Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@react-native/gradle-plugin
Advanced tools
The @react-native/gradle-plugin npm package is designed to enhance and simplify the integration of React Native projects with the Android build system, Gradle. It provides a set of Gradle scripts and configurations that automate the process of building and bundling React Native code and assets into Android applications. This plugin streamlines the development workflow, making it easier to include React Native components in Android apps, manage dependencies, and customize the build process.
Automatic linking of project dependencies
Automatically links all project dependencies declared in your `package.json` file with your Android project, eliminating the need for manual linking. This feature simplifies the process of adding and updating React Native modules that include native Android code.
apply plugin: '@react-native/gradle-plugin'
Customizable build configurations
Allows for customization of build configurations, such as specifying the entry file for the React Native bundle or enabling bundling for release builds. This feature provides flexibility in how React Native components are built and integrated into your Android app.
project.ext.react = [
entryFile: 'index.js',
bundleInRelease: true
]
Asset bundling and packaging
Automates the process of bundling JavaScript code and assets (such as images and fonts) into your Android application. This ensures that all necessary React Native components and resources are included in the app package, ready for distribution.
bundleReleaseJsAndAssets {
dependsOn 'mergeReleaseResources'
dependsOn 'bundleReleaseJsAndAssets'
}
React Native CodePush is a cloud service that enables React Native developers to deploy mobile app updates directly to their users' devices. It offers functionality similar to @react-native/gradle-plugin in terms of automating the update process, but focuses on dynamic updates post-deployment rather than during the build process. CodePush allows for immediate updates without needing to go through app store approval processes.
This package is a collection of Babel presets and plugins used by Metro (the JavaScript bundler for React Native) to transform JavaScript code. While it doesn't directly interact with the Android build system like @react-native/gradle-plugin, it plays a crucial role in preparing React Native JavaScript code for bundling and execution. It's more focused on the JavaScript side, optimizing and transforming JS code for better performance and compatibility.
A Gradle Plugin used to support development of React Native applications for Android.
yarn add @react-native/gradle-plugin
Note: We're using yarn
to install deps. Feel free to change commands to use npm
3+ and npx
if you like
To run the tests in this package, run the following commands from the React Native root folder:
yarn
to install the dependencies. You just need to run this once./gradlew -p packages/gradle-plugin test
.FAQs
Gradle Plugin for React Native
We found that @react-native/gradle-plugin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.