React Native Cross-Platform WebView
Installations
npm install react-native-webviewDeveloper
Developer Guide
Module System
CommonJS
Min. Node Version
Typescript Support
No
Node Version
18.13.0
NPM Version
6.14.18
Statistics
6,601 Stars
964 Commits
3,008 Forks
55 Watching
53 Branches
294 Contributors
Updated on 28 Nov 2024
Bundle Size
1.33 kB
Minified
686.00 B
Minified + Gzipped
Languages
TypeScript (29.05%)
Java (22.35%)
Objective-C (16.9%)
C++ (12.97%)
Objective-C++ (8.01%)
Kotlin (7.57%)
JavaScript (2.57%)
Ruby (0.38%)
C (0.19%)
HTML (0.03%)
Total Downloads
Cumulative downloads
Total Downloads
108,304,315
Last day
-4.1%
181,116
Compared to previous day
Last week
4.5%
1,007,943
Compared to previous week
Last month
7.7%
4,068,984
Compared to previous month
Last year
51.3%
37,225,151
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Peer Dependencies
2
Dev Dependencies
28
React Native WebView
React Native WebView is a community-maintained WebView component for React Native. It is intended to be a replacement for the built-in WebView (which was removed from core).
Maintainers
Many thanks to these companies for providing us with time to work on open source.
Please note that maintainers spend a lot of free time working on this too so feel free to sponsor them, it really makes a difference.
Windows and macOS are managed by Microsoft, notably:
- Alexander Sklar (Twitter @alexsklar) from React Native for Windows
- Chiara Mooney from React Native for Windows @ Microsoft
Shout-out to Jamon Holmgren from Infinite Red for helping a lot with the repo when he had more available time.
Disclaimer
Maintaining WebView is very complex because it is often used for many different use cases (rendering SVGs, PDFs, login flows, and much more). We also support many platforms and both architectures of react-native.
Since WebView was extracted from the React Native core, nearly 500 pull requests have been merged.
Considering that we have limited time, issues will mostly serve as a discussion place for the community, while we will prioritize reviewing and merging pull requests.
Platform compatibility
This project is compatible with iOS, Android, Windows and macOS.
This project supports both the old (paper) and the new architecture (fabric).
This project is compatible with expo.
Getting Started
Read our Getting Started Guide. If any step seems unclear, please create a pull request.
Versioning
This project follows semantic versioning. We do not hesitate to release breaking changes but they will be in a major version.
Usage
Import the WebView component from react-native-webview and use it like so:
1import React, { Component } from 'react'; 2import { StyleSheet, Text, View } from 'react-native'; 3import { WebView } from 'react-native-webview'; 4 5// ... 6const MyWebComponent = () => { 7 return <WebView source={{ uri: 'https://reactnative.dev/' }} style={{ flex: 1 }} />; 8}
For more, read the API Reference and Guide. If you're interested in contributing, check out the Contributing Guide.
Common issues
- If you're getting
Invariant Violation: Native component for "RNCWebView does not exist"it likely means you forgot to runreact-native linkor there was some error with the linking process - If you encounter a build error during the task
:app:mergeDexRelease, you need to enable multidex support inandroid/app/build.gradleas discussed in this issue
Contributing
Contributions are welcome, see Contributing.md
License
MIT
Translations
This readme is available in:
Stable Version
The latest stable version of the package.
Stable Version
13.12.4
MODERATE
1
6.5/10
Summary
Android WebView Universal Cross-site Scripting
Affected Versions
<= 10.10.2
Patched Versions
11.0.0
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
binaries present in source code
Details
- Warn: binary detected: example/android/gradle/wrapper/gradle-wrapper.jar:1
Reason
11 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 9
Reason
Found 15/30 approved changesets -- score normalized to 5
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/android-ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/detox.yml:1
- Warn: no topLevel permission defined: .github/workflows/ios-ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/macos-ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/stale.yml:1
- Warn: no topLevel permission defined: .github/workflows/windows-ci.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android-ci.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-webview/react-native-webview/android-ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android-ci.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-webview/react-native-webview/android-ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android-ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-webview/react-native-webview/android-ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/android-ci.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-webview/react-native-webview/android-ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detox.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-webview/react-native-webview/detox.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detox.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-webview/react-native-webview/detox.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ios-ci.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-webview/react-native-webview/ios-ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ios-ci.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-webview/react-native-webview/ios-ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/macos-ci.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-webview/react-native-webview/macos-ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/macos-ci.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-webview/react-native-webview/macos-ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-webview/react-native-webview/stale.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows-ci.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-webview/react-native-webview/windows-ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows-ci.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-webview/react-native-webview/windows-ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/windows-ci.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-webview/react-native-webview/windows-ci.yml/master?enable=pin
- Warn: downloadThenRun not pinned by hash: .github/workflows/detox.yml:18
- Info: 0 out of 12 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 downloadThenRun dependencies pinned
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 17 are checked with a SAST tool
Reason
44 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-4w2v-q235-vp99
- Warn: Project is vulnerable to: GHSA-cph5-m8f7-6c5x
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-mpg4-rc92-vx8v
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q
- Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-w7q9-p3jq-fmhm
- Warn: Project is vulnerable to: GHSA-xvf7-4v9q-58w6
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj
- Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m / GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-x565-32qp-m3vf
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-r2j6-p67h-q639
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx
- Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-rv73-9c8w-jp4c
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc
- Warn: Project is vulnerable to: GHSA-h6q6-9hqw-rwfv
- Warn: Project is vulnerable to: GHSA-5fg8-2547-mr8q
- Warn: Project is vulnerable to: GHSA-crh6-fp67-6883
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Score
4.1
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More