Research
/Security News
Fake imToken Chrome Extension Steals Seed Phrases via Phishing Redirects
Mixed-script homoglyphs and a lookalike domain mimic imToken’s import flow to capture mnemonics and private keys.
By Kirill Boychenko - Mar 05, 2026
You're Invited:Meet the Socket Team at RSAC and BSidesSF 2026, March 23–26.RSVP →
@candlefinance/push
Advanced tools
Push for React Native
Installation
yarn add @candlefinance/push
The motivation to write this came from the unmaintained and outdated libraries that exist today. This implementation is written in Swift in less than 200 lines of code.
Android support is coming soon. Check out #1 if you want to help.
Usage
iOS
- Request permissions
- Register for APNS token
- Remote push notifications
- Foreground
- Background
- Opened by tapping on the notification
- Local push notifications
Setup
- You'll need to update your
AppDelegate.swiftto handle push check the example app here for an example. - If your AppDelegate is in Objective-C (
.mm|.m|.h), create a newAppDelegate.swiftfile and bridging header, then delete the Objective-C AppDelegate and main.m file. Finally, copy the contents of the example app's AppDelegate.swift and bridge header to your project. - Make sure you're on
iOS 15or later. - You can also use Objective-C just add bridging header and import the module.
UNUserNotificationCenterDelegateset in AppDelegate.
Android
- Request permissions
- Register for FCM token
- Remote push notifications
- Foreground
- Background + Headless JS
- Opened by tapping on the notification
- Local push notifications
Setup
- Add permissions in AndroidManifest.xml
- Add
google-services.jsoninandroid/appdirectory from Firebase console.
API
The following code is used to handle push notifications on the React Native side:
import type { PushNotificationPermissionStatus } from '@candlefinance/push';
import { module as Push } from '@candlefinance/push';
// Shows dialog to request permission to send push notifications, gets APNS token
const isGranted = await push.requestPermissions();
// Get the APNS token w/o showing permission, useful if you want silent push notifications
push.registerForToken();
// Check permission status: 'granted', 'denied', or 'notDetermined'
const status = await push.getAuthorizationStatus();
// Listeners
React.useEffect(() => {
const { NativeEvent, NativeHeadlessTaskKey } = Push.getConstants();
console.log(NativeEvent, NativeHeadlessTaskKey);
Push.addTokenEventListener(NativeEvent.TOKEN_RECEIVED, (token) => {
console.log('TOKEN_RECEIVED:', token);
});
Push.addMessageEventListener(
NativeEvent.BACKGROUND_MESSAGE_RECEIVED,
(message, id) => {
console.log('BACKGROUND_MESSAGE_RECEIVED:', message);
if (id !== undefined) {
console.log('Completing notification:', id);
Push.completeNotification(id);
}
}
);
Push.addErrorListener(NativeEvent.FAILED_TO_REGISTER, (message) => {
console.log('FAILED_TO_REGISTER:', message);
});
Push.addMessageEventListener(NativeEvent.NOTIFICATION_OPENED, (message) => {
console.log('NOTIFICATION_OPENED:', message);
});
Push.addMessageEventListener(
NativeEvent.FOREGROUND_MESSAGE_RECEIVED,
(message) => {
console.log('FOREGROUND_MESSAGE_RECEIVED:', message);
}
);
Push.addMessageEventListener(
NativeEvent.LAUNCH_NOTIFICATION_OPENED,
(message) => {
console.log('LAUNCH_NOTIFICATION_OPENED:', message);
}
);
return () => {
Push.removeListeners(NativeEvent.TOKEN_RECEIVED);
Push.removeListeners(NativeEvent.BACKGROUND_MESSAGE_RECEIVED);
Push.removeListeners(NativeEvent.NOTIFICATION_OPENED);
Push.removeListeners(NativeEvent.FOREGROUND_MESSAGE_RECEIVED);
Push.removeListeners(NativeEvent.LAUNCH_NOTIFICATION_OPENED);
};
}, []);
Testing
If you run the example app, you can test push notifications by running the following command:
yarn push
This will use the payload.json file to send a push notification to the device. You can modify the payload to test different scenarios.
Apple also has a new console to test push notifications. If you print out the token from deviceTokenReceived listener, you can use it to send a push notification from the console.
SNS
If you're using AWS SNS, you can use the following code to send a push notification
const message = // apns
os === 'ios' ? JSON.stringify({ APNS: JSON.stringify(payload) })
: // fcm
JSON.stringify({
GCM: JSON.stringify({
data: {
title: title,
body: body,
custom: customData,
data: customData,
priority: '1',
imageUrl:
'https://logo.png',
targetClass: 'com.yourapp.candle.MainActivity',
},
})
})
Contributing
We are open to contributions. Please read our Contributing Guide for more information.
License
This project is licensed under the terms of the MIT license.
Discord
Post in #oss channel in our Discord if you have any questions or want to contribute.
Keywords
FAQs
Gary Tokman
We found that @candlefinance/push demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 20 Apr 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Socket Named a Supply Chain Innovator in Latio's 2026 Application Security Market Report
Latio’s 2026 report recognizes Socket as a Supply Chain Innovator and highlights our work in 0-day malware detection, SCA, and auto-patching.
By Sarah Gooding - Mar 05, 2026
Company News
Meet the Socket Team at RSAC and BSidesSF 2026
Join Socket for live demos, rooftop happy hours, and one-on-one meetings during BSidesSF and RSA 2026 in San Francisco.
By Sarah Gooding - Mar 03, 2026