Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
capacitor-secure-storage-plugin
Advanced tools
Changelog
v0.9.0
Readme
Capacitor plugin for storing string values securly on iOS and Android.
For Capacitor v5
npm install capacitor-secure-storage-plugin
For Capacitor v4 - install with fixed version 0.8.1
npm install capacitor-secure-storage-plugin@0.8.1
For Capacitor v3 - install with fixed version 0.7.1
npm install capacitor-secure-storage-plugin@0.7.1
For Capacitor v2 - install with fixed version 0.5.1
npm install capacitor-secure-storage-plugin@0.5.1
In a component where you want to use this plugin add to or modify imports:
import { SecureStoragePlugin } from 'capacitor-secure-storage-plugin';
In a component where you want to use this plugin add to or modify imports:
import 'capacitor-secure-storage-plugin';
import { Plugins } from '@capacitor/core';
const { SecureStoragePlugin } = Plugins;
First line is needed because of web part of the plugin (current behavior of Capacitor, this may change in future releases).
In Android with Capacitor v2 you have to register plugins manually in MainActivity class of your app.
How to register plugins for Capacitor V2
import com.whitestein.securestorage.SecureStoragePlugin;
...
public class MainActivity extends BridgeActivity {
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
// Initializes the Bridge
this.init(savedInstanceState, new ArrayList<Class<? extends Plugin>>() {{
// Additional plugins you've installed go here
// Ex: add(TotallyAwesomePlugin.class);
add(SecureStoragePlugin.class);
}});
}
}
get(options: { key: string }): Promise<{ value: string }>
Note if item with specified key does not exist, throws an Error
set(options: { key: string; value: string }): Promise<{ value: boolean }>
Note return true in case of success otherwise throws an error
remove(options: { key: string }): Promise<{ value: boolean }>
Note return true in case of success otherwise throws an error
keys(): Promise<{ value: string[] }>
clear(): Promise<{ value: boolean }>
Note return true in case of success otherwise throws an error
getPlatform(): Promise<{ value: string }>
Note return returns which implementation is used - one of 'web', 'ios' or 'android'
const key = 'username';
const value = 'hellokitty2';
SecureStoragePlugin.set({ key, value }).then(success => console.log(success));
const key = 'username';
SecureStoragePlugin.get({ key })
.then(value => {
console.log(value);
})
.catch(error => {
console.log('Item with specified key does not exist.');
});
async getUsername(key: string) {
return await SecureStoragePlugin.get({ key });
}
This plugin uses SwiftKeychainWrapper under the hood for iOS.
Warning Up to version v0.4.0 there was standard keychain used. Since v0.5.0 there is separate keychain wrapper, so keys() method returns only keys set in v0.5.0 or higher version.
On Android it is implemented by AndroidKeyStore and SharedPreferences. Source: Apriorit
Warning For Android API < 18 values are stored as simple base64 encoded strings.
There is no secure storage in browser (not because it is not implemented by this plugin, but it does not exist at all). Values are stored in LocalStorage, but they are at least base64 encoded. Plugin adds 'capsec' prefix to keys to avoid conflicts with other data stored in LocalStorage.
FAQs
Securely store secrets such as usernames, passwords, tokens, certificates or other sensitive information (strings) on iOS & Android
The npm package capacitor-secure-storage-plugin receives a total of 16,628 weekly downloads. As such, capacitor-secure-storage-plugin popularity was classified as popular.
We found that capacitor-secure-storage-plugin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.