chore(runway): cherry-pick chore: pass cached security data from token list to token details cp-7.76.0

[runway-github]

• chore: pass cached security data from token list to token details cp-7.76.0 (chore: pass cached security data from token list to token details cp-7.76.0 #29603)

Description

When the token list security badges feature flag is enabled, read the
already-fetched security data from the TanStack Query
cache on item press and forward it via navigation params, eliminating
the on-demand fetch in TokenDetails.

Changelog

CHANGELOG entry: remove on demand api call to get security data when
passed from token list and FF is ON

Related issues

Fixes:

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor
  Docs and MetaMask Mobile
  Coding
  Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format
  if applicable
• I've applied the right labels on the PR (see labeling
  guidelines).
  Not required for external contributors.

Performance checks (if applicable)

• I've tested on Android
  • Ideally on a mid-range device; emulator is acceptable
• I've tested with a power user scenario
• Use these power-user
  SRPs
  to import wallets with many accounts and tokens
• I've instrumented key operations with Sentry traces for production
  performance metrics
• See trace() for usage and
  addToken
  for an example

For performance guidelines and tooling, see the Performance
Guide.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the
  app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described
  in the ticket it closes and includes the necessary testing evidence such
  as recordings and or screenshots.

---

Note

Medium Risk
Changes the token list tap navigation payload to optionally include
cached TokenSecurityData from TanStack Query, which could affect the
Asset Details screen’s behavior when the security-badges feature flag is
enabled. Risk is limited by feature-flag gating but still touches
navigation params and cache key usage.

Overview
When selectTokenListSecurityBadgesEnabled is on and a CAIP asset id
has been resolved, tapping a token in TokenListItem now reads
TokenSecurityData from the TanStack Query cache
(tokenListSecurityBadgeKeys.byAsset(caipId)) and forwards it to the
Asset route via securityData navigation params.

Adds/updates unit tests to mock useQueryClient + CAIP resolution and
assert securityData is included only when the flag is enabled and
cached data exists.

^{Reviewed by Cursor Bugbot for commit
224e470. Bugbot is set up for automated
code reviews on this repo. Configure
here.}

[6b9885e](https://github.com/MetaMask/metamask-mobile/commit/6b9885e6d44e03790c9dfda5962c7deec1a54364)

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeWalletPlatform
• Selected Performance tags: @PerformanceAssetLoading
• Risk Level: low
• AI Confidence: 82%

click to see 🤖 AI reasoning details

E2E Test Selection:
The changes are focused on TokenListItem.tsx and its test file. The modification adds useQueryClient to read cached security data from React Query cache and passes it as a navigation parameter when navigating to the Asset details screen. This is gated behind the selectTokenListSecurityBadgesEnabled feature flag.

Key observations:

1. No UI rendering changes: The visual appearance of the token list item is unchanged - only the navigation params are enriched with security data.
2. Feature-flag gated: The new behavior only activates when selectTokenListSecurityBadgesEnabled is true AND a CAIP asset ID is resolved.
3. Navigation impact: The onItemPress callback now passes securityData to the 'Asset' screen navigation params, which could affect the Asset details screen if it consumes this data.
4. TokenListItem is used in: TokenList.tsx → TokensSection.tsx (Homepage) → core wallet platform.

SmokeWalletPlatform is the most relevant tag as it covers core wallet platform features including token display and transaction history. The token list is a central component of the wallet home screen.

No other tags are needed because:

• This is not a confirmation/transaction flow change (SmokeConfirmations not needed)
• Not related to account management (SmokeAccounts not needed)
• Not related to network management (SmokeNetworkAbstractions not needed)
• Not related to swap/stake/money flows directly
• The change is purely additive (passing extra data in nav params) and feature-flag gated

Performance Test Selection:
The TokenListItem is a frequently rendered component in the wallet's token list. The change adds a queryClient.getQueryData call inside the onItemPress callback (not in the render path), so it doesn't directly impact rendering performance. However, since this component is part of the asset loading flow and the change touches the token list item interaction, @PerformanceAssetLoading is marginally relevant. That said, the change is in a press handler (not render), so performance impact is minimal. Including it as a precaution since the token list is a performance-sensitive area.

View GitHub Actions results

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[chloeYue]

LGTM