(fcl-bundle): add .cdc and .json import support

* Update import usage

* cleanup

* cleanup

* fix error

* Update to @onflow/fcl-core

* Update packages/payments/jest-json-transform.js

Co-authored-by: Copilot <[email protected]>

* Update packages/payments/src/client.ts

Co-authored-by: Copilot <[email protected]>

* fix build

---------

Co-authored-by: Copilot <[email protected]>
@chasefleming
Replace QR Code placeholder with real one (#2731)
f8f1522 
* Add qr code lib

* Replace QR Code placeholder with real one

* Run prettier

---------

Co-authored-by: Chase Fleming <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Epic Feature

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jribbink @chasefleming