Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@getyoti/react-native-yoti-doc-scan
Advanced tools
Yoti is an identity checking platform that allows organisations to verify who people are, online and in person. The Yoti Doc Scan SDK allows the user to take a photo of their identifying document which we verify instantly and prepare a response which your system can then retrieve. Further information can be found in the documentation.
A supporting Yoti Doc Scan SDK backend installation is required. Learn more about the backend SDK in the Getting Started guide.
yarn add @getyoti/react-native-yoti-doc-scan
Navigate to your iOS folder and update pods with:
pod install
React Native autolinking will handle the rest of the native configuration. Should autolinking fail, consult the troubleshooting instructions.
Install the library with:
yarn add @getyoti/react-native-yoti-doc-scan
Link the library:
react-native link @getyoti/react-native-yoti-doc-scan
If you're using CocoaPods, navigate to your ios
and update your Podfile
:
pod 'Folly', :podspec => '../node_modules/react-native/third-party-podspecs/Folly.podspec'
+ `pod 'react-native-yoti-doc-scan', :path => '../node_modules/react-native-yoti-doc-scan/react-native-yoti-doc-scan.podspec'`
end
And then your pods with:
pod install
If autolinking fails, refer to the troubleshooting instructions.
Add microblink to your repositories in the root build.gradle file (android/build.gradle
):
allprojects {
repositories {
mavenCentral()
maven { url 'https://maven.microblink.com' }
maven { url "https://jitpack.io" }
...
}
...
}
Add this configuration for the debug build type to your buildTypes
block (android/app/build.gradle
):
buildTypes {
debug {
matchingFallbacks = ['release']
...
}
...
}
If you're using Firebase Performance Monitoring you'll need to disable it for debug built variant. One way to do this is including this flag in your gradle.properties
file:
firebasePerformanceInstrumentationEnabled=false
And update your release build command line to enable it:
./gradlew assembleRelease -PfirebasePerformanceInstrumentationEnabled=true
If you're using Proguard or other obfuscation tool, add the following configuration rules to your proguard-rules.pro file:
-keep class com.yoti.** { *; }
-keep class com.microblink.** { *; }
-keep class com.microblink.**$* { *; }
-dontwarn com.microblink.**
-keep class com.facetec.zoom.** { *; }
-dontwarn javax.annotation.Nullable
Depending on your Android project setup and version of React Native, you may encounter the following error during your build process:
More than one files produce libc++_shared.so
Resolve by adding the following packaging options to your android
block (android/app/build.gradle
):
android {
compileSdkVersion rootProject.ext.compileSdkVersion
packagingOptions {
pickFirst 'lib/x86/libc++_shared.so'
pickFirst 'lib/x86_64/libjsc.so'
pickFirst 'lib/arm64-v8a/libjsc.so'
pickFirst 'lib/arm64-v8a/libc++_shared.so'
pickFirst 'lib/x86_64/libc++_shared.so'
pickFirst 'lib/armeabi-v7a/libc++_shared.so'
}
...
The SDK exposes a single method, startSession()
, which handles communication between your app and the Yoti app on a user's device.
Import the SDK with:
import YotiDocScan from '@getyoti/react-native-yoti-doc-scan;
Call the startSession
method with your session Id and client session token.
The method accepts two callbacks: one invoked on success and the other when the result is a failure.
function onSuccess (code, description) {
// handle success scenario
}
function onError (code, description) {
// handle error scenario
}
YotiDocScan.startSession(
sessionId,
clientSessionToken,
onSuccess,
onError
);
}}
Optionally, you can specify Android request code. If not, by default it is set to 9001:
YotiDocScan.setRequestCode(8888);
Your callbacks will receive a consistent response with two parameters: code
(number) and description
(string).
The code
is always populated with one of the values in the results table below.
The description
is not guaranteed to always have a value and as such your business logic should not rely on it.
Code | Message | Retry possible for the same session |
---|---|---|
0 | Result with success | No |
1000 | No error occurred - the end-user cancelled the session for an unknown reason | Yes |
2000 | Unauthorised request (wrong or expired session token) | Yes |
2001 | Session not found | Yes |
2003 | SDK launched without session Token | Yes |
2004 | SDK launched without session ID | Yes |
3000 | Yoti's services are down or unable to process the request | Yes |
3001 | An error occurred during a network request | Yes |
3002 | User has no network | Yes |
4000 | The user did not grant permissions to the camera | Yes |
5000 | No camera (when user's camera was not found and file upload is not allowed) | No |
5002 | No more local tries for the liveness flow | Yes |
5003 | SDK is out-of-date - please update the SDK to the latest version | No |
5004 | Unexpected internal error | No |
5005 | Unexpected document scanning error | No |
5006 | Unexpected liveness error | No |
6000 | Document Capture dependency not found error | No |
6001 | Liveness Zoom dependency not found error | No |
6002 | Supplementary document dependency not found error | No |
Linker errors pertaining to Swift libraries such as swiftFoundation
can be resolved with one or more of the solutions mentioned in this oft-quoted StackOverflow discussion, depending on your React Native version and project setup.
Android linking is performed in 3 steps:
Add the following to your settings.gradle file as a new entry before the last line which has include ':app'
:
include ':react-native-yoti-doc-scan'
project(':react-native-yoti-doc-scan').projectDir = new
File(rootProject.projectDir, '../node_modules/react-native-yoti-doc-scan/src/android')
include ':app'
Find the dependencies
block in your build.gradle file and add implementation project(':react-native-yoti-doc-scan')
:
dependencies {
...
implementation project(':react-native-yoti-doc-scan')
}
Add this import for the package:
import android.app.Application;
import com.facebook.react.ReactApplication;
+ import com.yoti.reactnative.RNYotiDocScanPackage;
Find the getPackages
function and add new RNYotiDocScanPackage()
to the list of packages.
@Override
protected List<ReactPackage> getPackages() {
return Arrays.<ReactPackage>asList(
new MainReactPackage(),
+ new RNYotiDocScanPackage(),
...
If you have any other questions please do not hesitate to contact clientsupport@yoti.com. Once we have answered your question we may contact you again to discuss Yoti products and services. If you'd prefer us not to do this, please let us know when you e-mail.
Please find the licence for the SDK here.
FAQs
Yoti Doc Scan for React Native
The npm package @getyoti/react-native-yoti-doc-scan receives a total of 157 weekly downloads. As such, @getyoti/react-native-yoti-doc-scan popularity was classified as not popular.
We found that @getyoti/react-native-yoti-doc-scan demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.