draft prototype for fetch with debounce hook

[bergarces]

Description

Changelog

CHANGELOG entry:

Related issues

Fixes:

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Performance checks (if applicable)

• I've tested on Android
  • Ideally on a mid-range device; emulator is acceptable
• I've tested with a power user scenario
  • Use these power-user SRPs to import wallets with many accounts and tokens
• I've instrumented key operations with Sentry traces for production performance metrics
  • See trace() for usage and addToken for an example

For performance guidelines and tooling, see the Performance Guide.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: None (no tests recommended)
• Selected Performance tags: None (no tests recommended)
• Risk Level: low
• AI Confidence: 92%

click to see 🤖 AI reasoning details

E2E Test Selection:
The PR introduces two brand new utility files:

1. fetchWithDebounce.ts - A generic debounced batch fetcher utility (pure logic, no side effects)
2. useAssetSecurityDataFetch.ts - A React hook using the batch fetcher to call the token security scan API

Key findings from investigation:

• Neither file is imported by any other file in the codebase. They are purely additive new code with zero consumers.
• The useAssetSecurityDataFetch hook is not integrated into any component, screen, or existing hook.
• No existing E2E tests exercise these new utilities since they're not connected to any UI.
• The security alerts API domain appears in SmokeConfirmations tests (alert-system.spec.ts), but those tests mock the /validate/ endpoint, not the new /token/v1/scan-bulk endpoint, and the new hook isn't wired into any confirmation flow.
• These changes cannot break any existing functionality since they add new isolated code only.

Since these files have no consumers and introduce no changes to existing code paths, no E2E tests are needed to validate this PR.

Performance Test Selection:
The new files are not integrated into any UI component or data flow. The batch fetcher and hook are dead code at this point - no rendering, no state management changes, no API calls triggered from any existing component. There is no performance impact to measure.

View GitHub Actions results

[sonarqubecloud]

Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud