Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@react-native/codegen
Advanced tools
The @react-native/codegen package is a tool used in the React Native ecosystem to generate native code (Java for Android, Objective-C for iOS) from JavaScript. It is primarily used to bridge custom native modules and components in a React Native application, facilitating the communication between JavaScript and native code. This tool automates the process of creating the necessary boilerplate code for native modules, making the development process more efficient and less error-prone.
Generating Native Modules
This feature allows developers to generate the boilerplate code for native modules by specifying the platform (iOS or Android), the path to a schema file (schema.json) that describes the module, and the output directory. The schema file is a JSON file that outlines the structure and types of the native module's methods and properties.
"npx react-native codegen --platform ios/android --schemaPath ./schema.json --outputDir ./output"
Generating Native Components
Similar to native modules, this feature enables the generation of boilerplate code for native components. The process involves specifying a schema file (componentSchema.json) that describes the component's properties and events, allowing for seamless integration of custom native UI components into React Native applications.
"npx react-native codegen --platform ios/android --schemaPath ./componentSchema.json --outputDir ./output"
React Native Builder Bob is a tool that helps developers create React Native libraries with support for both native and JavaScript code. While it provides a streamlined process for setting up, building, and publishing libraries, it does not offer the same code generation capabilities for bridging native modules and components as @react-native/codegen.
React Native Create Bridge is a CLI tool designed to simplify the process of creating native modules and UI components for React Native. It offers a more interactive approach by prompting users for input to generate the necessary boilerplate code. However, it is not as automated or schema-driven as @react-native/codegen, requiring more manual intervention.
yarn add --dev @react-native/codegen
Note: We're using yarn
to install deps. Feel free to change commands to use npm
3+ and npx
if you like
To run the tests in this package, run the following commands from the React Native root folder:
yarn
to install the dependencies. You just need to run this onceyarn jest packages/react-native-codegen
.v0.76.2
semver
not being found in pnpm setups (0def73d1a6 by @tido64)setUpErrorHandling
to show early JS errors (dac6d508af by @cipolleschi)value
instead of children
(52cdedb40e by @NickGerleman)FAQs
Code generation tools for React Native
The npm package @react-native/codegen receives a total of 1,723,536 weekly downloads. As such, @react-native/codegen popularity was classified as popular.
We found that @react-native/codegen demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.