Feat/main seedless onboarding UI toprf

[ieow]

Description

Integration of New SRP UI Flow with Seedless Onboarding Controller and UI flow
#14998
#14889

It covers features or flow below:
New User Registration via OAuth
Existing User Login via OAuth

Password Change

Not yet cover
Password Sync
Multi-SRP Sync

Related issues

Fixes:

Manual testing steps

1. Go to this page...

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I’ve followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​jsonify@​0.0.1
	npm/​json-stable-stringify@​1.2.1
	npm/​compare-urls@​2.0.0
	npm/​@​toruslabs/​bs58@​1.0.0
	npm/​@​toruslabs/​fnd-base@​15.0.0
	npm/​@​toruslabs/​constants@​15.0.0
	npm/​prepend-http@​2.0.0
	npm/​normalize-url@​2.0.1
	npm/​sort-keys@​2.0.0
	npm/​dunder-proto@​1.0.1
	npm/​math-intrinsics@​1.1.0
	npm/​get-proto@​1.0.1
	npm/​loglevel@​1.9.1 ⏵ 1.9.2
	npm/​expo-linking@​5.0.2
	npm/​call-bind-apply-helpers@​1.0.2
	npm/​es-object-atoms@​1.0.0 ⏵ 1.1.1	+1		+4
	npm/​url@​0.11.0 ⏵ 0.11.3	+1		+1	+1
	npm/​@​sentry/​core@​9.12.0
	npm/​expo-crypto@​12.4.1
	npm/​expo-apple-authentication@​6.1.2
	npm/​call-bound@​1.0.4
	npm/​expo-web-browser@​12.3.2
	npm/​@​toruslabs/​fetch-node-details@​15.0.0
	npm/​@​toruslabs/​http-helpers@​8.1.1
	npm/​@​toruslabs/​eccrypto@​6.0.2
	npm/​expo-auth-session@​5.0.2
	npm/​react-native-google-acm@​0.1.0
	npm/​@​metamask/​auth-network-utils@​0.0.0
	npm/​@​metamask/​seedless-onboarding-controller@​0.0.0
	npm/​@​metamask/​toprf-secure-backup@​0.0.0

View full report

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action	Severity	Alert (click for details)
Block		npm/@sentry/[email protected] has Network access. Module: globalThis["fetch"] Location: Package overview Source: yarn.lock ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@sentry/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@toruslabs/[email protected] has Network access. Module: globalThis["fetch"] Location: Package overview Source: yarn.lock ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@toruslabs/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/@toruslabs/[email protected] has Network access. Module: globalThis["fetch"] Location: Package overview Source: yarn.lock ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@toruslabs/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/[email protected] has Network access. Module: globalThis["fetch"] Location: Package overview Source: package.json Source: yarn.lock ℹ Read more on: This package | This alert | What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/[email protected] has a New author. New Author: wschurman Previous Author: brentvatne Source: package.json Source: yarn.lock ℹ Read more on: This package | This alert | What is new author? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		npm/[email protected] has a New author. New Author: ljharb Previous Author: Source: yarn.lock ℹ Read more on: This package | This alert | What is new author? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report