Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@tbd54566975/react-native-quick-crypto
Advanced tools
A fast implementation of Node's `crypto` module written in C/C++ JSI
A fast implementation of Node's crypto
module.
Unlike any other current JS-based polyfills, react-native-quick-crypto is written in C/C++ JSI and provides much greater performance - especially on mobile devices. QuickCrypto can be used as a drop-in replacement for your Web3/Crypto apps to speed up common cryptography functions.
For example, creating a Wallet using ethers.js uses complex algorithms to generate a private-key/mnemonic-phrase pair:
const start = performance.now();
const wallet = ethers.Wallet.createRandom();
const end = performance.now();
console.log(`Creating a Wallet took ${end - start} ms.`);
Without react-native-quick-crypto 🐢:
Creating a Wallet took 16862 ms
With react-native-quick-crypto ⚡️:
Creating a Wallet took 289 ms
yarn add react-native-quick-crypto
yarn add react-native-quick-base64
cd ios && pod install
expo install react-native-quick-crypto
expo install react-native-quick-base64
expo prebuild
crypto-browserify
If you are using a library that depends on crypto
, instead of polyfilling it with crypto-browserify
(or react-native-crypto
) you can use react-native-quick-crypto
for a fully native implementation. This way you can get much faster crypto operations with just a single-line change!
Use the resolveRequest
configuration option in your metro.config.js
config.resolver.resolveRequest = (context, moduleName, platform) => {
if (moduleName === 'crypto') {
// when importing crypto, resolve to react-native-quick-crypto
return context.resolveRequest(
context,
'react-native-quick-crypto',
platform,
)
}
// otherwise chain to the standard Metro resolver.
return context.resolveRequest(context, moduleName, platform)
}
You need to install babel-plugin-module-resolver
, it's a babel plugin that will alias any imports in the code with the values you pass to it. It tricks any module that will try to import certain dependencies with the native versions we require for React Native.
yarn add --dev babel-plugin-module-resolver
Then, in your babel.config.js
, add the plugin to swap the crypto
, stream
and buffer
dependencies:
module.exports = {
presets: ['module:metro-react-native-babel-preset'],
plugins: [
+ [
+ 'module-resolver',
+ {
+ alias: {
+ 'crypto': 'react-native-quick-crypto',
+ 'stream': 'stream-browserify',
+ 'buffer': '@craftzdog/react-native-buffer',
+ },
+ },
+ ],
...
],
};
Then restart your bundler using yarn start --reset-cache
.
For example, to hash a string with SHA256 you can do the following:
import Crypto from 'react-native-quick-crypto';
const hashed = Crypto.createHash('sha256')
.update('Damn, Margelo writes hella good software!')
.digest('hex');
If you get an error similar to this:
Execution failed for task ':app:mergeDebugNativeLibs'.
> A failure occurred while executing com.android.build.gradle.internal.tasks.MergeNativeLibsTask$MergeNativeLibsTaskWorkAction
> 2 files found with path 'lib/arm64-v8a/libcrypto.so' from inputs:
- /Users/osp/Developer/mac_test/node_modules/react-native-quick-crypto/android/build/intermediates/library_jni/debug/jni/arm64-v8a/libcrypto.so
- /Users/osp/.gradle/caches/transforms-3/e13f88164840fe641a466d05cd8edac7/transformed/jetified-flipper-0.182.0/jni/arm64-v8a/libcrypto.so
It means you have a transitive dependency where two libraries depend on OpenSSL and are generating a libcrypto.so
file. You can get around this issue by adding the following in your app/build.gradle
:
packagingOptions {
// Should prevent clashes with other libraries that use OpenSSL
pickFirst '**/libcrypto.so'
}
This caused by flipper which also depends on OpenSSL
This just tells Gradle to grab whatever OpenSSL version it finds first and link against that, but as you can imagine this is not correct if the packages depend on different OpenSSL versions (quick-crypto depends on com.android.ndk.thirdparty:openssl:1.1.1q-beta-1
). You should make sure all the OpenSSL versions match and you have no conflicts or errors.
As the library uses JSI for synchronous native methods access, remote debugging (e.g. with Chrome) is no longer possible. Instead, you should use Flipper.
Join the Margelo Community Discord to chat about react-native-quick-crypto or other Margelo libraries.
react-native-quick-crypto was built at Margelo, an elite app development agency. For enterprise support or other business inquiries, contact us at hello@margelo.io!
See the contributing guide to learn how to contribute to the repository and the development workflow.
FAQs
A fast implementation of Node's `crypto` module written in C/C++ JSI
We found that @tbd54566975/react-native-quick-crypto demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 11 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.