Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@react-native/gradle-plugin
Advanced tools
The @react-native/gradle-plugin npm package is designed to enhance and simplify the integration of React Native projects with the Android build system, Gradle. It provides a set of Gradle scripts and configurations that automate the process of building and bundling React Native code and assets into Android applications. This plugin streamlines the development workflow, making it easier to include React Native components in Android apps, manage dependencies, and customize the build process.
Automatic linking of project dependencies
Automatically links all project dependencies declared in your `package.json` file with your Android project, eliminating the need for manual linking. This feature simplifies the process of adding and updating React Native modules that include native Android code.
apply plugin: '@react-native/gradle-plugin'
Customizable build configurations
Allows for customization of build configurations, such as specifying the entry file for the React Native bundle or enabling bundling for release builds. This feature provides flexibility in how React Native components are built and integrated into your Android app.
project.ext.react = [
entryFile: 'index.js',
bundleInRelease: true
]
Asset bundling and packaging
Automates the process of bundling JavaScript code and assets (such as images and fonts) into your Android application. This ensures that all necessary React Native components and resources are included in the app package, ready for distribution.
bundleReleaseJsAndAssets {
dependsOn 'mergeReleaseResources'
dependsOn 'bundleReleaseJsAndAssets'
}
React Native CodePush is a cloud service that enables React Native developers to deploy mobile app updates directly to their users' devices. It offers functionality similar to @react-native/gradle-plugin in terms of automating the update process, but focuses on dynamic updates post-deployment rather than during the build process. CodePush allows for immediate updates without needing to go through app store approval processes.
This package is a collection of Babel presets and plugins used by Metro (the JavaScript bundler for React Native) to transform JavaScript code. While it doesn't directly interact with the Android build system like @react-native/gradle-plugin, it plays a crucial role in preparing React Native JavaScript code for bundling and execution. It's more focused on the JavaScript side, optimizing and transforming JS code for better performance and compatibility.
A Gradle Plugin used to support development of React Native applications for Android.
yarn add @react-native/gradle-plugin
Note: We're using yarn
to install deps. Feel free to change commands to use npm
3+ and npx
if you like
To run the tests in this package, run the following commands from the React Native root folder:
yarn
to install the dependencies. You just need to run this once./gradlew -p packages/gradle-plugin test
.FAQs
Gradle Plugin for React Native
The npm package @react-native/gradle-plugin receives a total of 1,542,297 weekly downloads. As such, @react-native/gradle-plugin popularity was classified as popular.
We found that @react-native/gradle-plugin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.