Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
@tru_id/tru-sdk-react-native
Advanced tools
tru.ID SDK for React Native
The only purpose of the SDK is to force the data cellular connectivity prior to call a public URL, and will return the following JSON response
- Success When the data connectivity has been achieved and a response has been received from the url endpoint
{
"http_status": string, // HTTP status related to the url
"response_body" : { // optional depending on the HTTP status
... // the response body of the opened url
... // see API doc for /device_ip and /redirect
},
"debug" : {
"device_info": string,
"url_trace" : string
}
}
- Error When data connectivity is not available and/or an internal SDK error occurred
{
"error" : string,
"error_description": string,
"debug": {
"device_info": string,
"url_trace" : string
}
}
Potential error codes: sdk_no_data_connectivity, sdk_connection_error, sdk_redirect_error, sdk_error.
Installation
npm install @tru_id/tru-sdk-react-native
For Android, add the following to your application's build.gradle:
maven {
url "https://gitlab.com/api/v4/projects/22035475/packages/maven"
}
Compatibility
Usage
- Is the device eligible for tru.ID silent authentication?
import TruSdkReactNative, {
ReachabilityResponse,
CheckResponse,
CheckErrorBody,
CheckSuccessBody,
ApiError,
ReachabilityBody,
ReachabilityResponseBody,
} from '@tru_id/tru-sdk-react-native';
// ...
// retrieve access token with coverage scope from back-end
const token = ...
// open the device_ip public API endpoint
if (token) {
const res =
await TruSdkReactNative.openWithDataCellularAndAccessToken<ReachabilityResponse>(
'https://eu.api.tru.id/coverage/v0.1/device_ip',
true,
token
);
if ('error' in res) {
// error ${err.error_description}
} else if ('http_status' in res) {
const httpStatus = success.http_status;
if (httpStatus === 200 && res.response_body !== undefined) {
const body = res.response_body as ReachabilityBody
// device is eligible on MNO ${body.network_name}
} else if (httpStatus === 400 && res.response_body !== undefined) {
const body = res.response_body as ApiError;
// MNO not supported ${body.detail}
} else if (httpStatus === 412 && res.response_body !== undefined) {
const body = res.response_body as ApiError;
// Not a mobile IP ${body.detail}
} else if (res.response_body !== undefined) {
const body = res.response_body as ApiError;
// other error see ${body.detail}
}
}
}
- How to open a check URL return by the PhoneCheck API or SubscriberCheck API
import TruSdkReactNative, {
ReachabilityResponse,
CheckResponse,
CheckErrorBody,
CheckSuccessBody,
ApiError,
ReachabilityBody,
ReachabilityResponseBody,
} from '@tru_id/tru-sdk-react-native';
// ...
const res = await TruSdkReactNative.openWithDataCellular<CheckResponse>(checkUrl);
if ('error' in res) {
// error see ${err.error_description}
} else if ('http_status' in res) {
const httpStatus = res.http_status;
if (httpStatus === 200 && res.response_body !== undefined) {
if ('error' in res.response_body) {
const body = res.response_body as CheckErrorBody;
// error see ${body.error_description}
} else {
const body = res.response_body as CheckSuccessBody;
// send ${body.code}, ${body.check_id} and ${body.reference_id} to back-end
// to trigger a PATCH /checks/{check_id}
}
} else if (httpStatus == 400 && res.response_body !== undefined) {
const body = res.response_body as ApiError;
// MNO not supported see ${body.detail}
} else if (httpStatus === 412 && res.response_body !== undefined) {
const body = res.response_body as ApiError;
// Not a mobile IP see ${body.detail}
} else if (res.response_body !== undefined) {
const body = res.response_body as ApiError;
// other error see ${body.detail}
}
}
Example Demo
There's an embedded example demo is located in the example directory, see README
Contributing
See the contributing guide to learn how to contribute to the repository and the development workflow.
Development
Releasing
Update CHANGELOG.md and finesse.
$ yarn run changelog
Commit the changes:
$ git commit -m 'chore(release): v{version}'
Tag:
$ git tag v{version}
Publish a new canary build to test.
$ yarn run publish:canary
Publish a full version:
$ yarn run publish:latest
Meta
Distributed under the MIT license. See LICENSE for more information.
Keywords
FAQs
React Native SDK for tru.ID
We found that @tru_id/tru-sdk-react-native demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 24 Apr 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025