Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
expo-location
Advanced tools
Allows reading geolocation information from the device. Your app can poll for the current location or subscribe to location update events.
The expo-location package provides an API to access and manage the device's location services. It allows you to get the current location, watch for location changes, and geocode or reverse geocode locations.
Get Current Location
This feature allows you to get the current location of the device. The code sample demonstrates how to request permission to access location services and then retrieve the current position.
```javascript
import * as Location from 'expo-location';
async function getCurrentLocation() {
let { status } = await Location.requestForegroundPermissionsAsync();
if (status !== 'granted') {
console.log('Permission to access location was denied');
return;
}
let location = await Location.getCurrentPositionAsync({});
console.log(location);
}
```
Watch Location Changes
This feature allows you to watch for location changes. The code sample demonstrates how to request permission and then set up a watcher that logs the location every time it changes.
```javascript
import * as Location from 'expo-location';
async function watchLocation() {
let { status } = await Location.requestForegroundPermissionsAsync();
if (status !== 'granted') {
console.log('Permission to access location was denied');
return;
}
Location.watchPositionAsync({
accuracy: Location.Accuracy.High,
timeInterval: 1000,
distanceInterval: 1,
}, (location) => {
console.log(location);
});
}
```
Geocoding
This feature allows you to convert an address into geographic coordinates. The code sample demonstrates how to use the geocodeAsync method to get the coordinates of a given address.
```javascript
import * as Location from 'expo-location';
async function geocodeAddress(address) {
let geocode = await Location.geocodeAsync(address);
console.log(geocode);
}
```
Reverse Geocoding
This feature allows you to convert geographic coordinates into a human-readable address. The code sample demonstrates how to use the reverseGeocodeAsync method to get the address of a given set of coordinates.
```javascript
import * as Location from 'expo-location';
async function reverseGeocodeLocation(latitude, longitude) {
let reverseGeocode = await Location.reverseGeocodeAsync({ latitude, longitude });
console.log(reverseGeocode);
}
```
The react-native-geolocation-service package provides similar functionality to expo-location, allowing you to get the current location, watch for location changes, and more. It is a more direct wrapper around the native geolocation APIs and may offer more control and customization options.
The react-native-location package offers similar features to expo-location, including getting the current location and watching for location changes. It also provides additional features like background location updates, which can be useful for certain types of applications.
The react-native-maps package is primarily used for rendering maps, but it also includes location tracking features. It can be a good choice if you need both mapping and location services in your application.
Allows reading geolocation information from the device. Your app can poll for the current location or subscribe to location update events.
For managed managed Expo projects, please follow the installation instructions in the API documentation for the latest stable release.
For bare React Native projects, you must ensure that you have installed and configured the expo
package before continuing.
expo install expo-location
Add NSLocationAlwaysAndWhenInUseUsageDescription
, NSLocationAlwaysUsageDescription
and NSLocationWhenInUseUsageDescription
keys to your Info.plist
:
<key>NSLocationAlwaysAndWhenInUseUsageDescription</key>
<string>Allow $(PRODUCT_NAME) to use your location</string>
<key>NSLocationAlwaysUsageDescription</key>
<string>Allow $(PRODUCT_NAME) to use your location</string>
<key>NSLocationWhenInUseUsageDescription</key>
<string>Allow $(PRODUCT_NAME) to use your location</string>
Run npx pod-install
after installing the npm package.
This module requires the permissions for approximate and exact device location. It also needs the foreground service permission to subscribe to location updates, while the app is in use. These permissions are automatically added.
<!-- Added permissions -->
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
<uses-permission android:name="android.permission.FOREGROUND_SERVICE" />
<!-- Optional permissions -->
<uses-permission android:name="android.permission.ACCESS_BACKGROUND_LOCATION" />
Note: on Android, you have to submit your app for review and request access to use the background location permission.
Contributions are very welcome! Please refer to guidelines described in the contributing guide.
FAQs
Allows reading geolocation information from the device. Your app can poll for the current location or subscribe to location update events.
The npm package expo-location receives a total of 137,202 weekly downloads. As such, expo-location popularity was classified as popular.
We found that expo-location demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 32 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.