From 998ada396044764363b0583cdd574c4ce8128a2c Mon Sep 17 00:00:00 2001
From: Nate Weller <hello@nateweller.com>
Date: Fri, 11 Oct 2024 14:50:30 -0600
Subject: [PATCH] Add ThreatsDataView

Add support for list view in threats data table

Minor adjustments

Add badge component and integrate with threats data view

Update stories and align auto-fix column

Update ThreatDataView list view fixer status (#39854)

Add ThreatsDataView

changelog
---
 pnpm-lock.yaml                                |  28 ++
 .../components/threats-data-view/constants.ts |  17 +
 .../threats-data-view/fixer-status.tsx        | 156 ++++++
 .../threats-data-view/icon-tooltip.tsx        |  52 ++
 .../components/threats-data-view/index.tsx    | 446 ++++++++++++++++++
 .../stories/index.stories.tsx                 | 364 ++++++++++++++
 .../threats-data-view/styles.module.scss      | 122 +++++
 .../threats-data-view/test/index.test.tsx     |  34 ++
 .../components/threats-data-view/types.d.ts   |  93 ++++
 .../components/threats-data-view/utils.ts     |  76 +++
 .../scan/changelog/add-threat-types           |   4 +
 .../js-packages/scan/src/types/threat.d.ts    |  59 +++
 .../changelog/move-components-to-package      |   5 +
 projects/plugins/protect/tsconfig.json        |   2 +-
 14 files changed, 1457 insertions(+), 1 deletion(-)
 create mode 100644 projects/js-packages/components/components/threats-data-view/constants.ts
 create mode 100644 projects/js-packages/components/components/threats-data-view/fixer-status.tsx
 create mode 100644 projects/js-packages/components/components/threats-data-view/icon-tooltip.tsx
 create mode 100644 projects/js-packages/components/components/threats-data-view/index.tsx
 create mode 100644 projects/js-packages/components/components/threats-data-view/stories/index.stories.tsx
 create mode 100644 projects/js-packages/components/components/threats-data-view/styles.module.scss
 create mode 100644 projects/js-packages/components/components/threats-data-view/test/index.test.tsx
 create mode 100644 projects/js-packages/components/components/threats-data-view/types.d.ts
 create mode 100644 projects/js-packages/components/components/threats-data-view/utils.ts
 create mode 100644 projects/js-packages/scan/changelog/add-threat-types
 create mode 100644 projects/js-packages/scan/src/types/threat.d.ts
 create mode 100644 projects/plugins/protect/changelog/move-components-to-package

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 7d8e6b960550d..deb4ef0436cf1 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -7830,6 +7830,12 @@ packages:
     peerDependencies:
       react: ^18.0.0
 
+  '@wordpress/dataviews@4.4.4':
+    resolution: {integrity: sha512-b+2DTP8uPznxpnD0khRHDUeuj3U5Cy32amr3vwiN9xqV9hl51fzSe+ELAUTHrFKlMaQNkH/0c8cH81fU0JIeuw==}
+    engines: {node: '>=18.12.0', npm: '>=8.19.2'}
+    peerDependencies:
+      react: ^18.0.0
+
   '@wordpress/dataviews@4.5.0':
     resolution: {integrity: sha512-3vZN6jFR6gFDvuAitpS/0D80ByWYkhRfuTAAmzptq6rC9CkC4VNRbIJZbxMsKEt2qh44T7TVYVR6yVm2p+8+oQ==}
     engines: {node: '>=18.12.0', npm: '>=8.19.2'}
@@ -18780,6 +18786,28 @@ snapshots:
       rememo: 4.0.2
       use-memo-one: 1.1.3(react@18.3.1)
 
+  '@wordpress/dataviews@4.4.4(@types/react@18.3.3)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)':
+    dependencies:
+      '@ariakit/react': 0.4.12(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
+      '@babel/runtime': 7.24.7
+      '@wordpress/components': 28.9.0(@types/react@18.3.3)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
+      '@wordpress/compose': 7.9.0(react@18.3.1)
+      '@wordpress/data': 10.9.0(react@18.3.1)
+      '@wordpress/element': 6.9.0
+      '@wordpress/i18n': 5.9.0
+      '@wordpress/icons': 10.9.0(react@18.3.1)
+      '@wordpress/primitives': 4.9.0(react@18.3.1)
+      '@wordpress/private-apis': 1.9.0
+      '@wordpress/warning': 3.9.0
+      clsx: 2.1.1
+      react: 18.3.1
+      remove-accents: 0.5.0
+    transitivePeerDependencies:
+      - '@emotion/is-prop-valid'
+      - '@types/react'
+      - react-dom
+      - supports-color
+
   '@wordpress/dataviews@4.5.0(@types/react@18.3.3)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)':
     dependencies:
       '@ariakit/react': 0.4.12(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
diff --git a/projects/js-packages/components/components/threats-data-view/constants.ts b/projects/js-packages/components/components/threats-data-view/constants.ts
new file mode 100644
index 0000000000000..e9b2fea3e1db5
--- /dev/null
+++ b/projects/js-packages/components/components/threats-data-view/constants.ts
@@ -0,0 +1,17 @@
+import { __ } from '@wordpress/i18n';
+
+export const PAID_PLUGIN_SUPPORT_URL = 'https://jetpack.com/contact-support/?rel=support';
+
+export const THREAT_STATUSES = [
+	{ value: 'current', label: __( 'Active', 'jetpack' ) },
+	{ value: 'fixed', label: __( 'Fixed', 'jetpack' ) },
+	{ value: 'ignored', label: __( 'Ignored', 'jetpack' ) },
+];
+
+export const THREAT_TYPES = [
+	{ value: 'plugin', label: __( 'Plugin', 'jetpack' ) },
+	{ value: 'theme', label: __( 'Theme', 'jetpack' ) },
+	{ value: 'core', label: __( 'WordPress', 'jetpack' ) },
+	{ value: 'file', label: __( 'File', 'jetpack' ) },
+	{ value: 'database', label: __( 'Database', 'jetpack' ) },
+];
diff --git a/projects/js-packages/components/components/threats-data-view/fixer-status.tsx b/projects/js-packages/components/components/threats-data-view/fixer-status.tsx
new file mode 100644
index 0000000000000..89c68bc56b4cf
--- /dev/null
+++ b/projects/js-packages/components/components/threats-data-view/fixer-status.tsx
@@ -0,0 +1,156 @@
+import { ExternalLink, Spinner } from '@wordpress/components';
+import { View } from '@wordpress/dataviews';
+import { createInterpolateElement } from '@wordpress/element';
+import { __ } from '@wordpress/i18n';
+import { Icon } from '@wordpress/icons';
+import { check, info } from '@wordpress/icons';
+import { PAID_PLUGIN_SUPPORT_URL } from './constants';
+import IconTooltip from './icon-tooltip';
+import styles from './styles.module.scss';
+import { ThreatFixStatus } from './types';
+import { fixerStatusIsStale } from './utils';
+
+/**
+ * Fixer Status component.
+ *
+ * @param {object}  props       - Component props.
+ * @param {boolean} props.fixer - The fixer status.
+ * @param {number}  props.size  - The size of the icon.
+ *
+ * @return {JSX.Element} The component.
+ */
+export default function FixerStatusIcon( {
+	fixer,
+	size = 24,
+}: {
+	fixer?: ThreatFixStatus;
+	size?: number;
+} ): JSX.Element {
+	if ( fixer && fixerStatusIsStale( fixer ) ) {
+		return (
+			<IconTooltip
+				icon={ info }
+				iconClassName={ styles[ 'icon-info' ] }
+				iconSize={ size }
+				text={ createInterpolateElement(
+					__(
+						'The fixer is taking longer than expected. Please try again or <supportLink>contact support</supportLink>.',
+						'jetpack'
+					),
+					{
+						supportLink: (
+							<ExternalLink
+								className={ styles[ 'support-link' ] }
+								href={ PAID_PLUGIN_SUPPORT_URL }
+							/>
+						),
+					}
+				) }
+			/>
+		);
+	}
+
+	if ( fixer && 'error' in fixer && fixer.error ) {
+		return (
+			<IconTooltip
+				icon={ info }
+				iconClassName={ styles[ 'icon-info' ] }
+				iconSize={ 24 }
+				text={ createInterpolateElement(
+					__(
+						'An error occurred auto-fixing this threat. Please try again or <supportLink>contact support</supportLink>.',
+						'jetpack'
+					),
+					{
+						supportLink: (
+							<ExternalLink
+								className={ styles[ 'support-link' ] }
+								href={ PAID_PLUGIN_SUPPORT_URL }
+							/>
+						),
+					}
+				) }
+			/>
+		);
+	}
+
+	if ( fixer && 'status' in fixer && fixer.status === 'in_progress' ) {
+		return (
+			<div className={ styles[ 'icon-spinner' ] }>
+				<Spinner color="black" />
+			</div>
+		);
+	}
+
+	return <Icon icon={ check } className={ styles[ 'icon-check' ] } size={ 28 } />;
+}
+
+/**
+ * FixerStatusText component.
+ * @param {object}  props       - Component props.
+ * @param {boolean} props.fixer - The fixer status.
+ * @return {string} The component.
+ */
+function FixerStatusText( { fixer }: { fixer?: ThreatFixStatus } ): JSX.Element {
+	if ( fixer && fixerStatusIsStale( fixer ) ) {
+		return (
+			<span className={ styles[ 'info-spacer' ] }>
+				{ __( 'Fixer is taking longer than expected', 'jetpack' ) }
+			</span>
+		);
+	}
+
+	if ( fixer && 'error' in fixer && fixer.error ) {
+		return (
+			<span className={ styles[ 'info-spacer' ] }>
+				{ __( 'An error occurred auto-fixing this threat', 'jetpack' ) }
+			</span>
+		);
+	}
+
+	if ( fixer && 'status' in fixer && fixer.status === 'in_progress' ) {
+		return <span className={ styles[ 'spinner-spacer' ] }>{ __( 'Auto-fixing', 'jetpack' ) }</span>;
+	}
+
+	return <span className={ styles[ 'check-spacer' ] }>{ __( 'Auto-fixable', 'jetpack' ) }</span>;
+}
+
+/**
+ * FixerStatusBadge component.
+ * @param {object}  props       - Component props.
+ * @param {boolean} props.fixer - The fixer status.
+ * @return {string} The component.
+ */
+export function FixerStatusBadge( { fixer }: { fixer?: ThreatFixStatus } ): JSX.Element {
+	return (
+		<div className={ styles[ 'fixer-status' ] }>
+			<FixerStatusIcon fixer={ fixer } />
+			<FixerStatusText fixer={ fixer } />
+		</div>
+	);
+}
+
+/**
+ * DataViewFixerStatus component.
+ * @param {object}  props       - Component props.
+ * @param {boolean} props.fixer - The fixer status.
+ * @param {object}  props.view  - The view.
+ * @return {string} The component.
+ */
+export function DataViewFixerStatus( {
+	fixer,
+	view,
+}: {
+	fixer?: ThreatFixStatus;
+	view: View;
+} ): JSX.Element {
+	if ( view.type === 'table' ) {
+		return (
+			<div className={ styles.threat__fixer }>
+				<FixerStatusIcon fixer={ fixer } />
+			</div>
+		);
+	}
+
+	return <FixerStatusBadge fixer={ fixer } />;
+}
diff --git a/projects/js-packages/components/components/threats-data-view/icon-tooltip.tsx b/projects/js-packages/components/components/threats-data-view/icon-tooltip.tsx
new file mode 100644
index 0000000000000..32699631c9807
--- /dev/null
+++ b/projects/js-packages/components/components/threats-data-view/icon-tooltip.tsx
@@ -0,0 +1,52 @@
+import { Text } from '@automattic/jetpack-components';
+import { Popover } from '@wordpress/components';
+import { Icon } from '@wordpress/icons';
+import React, { useCallback, useState } from 'react';
+import styles from './styles.module.scss';
+
+const IconTooltip = ( { icon, iconClassName, iconSize, popoverPosition = 'top', text } ) => {
+	const [ showPopover, setShowPopover ] = useState( false );
+	const [ timeoutId, setTimeoutId ] = useState( null );
+
+	const handleEnter = useCallback( () => {
+		// Clear any existing timeout if user hovers back quickly
+		if ( timeoutId ) {
+			clearTimeout( timeoutId );
+			setTimeoutId( null );
+		}
+		setShowPopover( true );
+	}, [ timeoutId ] );
+
+	const handleOut = useCallback( () => {
+		// Set a timeout to delay the hiding of the popover
+		const id = setTimeout( () => {
+			setShowPopover( false );
+			setTimeoutId( null ); // Clear the timeout ID after the popover is hidden
+		}, 100 );
+
+		setTimeoutId( id );
+	}, [] );
+
+	return (
+		<div
+			className={ styles[ 'icon-popover' ] }
+			onMouseLeave={ handleOut }
+			onMouseEnter={ handleEnter }
+			onClick={ handleEnter }
+			onFocus={ handleEnter }
+			onBlur={ handleOut }
+			role="presentation"
+		>
+			<Icon className={ iconClassName } icon={ icon } size={ iconSize } />
+			{ showPopover && (
+				<Popover noArrow={ false } offset={ 5 } inline={ true } position={ popoverPosition }>
+					<Text className={ styles[ 'popover-text' ] } variant={ 'body-small' }>
+						{ text }
+					</Text>
+				</Popover>
+			) }
+		</div>
+	);
+};
+
+export default IconTooltip;
diff --git a/projects/js-packages/components/components/threats-data-view/index.tsx b/projects/js-packages/components/components/threats-data-view/index.tsx
new file mode 100644
index 0000000000000..2377e7a3a12cd
--- /dev/null
+++ b/projects/js-packages/components/components/threats-data-view/index.tsx
@@ -0,0 +1,446 @@
+import { Icon } from '@wordpress/components';
+import {
+	Action,
+	DataViews,
+	Field,
+	Filter,
+	filterSortAndPaginate,
+	SortDirection,
+	SupportedLayouts,
+	type View,
+} from '@wordpress/dataviews';
+import { __, _x } from '@wordpress/i18n';
+import { useCallback, useMemo, useState } from 'react';
+import Badge from '../badge';
+import { THREAT_STATUSES, THREAT_TYPES } from './constants';
+import { DataViewFixerStatus } from './fixer-status';
+import styles from './styles.module.scss';
+import { DataViewThreat, ThreatsDataViewActionCallback } from './types';
+import { getThreatIcon, getThreatSubtitle, getThreatType } from './utils';
+
+/**
+ * DataView component for displaying security threats.
+ *
+ * @param {object}   props                             - Component props.
+ * @param {Array}    props.data                        - Threats data.
+ * @param {Array}    props.filters                     - Initial DataView filters.
+ * @param {Function} props.onChangeSelection           - Callback function run when an item is selected.
+ * @param {Function} props.onFixThreat                 - Threat fix action callback.
+ * @param {Function} props.onIgnoreThreat              - Threat ignore action callback.
+ * @param {Function} props.onUnignoreThreat            - Threat unignore action callback.
+ * @param {Function} props.isThreatEligibleForFix      - Function to determine if a threat is eligible for fixing.
+ * @param {Function} props.isThreatEligibleForIgnore   - Function to determine if a threat is eligible for ignoring.
+ * @param {Function} props.isThreatEligibleForUnignore - Function to determine if a threat is eligible for unignoring.
+ * @return {JSX.Element} The component.
+ */
+export default function ThreatsDataView( {
+	data,
+	filters,
+	onChangeSelection,
+	isThreatEligibleForFix,
+	isThreatEligibleForIgnore,
+	isThreatEligibleForUnignore,
+	onFixThreat,
+	onIgnoreThreat,
+	onUnignoreThreat,
+}: {
+	data: DataViewThreat[];
+	filters?: Filter[];
+	onChangeSelection?: ( selectedItemIds: string[] ) => void;
+	isThreatEligibleForFix?: ( threat: DataViewThreat ) => boolean;
+	isThreatEligibleForIgnore?: ( threat: DataViewThreat ) => boolean;
+	isThreatEligibleForUnignore?: ( threat: DataViewThreat ) => boolean;
+	onFixThreat?: ThreatsDataViewActionCallback;
+	onIgnoreThreat?: ThreatsDataViewActionCallback;
+	onUnignoreThreat?: ThreatsDataViewActionCallback;
+} ): JSX.Element {
+	const baseView = {
+		sort: {
+			field: 'severity',
+			direction: 'desc' as SortDirection,
+		},
+		search: '',
+		filters: filters || [],
+		page: 1,
+		perPage: 25,
+	};
+
+	/**
+	 * DataView default layouts.
+	 *
+	 * This property provides layout information about the view types that are active. If empty, enables all layout types (see “Layout Types”) with empty layout data.
+	 *
+	 * @see https://developer.wordpress.org/block-editor/reference-guides/packages/packages-dataviews/#defaultlayouts-record-string-view
+	 */
+	const defaultLayouts: SupportedLayouts = {
+		table: {
+			...baseView,
+			fields: [ 'severity', 'threat', 'auto-fix' ],
+			layout: {
+				primaryField: 'severity',
+				combinedFields: [
+					{
+						id: 'threat',
+						label: __( 'Threat', 'jetpack' ),
+						children: [ 'subtitle', 'title', 'description' ],
+						direction: 'vertical',
+					},
+				],
+			},
+		},
+		list: {
+			...baseView,
+			fields: [ 'severity', 'subtitle', 'signature', 'auto-fix' ],
+			layout: {
+				primaryField: 'title',
+				mediaField: 'icon',
+			},
+		},
+	};
+
+	/**
+	 * DataView view object - configures how the dataset is visible to the user.
+	 *
+	 * @see https://developer.wordpress.org/block-editor/reference-guides/packages/packages-dataviews/#view-object
+	 */
+	const [ view, setView ] = useState< View >( {
+		type: 'table',
+		...defaultLayouts.table,
+	} );
+
+	/**
+	 * Compute values based on the threats data.
+	 *
+	 * @member {object} extensions - List of unique threat extensions.
+	 * @member {object} signatures - List of unique threat signatures.
+	 * @member {Array}  dataFields - List of unique fields.
+	 */
+	const { extensions, signatures, dataFields } = useMemo( () => {
+		return data.reduce(
+			( acc, threat ) => {
+				// Extensions
+				if ( threat?.extension ) {
+					if ( ! acc.extensions.find( ( { value } ) => value === threat.extension.slug ) ) {
+						acc.extensions.push( { value: threat.extension.slug, label: threat.extension.name } );
+					}
+				}
+
+				// Signatures
+				if ( threat?.signature ) {
+					if ( ! acc.signatures.find( ( { value } ) => value === threat.signature ) ) {
+						acc.signatures.push( { value: threat.signature, label: threat.signature } );
+					}
+				}
+
+				// Fields
+				const fields = Object.keys( threat );
+				fields.forEach( field => {
+					if (
+						! acc.dataFields.includes( field ) &&
+						threat[ field ] !== null &&
+						threat[ field ] !== undefined
+					) {
+						acc.dataFields.push( field );
+					}
+				} );
+
+				return acc;
+			},
+			{
+				extensions: [] as { value: string; label: string }[],
+				signatures: [] as { value: string; label: string }[],
+				dataFields: [] as string[],
+			}
+		);
+	}, [ data ] );
+
+	/**
+	 * DataView fields - describes the visible items for each record in the dataset.
+	 *
+	 * @see https://developer.wordpress.org/block-editor/reference-guides/packages/packages-dataviews/#fields-object
+	 */
+	const fields = useMemo( () => {
+		const result: Field< DataViewThreat >[] = [
+			{
+				id: 'title',
+				label: __( 'Title', 'jetpack' ),
+				enableGlobalSearch: true,
+				enableHiding: false,
+				render( { item }: { item: DataViewThreat } ) {
+					if ( view.type === 'list' ) {
+						return item.title;
+					}
+					return <span className={ styles.threat__title }>{ item.title }</span>;
+				},
+			},
+			{
+				id: 'description',
+				label: __( 'Description', 'jetpack' ),
+				enableGlobalSearch: true,
+				enableHiding: false,
+				render( { item }: { item: DataViewThreat } ) {
+					return <span className={ styles.threat__description }>{ item.description }</span>;
+				},
+			},
+			{
+				id: 'icon',
+				label: __( 'Icon', 'jetpack' ),
+				getValue( { item }: { item: DataViewThreat } ) {
+					return getThreatType( item );
+				},
+				render( { item }: { item: DataViewThreat } ) {
+					return (
+						<div className={ styles.media }>
+							<Icon icon={ getThreatIcon( item ) } size={ 20 } />
+						</div>
+					);
+				},
+				enableHiding: false,
+			},
+			{
+				id: 'status',
+				label: __( 'Status', 'jetpack' ),
+				elements: THREAT_STATUSES,
+				getValue( { item }: { item: DataViewThreat } ) {
+					if ( ! item.status ) {
+						return 'current';
+					}
+					return (
+						THREAT_STATUSES.find( ( { value } ) => value === item.status )?.value ?? item.status
+					);
+				},
+			},
+			{
+				id: 'extension',
+				label: __( 'Extension', 'jetpack' ),
+				enableGlobalSearch: true,
+				elements: extensions,
+				getValue( { item }: { item: DataViewThreat } ) {
+					return item.extension ? item.extension.slug : '';
+				},
+			},
+			{
+				id: 'type',
+				label: __( 'Category', 'jetpack' ),
+				elements: THREAT_TYPES,
+				getValue( { item }: { item: DataViewThreat } ) {
+					if ( 'signature' in item && item.signature === 'Vulnerable.WP.Core' ) {
+						return 'core';
+					}
+					if ( 'extension' in item && item.extension ) {
+						return item.extension.type;
+					}
+					if ( 'filename' in item && item.filename ) {
+						return 'file';
+					}
+					if ( 'table' in item && item.table ) {
+						return 'database';
+					}
+
+					return 'uncategorized';
+				},
+			},
+			{
+				id: 'subtitle',
+				label: __( 'Affected Item', 'jetpack' ),
+				getValue( { item }: { item: DataViewThreat } ) {
+					return getThreatSubtitle( item );
+				},
+				render( { item }: { item: DataViewThreat } ) {
+					if ( view.type === 'table' ) {
+						return (
+							<div className={ styles.threat__subtitle }>
+								<Icon icon={ getThreatIcon( item ) } size={ 20 } />
+								{ getThreatSubtitle( item ) }
+							</div>
+						);
+					}
+
+					return getThreatSubtitle( item );
+				},
+			},
+			...( dataFields.includes( 'signature' )
+				? [
+						{
+							id: 'signature',
+							label: __( 'Signature', 'jetpack' ),
+							elements: signatures,
+							enableGlobalSearch: true,
+							getValue( { item }: { item: DataViewThreat } ) {
+								return item.signature || '';
+							},
+						},
+				  ]
+				: [] ),
+			...( dataFields.includes( 'severity' )
+				? [
+						{
+							id: 'severity',
+							label: __( 'Severity', 'jetpack' ),
+							getValue( { item }: { item: DataViewThreat } ) {
+								return item.severity ?? 0;
+							},
+							render( { item }: { item: DataViewThreat } ) {
+								let text = _x( 'Low', 'Severity label for issues rated below 3.', 'jetpack' );
+								let variant: 'danger' | 'warning' | undefined;
+
+								if ( item.severity >= 5 ) {
+									text = _x(
+										'Critical',
+										'Severity label for issues rated 5 or higher.',
+										'jetpack'
+									);
+									variant = 'danger';
+								} else if ( item.severity >= 3 && item.severity < 5 ) {
+									text = _x(
+										'High',
+										'Severity label for issues rated between 3 and 5.',
+										'jetpack'
+									);
+									variant = 'warning';
+								}
+
+								return <Badge variant={ variant }>{ text }</Badge>;
+							},
+						},
+				  ]
+				: [] ),
+			...( dataFields.includes( 'fixable' )
+				? [
+						{
+							id: 'auto-fix',
+							label: __( 'Auto-fix', 'jetpack' ),
+							enableHiding: false,
+							getValue( { item }: { item: DataViewThreat } ) {
+								return item.fixable ? 'Yes' : '';
+							},
+							render( { item }: { item: DataViewThreat } ) {
+								return item.fixable ? (
+									<DataViewFixerStatus fixer={ item.fixer } view={ view } />
+								) : null;
+							},
+						},
+				  ]
+				: [] ),
+		];
+
+		return result;
+	}, [ extensions, signatures, dataFields, view ] );
+
+	/**
+	 * DataView actions - collection of operations that can be performed upon each record.
+	 *
+	 * @see https://developer.wordpress.org/block-editor/reference-guides/packages/packages-dataviews/#actions-object
+	 */
+	const actions = useMemo( () => {
+		const result: Action< DataViewThreat >[] = [];
+
+		if ( dataFields.includes( 'fixable' ) ) {
+			result.push( {
+				id: 'fix',
+				label: __( 'Auto-Fix', 'jetpack' ),
+				isPrimary: true,
+				callback: onFixThreat,
+				isEligible( item ) {
+					if ( ! onFixThreat ) {
+						return false;
+					}
+					if ( isThreatEligibleForFix ) {
+						return isThreatEligibleForFix( item );
+					}
+					return !! item.fixable;
+				},
+				icon: 'check',
+			} );
+		}
+
+		if ( dataFields.includes( 'status' ) ) {
+			result.push( {
+				id: 'ignore',
+				label: __( 'Ignore', 'jetpack' ),
+				isPrimary: true,
+				isDestructive: true,
+				callback: onIgnoreThreat,
+				isEligible( item ) {
+					if ( ! onIgnoreThreat ) {
+						return false;
+					}
+					if ( isThreatEligibleForIgnore ) {
+						return isThreatEligibleForIgnore( item );
+					}
+					return item.status === 'current';
+				},
+				icon: 'unseen',
+			} );
+		}
+
+		if ( dataFields.includes( 'status' ) ) {
+			result.push( {
+				id: 'un-ignore',
+				label: __( 'Unignore', 'jetpack' ),
+				isPrimary: true,
+				isDestructive: true,
+				callback: onUnignoreThreat,
+				isEligible( item ) {
+					if ( ! onUnignoreThreat ) {
+						return false;
+					}
+					if ( isThreatEligibleForUnignore ) {
+						return isThreatEligibleForUnignore( item );
+					}
+					return item.status === 'ignored';
+				},
+				icon: 'seen',
+			} );
+		}
+
+		return result;
+	}, [
+		dataFields,
+		onFixThreat,
+		onIgnoreThreat,
+		onUnignoreThreat,
+		isThreatEligibleForFix,
+		isThreatEligibleForIgnore,
+		isThreatEligibleForUnignore,
+	] );
+
+	/**
+	 * Apply the view settings (i.e. filters, sorting, pagination) to the dataset.
+	 *
+	 * @see https://github.com/WordPress/gutenberg/blob/trunk/packages/dataviews/src/filter-and-sort-data-view.ts
+	 */
+	const { data: processedData, paginationInfo } = useMemo( () => {
+		return filterSortAndPaginate( data, view, fields );
+	}, [ data, view, fields ] );
+
+	/**
+	 * Callback function to update the view state.
+	 *
+	 * @see https://developer.wordpress.org/block-editor/reference-guides/packages/packages-dataviews/#onchangeview-function
+	 */
+	const onChangeView = useCallback( ( newView: View ) => {
+		setView( newView );
+	}, [] );
+
+	/**
+	 * DataView getItemId function - returns the unique ID for each record in the dataset.
+	 *
+	 * @see https://developer.wordpress.org/block-editor/reference-guides/packages/packages-dataviews/#getitemid-function
+	 */
+	const getItemId = useCallback( ( item: DataViewThreat ) => item.id.toString(), [] );
+
+	return (
+		<DataViews
+			actions={ actions }
+			data={ processedData }
+			defaultLayouts={ defaultLayouts }
+			fields={ fields }
+			getItemId={ getItemId }
+			onChangeSelection={ onChangeSelection }
+			onChangeView={ onChangeView }
+			paginationInfo={ paginationInfo }
+			view={ view }
+		/>
+	);
+}
diff --git a/projects/js-packages/components/components/threats-data-view/stories/index.stories.tsx b/projects/js-packages/components/components/threats-data-view/stories/index.stories.tsx
new file mode 100644
index 0000000000000..676debe4cf6c8
--- /dev/null
+++ b/projects/js-packages/components/components/threats-data-view/stories/index.stories.tsx
@@ -0,0 +1,364 @@
+import ThreatsDataView from '..';
+
+export default {
+	title: 'JS Packages/Components/Threats Data View',
+	component: ThreatsDataView,
+	parameters: {
+		backgrounds: {
+			default: 'light',
+			values: [ { name: 'light', value: 'white' } ],
+		},
+	},
+	decorators: [
+		Story => (
+			<div style={ { maxWidth: '100%', backgroundColor: 'white' } }>
+				<Story />
+			</div>
+		),
+	],
+};
+
+export const Default = args => <ThreatsDataView { ...args } />;
+Default.args = {
+	data: [
+		{
+			id: 185869885,
+			signature: 'EICAR_AV_Test',
+			title: 'Malicious code found in file: index.php',
+			description:
+				"This is the standard EICAR antivirus test code, and not a real infection. If your site contains this code when you don't expect it to, contact Jetpack support for some help.",
+			firstDetected: '2024-10-07T20:45:06.000Z',
+			fixedIn: null,
+			fixedOn: null,
+			severity: 8,
+			fixable: { fixer: 'rollback', target: 'January 26, 2024, 6:49 am', extensionStatus: '' },
+			fixer: { status: 'in_progress', last_updated: new Date().toISOString() },
+			status: 'current',
+			filename: '/var/www/html/wp-content/index.php',
+			context: {
+				'1': 'echo <<<HTML',
+				'2': 'X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*',
+				'3': 'HTML;',
+				marks: {},
+			},
+			source: null,
+		},
+		{
+			id: 185869883,
+			signature: 'Suspicious.Files',
+			title: 'Malicious code found in file: fuzzy.php',
+			description:
+				'Our security scanners detected that this file is identical to a previously identified malicious file',
+			firstDetected: '2024-10-07T20:45:06.000Z',
+			fixedIn: null,
+			fixedOn: null,
+			severity: 4,
+			fixable: false,
+			status: 'ignored',
+			filename: '/var/www/html/wp-content/fuzzy.php',
+			context: '',
+			source: null,
+		},
+		{
+			id: 185868972,
+			signature: 'EICAR_AV_Test_Suspicious',
+			title: 'Malicious code found in file: jptt_eicar.php',
+			description:
+				"This is the standard EICAR antivirus test code, and not a real infection. If your site contains this code when you don't expect it to, contact Jetpack support for some help.",
+			firstDetected: '2024-10-07T20:40:15.000Z',
+			fixedIn: null,
+			fixedOn: null,
+			severity: 1,
+			fixable: false,
+			status: 'current',
+			filename: '/var/www/html/wp-content/uploads/jptt_eicar.php',
+			context: {
+				'6': 'echo <<<HTML',
+				'7': 'X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-SUSPICIOUS-ANTIVIRUS-TEST-FILE!$H+H*',
+				'8': 'HTML;',
+				'9': 'echo <<<HTML',
+				'10': 'X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-SUSPICIOUS-ANTIVIRUS-TEST-FILE!$H+H*',
+				'11': 'HTML;',
+				marks: {},
+			},
+			source: null,
+		},
+		{
+			id: 184847701,
+			signature: 'Vulnerable.WP.Extension',
+			title: 'Vulnerable Plugin: WP Super Cache (version 1.6.3)',
+			description:
+				'The plugin WP Super Cache (version 1.6.3) has a known vulnerability. The WP Super Cache plugin before version 1.7.2 is vulnerable to an authenticated RCE in the settings page.',
+			firstDetected: '2024-10-02T17:34:59.000Z',
+			fixedIn: '1.12.4',
+			fixedOn: null,
+			severity: 3,
+			fixable: { fixer: 'update', target: '1.12.4', extensionStatus: 'inactive' },
+			status: 'current',
+			filename: null,
+			context: null,
+			source: 'https://wpscan.com/vulnerability/733d8a02-0d44-4b78-bbb2-37e447acd2f3',
+			extension: {
+				name: 'WP Super Cache',
+				slug: 'wp-super-cache',
+				version: '1.6.3',
+				type: 'plugin',
+			},
+		},
+		{
+			id: 185868945,
+			signature: 'Core.File.Modification',
+			title: 'Compromised WordPress core file: index.php',
+			description:
+				'Core WordPress files are not normally changed. If you did not make these changes you should review the code.',
+			firstDetected: '2024-10-07T20:40:05.000Z',
+			severity: 4,
+			status: 'current',
+			fixable: {
+				fixer: 'replace',
+				file: '/var/www/html/wp-admin/index.php',
+				extensionStatus: '',
+			},
+			fixer: {
+				status: 'in_progress',
+				last_updated: new Date( '1999-09-09T19:19:19.000Z' ).toISOString(),
+			},
+			filename: '/var/www/html/wp-admin/index.php',
+			diff: "--- /tmp/wordpress/6.6.2/wordpress/wp-admin/index.php\t2024-10-07 20:40:04.887546480 +0000\n+++ /var/www/html/wp-admin/index.php\t2024-10-07 20:39:58.775512965 +0000\n@@ -210,3 +210,4 @@\n wp_print_community_events_templates();\n \n require_once ABSPATH . 'wp-admin/admin-footer.php';\n+if ( true === false ) exit();\n\\ No newline at end of file\n",
+		},
+		{
+			id: 13216959,
+			signature: 'Vulnerable.WP.Core',
+			title: 'Vulnerable WordPress Version (6.4.3)',
+			description: 'The installed version of WordPress (6.4.3) has a known vulnerability. ',
+			firstDetected: '2024-07-15T21:56:50.000Z',
+			severity: 4,
+			fixer: null,
+			fixedOn: '2024-07-15T22:01:42.000Z',
+			status: 'fixed',
+			fixable: false,
+			version: '6.4.3',
+			source: '',
+		},
+		{
+			id: '7275a176-d579-471a-8492-df8edbdf27de',
+			signature: null,
+			title: 'WooCommerce <= 3.4.5 - Authenticated Stored XSS',
+			description:
+				'The WooCommerce WordPress plugin was affected by an Authenticated Stored XSS security vulnerability.',
+			firstDetected: null,
+			fixedIn: '3.4.6',
+			fixedOn: null,
+			severity: null,
+			fixable: null,
+			status: null,
+			filename: null,
+			context: null,
+			source: 'https://wpscan.com/vulnerability/7275a176-d579-471a-8492-df8edbdf27de',
+			extension: {
+				name: 'WooCommerce',
+				slug: 'woocommerce',
+				version: '3.4.5',
+				type: 'plugin',
+			},
+		},
+	],
+	filters: [
+		{
+			field: 'status',
+			operator: 'is',
+			value: 'current',
+		},
+	],
+	onFixThreat: () =>
+		alert( 'Threat fix action callback triggered! This is handled by the component consumer.' ), // eslint-disable-line no-alert
+	onIgnoreThreat: () =>
+		alert( 'Ignore threat action callback triggered! This is handled by the component consumer.' ), // eslint-disable-line no-alert
+	onUnignoreThreat: () =>
+		// eslint-disable-next-line no-alert
+		alert(
+			'Unignore threat action callback triggered! This is handled by the component consumer.'
+		),
+};
+
+export const FixerStatuses = args => <ThreatsDataView { ...args } />;
+FixerStatuses.args = {
+	data: [
+		{
+			id: 13216959,
+			signature: 'Vulnerable.WP.Core',
+			title: 'Vulnerable WordPress Version (6.4.3)',
+			description: 'This threat has an auto-fixer available. ',
+			firstDetected: '2024-07-15T21:56:50.000Z',
+			severity: 4,
+			fixer: null,
+			fixedOn: '2024-07-15T22:01:42.000Z',
+			status: 'fixed',
+			fixable: { fixer: 'update', target: '6.4.4', extensionStatus: 'inactive' },
+			version: '6.4.3',
+			source: '',
+		},
+		{
+			id: 12345678910,
+			signature: 'Vulnerable.WP.Extension',
+			title: 'Vulnerable Plugin: Example Plugin (version 1.2.3)',
+			description: 'This threat has an in-progress auto-fixer.',
+			firstDetected: '2024-10-02T17:34:59.000Z',
+			fixedIn: '1.2.4',
+			fixedOn: null,
+			severity: 3,
+			fixable: { fixer: 'update', target: '1.12.4', extensionStatus: 'inactive' },
+			fixer: { status: 'in_progress', last_updated: new Date().toISOString() },
+			status: 'current',
+			filename: null,
+			context: null,
+			source: 'https://wpscan.com/vulnerability/733d8a02-0d44-4b78-bbb2-37e447acd2f3',
+			extension: {
+				name: 'Example Plugin',
+				slug: 'example-plugin',
+				version: '1.2.3',
+				type: 'plugin',
+			},
+		},
+		{
+			id: 12345678911,
+			signature: 'Vulnerable.WP.Extension',
+			title: 'Vulnerable Theme: Example Theme (version 2.2.2)',
+			description: 'This threat has an in-progress auto-fixer that is taking too long.',
+			firstDetected: '2024-10-02T17:34:59.000Z',
+			fixedIn: '2.22.22',
+			fixedOn: null,
+			severity: 3,
+			fixable: { fixer: 'update', target: '1.12.4', extensionStatus: 'inactive' },
+			fixer: { status: 'in_progress', last_updated: new Date( '1999-01-01' ).toISOString() },
+			status: 'current',
+			filename: null,
+			context: null,
+			source: 'https://wpscan.com/vulnerability/733d8a02-0d44-4b78-bbb2-37e447acd2f3',
+			extension: {
+				name: 'Example Theme',
+				slug: 'example-theme',
+				version: '2.2.2',
+				type: 'theme',
+			},
+		},
+		{
+			id: 12345678912,
+			signature: 'Vulnerable.WP.Extension',
+			title: 'Vulnerable Theme: Example Theme II (version 3.3.3)',
+			description: 'This threat has a fixer with an error status.',
+			firstDetected: '2024-10-02T17:34:59.000Z',
+			fixedIn: '3.4.5',
+			fixedOn: null,
+			severity: 3,
+			fixable: { fixer: 'update', target: '1.12.4', extensionStatus: 'inactive' },
+			fixer: { status: 'error', error: 'error' },
+			status: 'current',
+			filename: null,
+			context: null,
+			source: 'https://wpscan.com/vulnerability/733d8a02-0d44-4b78-bbb2-37e447acd2f3',
+			extension: {
+				name: 'Example Theme II',
+				slug: 'example-theme-2',
+				version: '3.3.3',
+				type: 'theme',
+			},
+		},
+		{
+			id: 185868972,
+			signature: 'EICAR_AV_Test_Suspicious',
+			title: 'Malicious code found in file: jptt_eicar.php',
+			description: 'This threat has no auto-fixer available.',
+			firstDetected: '2024-10-07T20:40:15.000Z',
+			fixedIn: null,
+			fixedOn: null,
+			severity: 1,
+			fixable: false,
+			status: 'current',
+			filename: '/var/www/html/wp-content/uploads/jptt_eicar.php',
+			context: {
+				'6': 'echo <<<HTML',
+				'7': 'X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-SUSPICIOUS-ANTIVIRUS-TEST-FILE!$H+H*',
+				'8': 'HTML;',
+				'9': 'echo <<<HTML',
+				'10': 'X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-SUSPICIOUS-ANTIVIRUS-TEST-FILE!$H+H*',
+				'11': 'HTML;',
+				marks: {},
+			},
+			source: null,
+		},
+	],
+};
+
+export const FreeResults = args => <ThreatsDataView { ...args } />;
+FreeResults.args = {
+	data: [
+		{
+			id: '1d0470df-4671-47ac-8d87-a165e8f7d502',
+			title: 'WooCommerce <= 3.2.3 - Authenticated PHP Object Injection',
+			description:
+				'Versions 3.2.3 and earlier are affected by an issue where cached queries within shortcodes could lead to object injection. This is related to the recent WordPress 4.8.3 security release.This issue can only be exploited by users who can edit content and add shortcodes, but we still recommend all users running WooCommerce 3.x upgrade to 3.2 to mitigate this issue.',
+			firstDetected: null,
+			fixedIn: '3.2.4',
+			fixedOn: null,
+			severity: null,
+			fixable: null,
+			status: null,
+			filename: null,
+			context: null,
+			signature: null,
+			source: 'https://wpscan.com/vulnerability/1d0470df-4671-47ac-8d87-a165e8f7d502',
+			extension: {
+				name: 'WooCommerce',
+				slug: 'woocommerce',
+				version: '3.2.3',
+				type: 'plugin',
+			},
+		},
+		{
+			id: '7275a176-d579-471a-8492-df8edbdf27de',
+			signature: null,
+			subtitle: 'WooCommerce 3.4.5',
+			title: 'WooCommerce <= 3.4.5 - Authenticated Stored XSS',
+			description:
+				'The WooCommerce WordPress plugin was affected by an Authenticated Stored XSS security vulnerability.',
+			firstDetected: null,
+			fixedIn: '3.4.6',
+			fixedOn: null,
+			severity: null,
+			fixable: null,
+			status: null,
+			filename: null,
+			context: null,
+			source: 'https://wpscan.com/vulnerability/7275a176-d579-471a-8492-df8edbdf27de',
+			extension: {
+				name: 'WooCommerce',
+				slug: 'woocommerce',
+				version: '3.4.5',
+				type: 'plugin',
+			},
+		},
+		{
+			id: '733d8a02-0d44-4b78-bbb2-37e447acd2f3',
+			signature: null,
+			title: 'WP Super Cache < 1.7.2 - Authenticated Remote Code Execution (RCE)',
+			description:
+				'The plugin was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection.\r\n\r\nAnother possible attack vector: from XSS (via another plugin affected by XSS) to RCE.',
+			firstDetected: null,
+			fixedIn: '1.7.2',
+			fixedOn: null,
+			severity: null,
+			fixable: null,
+			status: null,
+			filename: null,
+			context: null,
+			source: 'https://wpscan.com/vulnerability/733d8a02-0d44-4b78-bbb2-37e447acd2f3',
+			extension: {
+				name: 'WP Super Cache',
+				slug: 'wp-super-cache',
+				version: '1.6.3',
+				type: 'plugin',
+			},
+		},
+	],
+};
diff --git a/projects/js-packages/components/components/threats-data-view/styles.module.scss b/projects/js-packages/components/components/threats-data-view/styles.module.scss
new file mode 100644
index 0000000000000..5cf22e93b8a4e
--- /dev/null
+++ b/projects/js-packages/components/components/threats-data-view/styles.module.scss
@@ -0,0 +1,122 @@
+@import '@wordpress/dataviews/build-style/style.css';
+
+:global {
+	.dataviews-view-table tbody .dataviews-view-table__cell-content-wrapper {
+		min-height: 0;
+	}
+
+	.dataviews-view-table td, .dataviews-view-table th {
+		white-space: initial;
+	}
+
+	.dataviews-view-table td .components-flex {
+		gap: 4px;
+	}
+
+	.dataviews-view-list .dataviews-views-list__fields {
+		align-items: center;
+	}
+}
+
+.media {
+	width: 100%;
+	height: 100%;
+	display: flex;
+	align-items: center;
+	justify-content: center;
+	color: black;
+	background-color: #EDFFEE;
+	border-color: #EDFFEE;
+
+	svg {
+		fill: currentColor;
+	}
+}
+
+.icon-check {
+	fill: var( --jp-green-40 );
+}
+
+.icon-info {
+	fill: var( --jp-red );
+}
+
+.support-link {
+	color: inherit;
+
+	&:focus,
+	&:hover {
+		color: inherit;
+		box-shadow: none;
+	}
+}
+
+.fixer-status {
+	display: flex;
+	align-items: center;
+	line-height: 0;
+
+	.icon-spinner {
+		margin-left: 1px;
+	}
+
+	.icon-info {
+		margin-left: -3px;
+	}
+
+	.icon-check {
+		margin-left: -6px;
+	}
+}
+
+.threat__primary {
+	display: flex;
+	align-items: center;
+	gap: 8px;
+}
+
+.threat__subtitle {
+	display: flex;
+	align-items: center;
+	gap: 6px;
+	font-size: 12px;
+	color: var( --jp-gray-80 );
+	margin-bottom: 4px;
+
+	> svg {
+		color: currentColor;
+	}
+}
+
+.threat__title {
+	color: var( --jp-gray-80 );
+	font-weight: 510;
+}
+
+.threat__description {
+	color: var( --jp-gray-80 );
+	font-size: 12px;
+}
+
+.icon-spinner {
+	svg {
+		margin: 0;
+	}
+}
+
+.spinner-spacer {
+	margin-left: 8px;
+}
+
+.info-spacer {
+	margin-left: 4px;
+}
+
+.check-spacer {
+	margin-left: -2px;
+}
+
+.threat__fixer {
+	min-width: 54px;
+	text-align: center;
+}
diff --git a/projects/js-packages/components/components/threats-data-view/test/index.test.tsx b/projects/js-packages/components/components/threats-data-view/test/index.test.tsx
new file mode 100644
index 0000000000000..0cada3e4c063a
--- /dev/null
+++ b/projects/js-packages/components/components/threats-data-view/test/index.test.tsx
@@ -0,0 +1,34 @@
+import { render, screen } from '@testing-library/react';
+import ThreatsDataView from '..';
+import { DataViewThreat } from '../types';
+
+const data = [
+	{
+		id: 185869885,
+		signature: 'EICAR_AV_Test',
+		title: 'Malicious code found in file: index.php',
+		description:
+			"This is the standard EICAR antivirus test code, and not a real infection. If your site contains this code when you don't expect it to, contact Jetpack support for some help.",
+		firstDetected: '2024-10-07T20:45:06.000Z',
+		fixedIn: null,
+		fixedOn: null,
+		severity: 8,
+		fixable: { fixer: 'rollback', target: 'January 26, 2024, 6:49 am', extensionStatus: '' },
+		status: 'current',
+		filename: '/var/www/html/wp-content/index.php',
+		context: {
+			'1': 'echo <<<HTML',
+			'2': 'X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*',
+			'3': 'HTML;',
+			marks: {},
+		},
+		source: null,
+	},
+] as DataViewThreat[];
+
+describe( 'ThreatsDataView', () => {
+	it( 'renders threat data', () => {
+		render( <ThreatsDataView data={ data } /> );
+		expect( screen.getByText( 'Malicious code found in file: index.php' ) ).toBeInTheDocument();
+	} );
+} );
diff --git a/projects/js-packages/components/components/threats-data-view/types.d.ts b/projects/js-packages/components/components/threats-data-view/types.d.ts
new file mode 100644
index 0000000000000..3f75a9f7d0b9d
--- /dev/null
+++ b/projects/js-packages/components/components/threats-data-view/types.d.ts
@@ -0,0 +1,93 @@
+export type ThreatStatus = 'fixed' | 'ignored' | 'current';
+
+export type ThreatFixType = 'replace' | 'delete' | 'update' | string;
+
+export type DataViewThreat = {
+	/** The threat's unique ID. */
+	id: number;
+
+	/** The threat's signature. */
+	signature: string;
+
+	/** The threat's title. */
+	title: string;
+
+	/** The threat's description. */
+	description: string;
+
+	/** The threat's current status. */
+	status: ThreatStatus;
+
+	/** The threat's severity level (0-10). */
+	severity: number;
+
+	/** The date the threat was first detected on the site, in YYYY-MM-DDTHH:MM:SS.000Z format. */
+	firstDetected: string;
+
+	/** The version the threat is fixed in. */
+	fixedIn?: string | null;
+
+	/** The date the threat was fixed, in YYYY-MM-DDTHH:MM:SS.000Z format. */
+	fixedOn?: string | null;
+
+	/** The fixable details. */
+	fixable:
+		| {
+				fixer: ThreatFixType;
+				target?: string | null;
+				extensionStatus?: string | null;
+		  }
+		| false;
+
+	/** If available, the threat's latest fixer status. */
+	fixer?: ThreatFixStatus;
+
+	/** The threat's source. */
+	source?: string;
+
+	/** The threat's affected extension. */
+	extension?: {
+		name: string;
+		slug: string;
+		type: 'plugin' | 'theme' | 'core';
+		version: string;
+	};
+
+	/** The threat's context. */
+	context?: Record< string, unknown > | null;
+
+	/** The name of the affected file. */
+	filename: string | null;
+
+	/** The rows affected by the database threat. */
+	rows?: unknown;
+
+	/** The table name of the database threat. */
+	table?: string;
+
+	/** The diff showing the threat's modified file contents. */
+	diff?: string;
+};
+
+export type ThreatsDataViewActionCallback = (
+	items: Threat[],
+	context: { registry: unknown; onActionPerformed?: ( threats: DataViewThreat[] ) => void }
+) => void;
+
+export type FixerStatus = 'not_started' | 'in_progress' | 'fixed' | 'not_fixed';
+
+/**
+ * Threat Fix Status
+ *
+ * Individual fixer status for a threat.
+ */
+export type ThreatFixStatusError = {
+	error: string;
+};
+
+export type ThreatFixStatusSuccess = {
+	status: FixerStatus;
+	last_updated: string;
+};
+
+export type ThreatFixStatus = ThreatFixStatusError | ThreatFixStatusSuccess;
diff --git a/projects/js-packages/components/components/threats-data-view/utils.ts b/projects/js-packages/components/components/threats-data-view/utils.ts
new file mode 100644
index 0000000000000..3899b66d2f747
--- /dev/null
+++ b/projects/js-packages/components/components/threats-data-view/utils.ts
@@ -0,0 +1,76 @@
+import { code, color, grid, plugins, shield, wordpress } from '@wordpress/icons';
+import { DataViewThreat, ThreatFixStatus } from './types';
+
+export const getThreatIcon = ( threat: DataViewThreat ) => {
+	const type = getThreatType( threat );
+
+	switch ( type ) {
+		case 'plugin':
+			return plugins;
+		case 'theme':
+			return color;
+		case 'core':
+			return wordpress;
+		case 'file':
+			return code;
+		case 'database':
+			return grid;
+		default:
+			return shield;
+	}
+};
+
+export const getThreatType = ( threat: DataViewThreat ) => {
+	if ( threat.signature === 'Vulnerable.WP.Core' ) {
+		return 'core';
+	}
+	if ( threat.extension ) {
+		return threat.extension.type;
+	}
+	if ( threat.filename ) {
+		return 'file';
+	}
+	if ( threat.table ) {
+		return 'database';
+	}
+
+	return null;
+};
+
+export const getThreatSubtitle = ( threat: DataViewThreat ) => {
+	const type = getThreatType( threat );
+
+	switch ( type ) {
+		case 'plugin':
+		case 'theme':
+			return `${ threat.extension?.name } (${ threat.extension?.version })`;
+		case 'core':
+			return 'WordPress Core';
+		case 'file':
+			// Trim leading slash
+			if ( threat.filename.startsWith( '/' ) ) {
+				return threat.filename.slice( 1 );
+			}
+			return threat.filename;
+		case 'database':
+			return threat.table;
+		default:
+			return '';
+	}
+};
+
+const FIXER_IS_STALE_THRESHOLD = 1000 * 60 * 60 * 24; // 24 hours
+
+export const fixerTimestampIsStale = ( lastUpdatedTimestamp: string ) => {
+	const now = new Date();
+	const lastUpdated = new Date( lastUpdatedTimestamp );
+	return now.getTime() - lastUpdated.getTime() >= FIXER_IS_STALE_THRESHOLD;
+};
+
+export const fixerStatusIsStale = ( fixerStatus: ThreatFixStatus ) => {
+	return (
+		'status' in fixerStatus &&
+		fixerStatus.status === 'in_progress' &&
+		fixerTimestampIsStale( fixerStatus.last_updated )
+	);
+};
diff --git a/projects/js-packages/scan/changelog/add-threat-types b/projects/js-packages/scan/changelog/add-threat-types
new file mode 100644
index 0000000000000..e549d3e8a3f87
--- /dev/null
+++ b/projects/js-packages/scan/changelog/add-threat-types
@@ -0,0 +1,4 @@
+Significance: minor
+Type: added
+
+Add threat TypeScript types
diff --git a/projects/js-packages/scan/src/types/threat.d.ts b/projects/js-packages/scan/src/types/threat.d.ts
new file mode 100644
index 0000000000000..757503972fa0c
--- /dev/null
+++ b/projects/js-packages/scan/src/types/threat.d.ts
@@ -0,0 +1,59 @@
+export type ThreatStatus = 'fixed' | 'ignored' | 'current';
+
+export type ThreatFixType = 'replace' | 'delete' | 'update' | string;
+
+export type Threat = {
+	/** The threat's unique ID. */
+	id: number;
+
+	/** The threat's signature. */
+	signature: string;
+
+	/** The threat's title. */
+	title: string;
+
+	/** The threat's description. */
+	description: string;
+
+	/** The threat's current status. */
+	status: ThreatStatus;
+
+	/** The threat's severity level (0-10). */
+	severity: number;
+
+	/** The date the threat was first detected on the site, in YYYY-MM-DDTHH:MM:SS.000Z format. */
+	firstDetected: string;
+
+	/** The version the threat is fixed in. */
+	fixedIn?: string | null;
+
+	/** The date the threat was fixed, in YYYY-MM-DDTHH:MM:SS.000Z format. */
+	fixedOn?: string | null;
+
+	/** The fixable details. */
+	fixable:
+		| {
+				fixer: ThreatFixType;
+				target?: string | null;
+				extensionStatus?: string | null;
+		  }
+		| false;
+
+	/** The threat's source. */
+	source?: string;
+
+	/** The threat's context. */
+	context?: Record< string, unknown > | null;
+
+	/** The name of the affected file. */
+	filename: string | null;
+
+	/** The rows affected by the database threat. */
+	rows?: unknown;
+
+	/** The table name of the database threat. */
+	table?: string;
+
+	/** The diff showing the threat's modified file contents. */
+	diff?: string;
+};
diff --git a/projects/plugins/protect/changelog/move-components-to-package b/projects/plugins/protect/changelog/move-components-to-package
new file mode 100644
index 0000000000000..29ead1e0b072a
--- /dev/null
+++ b/projects/plugins/protect/changelog/move-components-to-package
@@ -0,0 +1,5 @@
+Significance: patch
+Type: changed
+Comment: Moved components to package
+
+
diff --git a/projects/plugins/protect/tsconfig.json b/projects/plugins/protect/tsconfig.json
index bc49ef3cebb58..3efc0b5fbb273 100644
--- a/projects/plugins/protect/tsconfig.json
+++ b/projects/plugins/protect/tsconfig.json
@@ -1,6 +1,6 @@
 {
 	"extends": "jetpack-js-tools/tsconfig.base.json",
-	"include": [ "./src/js" ],
+	"include": [ "./src/js", "../../js-packages/components/components/threats-data-view" ],
 	"compilerOptions": {
 		"sourceMap": true,
 		"outDir": "./build/",