Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@getyoti/react-native-yoti-doc-scan
Advanced tools
Yoti is an identity checking platform that allows organisations to verify who people are, online and in person. The Yoti Doc Scan SDK allows the user to take a photo of their identifying document which we verify instantly and prepare a response which your system can then retrieve. Further information can be found in the documentation.
A supporting Yoti Doc Scan SDK backend installation is required. Learn more about the backend SDK in the Getting Started guide.
yarn add @getyoti/react-native-yoti-doc-scan
Navigate to your iOS folder and update pods with:
pod install
React Native autolinking will handle the rest of the native configuration. Should autolinking fail, consult the troubleshooting instructions.
Install the library with:
yarn add @getyoti/react-native-yoti-doc-scan
Link the library:
react-native link @getyoti/react-native-yoti-doc-scan
If you're using CocoaPods, navigate to your ios
and update your Podfile
:
pod 'Folly', :podspec => '../node_modules/react-native/third-party-podspecs/Folly.podspec'
+ `pod 'react-native-yoti-doc-scan', :path => '../node_modules/react-native-yoti-doc-scan/react-native-yoti-doc-scan.podspec'`
end
And then your pods with:
pod install
If autolinking fails, refer to the troubleshooting instructions.
Add microblink to your repositories in the root build.gradle file (android/build.gradle
):
allprojects {
repositories {
+ mavenCentral()
+ maven { url 'https://maven.microblink.com' }
+ maven { url "https://jitpack.io" }
...
}
...
}
Add this configuration for the debug build type to your buildTypes
block (android/app/build.gradle
):
buildTypes {
debug {
+ matchingFallbacks = ['release']
...
}
...
}
Depending on your Android project setup and version of React Native, you may encounter the following error during your build process:
More than one files produce libc++_shared.so
Resolve by adding the following packaging options to your android
block (android/app/build.gradle
):
android {
compileSdkVersion rootProject.ext.compileSdkVersion
+ packagingOptions {
+ pickFirst 'lib/x86/libc++_shared.so'
+ pickFirst 'lib/x86_64/libjsc.so'
+ pickFirst 'lib/arm64-v8a/libjsc.so'
+ pickFirst 'lib/arm64-v8a/libc++_shared.so'
+ pickFirst 'lib/x86_64/libc++_shared.so'
+ pickFirst 'lib/armeabi-v7a/libc++_shared.so'
+ }
...
The SDK exposes a single method, startSession()
, which handles communication between your app and the Yoti app on a user's device.
Import the SDK with:
import YotiDocScan from '@getyoti/react-native-yoti-doc-scan;
Call the startSession
method with your session Id and client session token.
The method accepts two callbacks: one invoked on success and the other when the result is a failure.
function onSuccess (code, description) {
// handle success scenario
}
function onError (code, description) {
// handle error scenario
}
YotiDocScan.startSession(
sessionId,
clientSessionToken,
onSuccess,
onError
);
}}
Your callbacks will receive a consistent response with two parameters: code
(number) and description
(string).
The code
is always populated with one of the values in the results table below.
The description
is not guaranteed to always have a value and as such your business logic should not rely on it.
Code | Description | Retry possible (same session) |
---|---|---|
1000 | No error occurred. The user cancelled the session | Yes |
2000 | Unauthorised request (wrong or expired session token) | Yes |
2001 | Session not found | Yes |
2002 | Session expired | Yes |
2003 | SDK launched without session Token | Yes |
2004 | SDK launched without session ID | Yes |
3000 | Yoti's services are down or unable to process the request | Yes |
3001 | An error occurred during a network request | Yes |
3002 | User has no network | Yes |
4000 | The user did not grant permission to the camera | Yes |
5000 | The user's camera was not found and file upload is not allowed | No |
5002 | No more local tries for the liveness flow | Yes |
5003 | SDK is out-of-date, please update the SDK to the latest version | No |
5004 | An unexpected internal error occurred | No |
5005 | An unexpected document capture error occurred | No |
5006 | An unexpected liveness capture error occurred | No |
Linker errors pertaining to Swift libraries such as swiftFoundation
can be resolved with one or more of the solutions mentioned in this oft-quoted StackOverflow discussion, depending on your React Native version and project setup.
Android linking is performed in 3 steps:
Add the following to your settings.gradle file as a new entry before the last line which has include ':app'
:
+ include ':react-native-yoti-doc-scan'
+ project(':react-native-yoti-doc-scan').projectDir = new
+ File(rootProject.projectDir, '../node_modules/react-native-yoti-doc-scan/src/android')
include ':app'
Find the dependencies
block in your build.gradle file and add implementation project(':react-native-yoti-doc-scan')
:
dependencies {
...
+ implementation project(':react-native-yoti-doc-scan')
}
Add an import for the package:
import android.app.Application;
import com.facebook.react.ReactApplication;
+ import com.yoti.reactnative.RNYotiDocScanPackage;
Find the getPackages
function and add new RNYotiDocScanPackage()
to the list of packages.
@Override
protected List<ReactPackage> getPackages() {
return Arrays.<ReactPackage>asList(
new MainReactPackage(),
+ new RNYotiDocScanPackage(),
...
If you have any other questions please do not hesitate to contact sdksupport@yoti.com. Once we have answered your question we may contact you again to discuss Yoti products and services. If you'd prefer us not to do this, please let us know when you e-mail.
Please find the licence for the SDK here.
FAQs
Yoti Doc Scan for React Native
The npm package @getyoti/react-native-yoti-doc-scan receives a total of 157 weekly downloads. As such, @getyoti/react-native-yoti-doc-scan popularity was classified as not popular.
We found that @getyoti/react-native-yoti-doc-scan demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.