Gathering detailed insights and metrics for react-native-encrypted-storage
Gathering detailed insights and metrics for react-native-encrypted-storage
Gathering detailed insights and metrics for react-native-encrypted-storage
Gathering detailed insights and metrics for react-native-encrypted-storage
redux-persist-encrypted-storage
Redux Persist storage for React Native Encrypted Storage
pusher-js
Pusher Channels JavaScript library for browsers, React Native, NodeJS and web workers
@react-native-async-storage/async-storage
Asynchronous, persistent, key-value storage system for React Native.
shaka-player
DASH/EME video player library
npm install react-native-encrypted-storage
Module System
Min. Node Version
Typescript Support
Node Version
NPM Version
572 Stars
114 Commits
77 Forks
9 Watching
10 Branches
5 Contributors
Updated on 20 Nov 2024
TypeScript (36.68%)
Java (35.82%)
Objective-C (20.26%)
JavaScript (3.67%)
Ruby (3.13%)
C (0.27%)
Swift (0.18%)
Cumulative downloads
Total Downloads
Last day
3.6%
14,652
Compared to previous day
Last week
6.8%
68,616
Compared to previous week
Last month
21.2%
272,361
Compared to previous month
Last year
32.8%
2,259,918
Compared to previous year
React Native wrapper around SharedPreferences and Keychain to provide a secure alternative to Async Storage.
Async Storage is great but it lacks security. This is less than ideal when storing sensitive data such as access tokens, payment information and so on. This module aims to solve this problem by providing a wrapper around Android's EncryptedSharedPreferences
and iOS' Keychain
, complete with support for TypeScript.
yarn
1$ yarn add react-native-encrypted-storage
npm
1$ npm install react-native-encrypted-storage
Since version 0.60, React Native supports auto linking. This means no additional step is needed on your end.
1$ react-native link react-native-encrypted-storage
Special note for iOS using cocoapods
, run:
1$ npx pod-install
This module exposes four (4) native functions to store, retrieve, remove and clear values. They can be used like so:
1import EncryptedStorage from 'react-native-encrypted-storage';
1async function storeUserSession() {
2 try {
3 await EncryptedStorage.setItem(
4 "user_session",
5 JSON.stringify({
6 age : 21,
7 token : "ACCESS_TOKEN",
8 username : "emeraldsanto",
9 languages : ["fr", "en", "de"]
10 })
11 );
12
13 // Congrats! You've just stored your first value!
14 } catch (error) {
15 // There was an error on the native side
16 }
17}
1async function retrieveUserSession() { 2 try { 3 const session = await EncryptedStorage.getItem("user_session"); 4 5 if (session !== undefined) { 6 // Congrats! You've just retrieved your first value! 7 } 8 } catch (error) { 9 // There was an error on the native side 10 } 11}
1async function removeUserSession() { 2 try { 3 await EncryptedStorage.removeItem("user_session"); 4 // Congrats! You've just removed your first value! 5 } catch (error) { 6 // There was an error on the native side 7 } 8}
1async function clearStorage() { 2 try { 3 await EncryptedStorage.clear(); 4 // Congrats! You've just cleared the device storage! 5 } catch (error) { 6 // There was an error on the native side 7 } 8}
Take the removeItem
example, an error can occur when trying to remove a value which does not exist, or for any other reason. This module forwards the native iOS Security framework error codes to help with debugging.
1async function removeUserSession() { 2 try { 3 await EncryptedStorage.removeItem("user_session"); 4 } catch (error) { 5 // There was an error on the native side 6 // You can find out more about this error by using the `error.code` property 7 console.log(error.code); // ex: -25300 (errSecItemNotFound) 8 } 9}
Keychain
persistenceYou'll notice that the iOS Keychain
is not cleared when your app is uninstalled, this is the expected behaviour. However, if you do want to achieve a different behaviour, you can use the below snippet to clear the Keychain
on the first launch of your app.
1// AppDelegate.m 2 3/** 4 Deletes all Keychain items accessible by this app if this is the first time the user launches the app 5 */ 6static void ClearKeychainIfNecessary() { 7 // Checks wether or not this is the first time the app is run 8 if ([[NSUserDefaults standardUserDefaults] boolForKey:@"HAS_RUN_BEFORE"] == NO) { 9 // Set the appropriate value so we don't clear next time the app is launched 10 [[NSUserDefaults standardUserDefaults] setBool:YES forKey:@"HAS_RUN_BEFORE"]; 11 12 NSArray *secItemClasses = @[ 13 (__bridge id)kSecClassGenericPassword, 14 (__bridge id)kSecClassInternetPassword, 15 (__bridge id)kSecClassCertificate, 16 (__bridge id)kSecClassKey, 17 (__bridge id)kSecClassIdentity 18 ]; 19 20 // Maps through all Keychain classes and deletes all items that match 21 for (id secItemClass in secItemClasses) { 22 NSDictionary *spec = @{(__bridge id)kSecClass: secItemClass}; 23 SecItemDelete((__bridge CFDictionaryRef)spec); 24 } 25 } 26} 27 28@implementation AppDelegate 29 30- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions 31{ 32 // Add this line to call the above function 33 ClearKeychainIfNecessary(); 34 35 RCTBridge *bridge = [[RCTBridge alloc] initWithDelegate:self launchOptions:launchOptions]; 36 RCTRootView *rootView = [[RCTRootView alloc] initWithBridge:bridge moduleName:@"APP_NAME" initialProperties:nil]; 37 38 rootView.backgroundColor = [UIColor colorWithRed:1.0f green:1.0f blue:1.0f alpha:1]; 39 40 self.window = [[UIWindow alloc] initWithFrame:[UIScreen mainScreen].bounds]; 41 UIViewController *rootViewController = [UIViewController new]; 42 rootViewController.view = rootView; 43 44 self.window.rootViewController = rootViewController; 45 [self.window makeKeyAndVisible]; 46 47 return YES; 48} 49 50// ... 51 52@end
There seems to be some confusion around the maximum size of items that can be stored, especially on iOS. According to this StackOverflow question, the actual Keychain limit is much lower than what it should theoretically be. This does not affect Android as the EncryptedSharedPreferences
API relies on the phone's storage, via XML files.
MIT
No vulnerabilities found.
Reason
license file detected
Details
Reason
binaries present in source code
Details
Reason
Found 3/9 approved changesets -- score normalized to 3
Reason
project is archived
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
Reason
security policy file not detected
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Reason
44 existing vulnerabilities detected
Details
Score
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More