Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
expo-secure-store
Advanced tools
Provides a way to encrypt and securely store key–value pairs locally on the device.
The expo-secure-store package provides a way to securely store key-value pairs in a device's secure storage. This is useful for storing sensitive information such as authentication tokens, user preferences, and other confidential data.
Storing a value
This feature allows you to store a key-value pair securely. The `setItemAsync` method takes a key and a value as arguments and stores them in the secure storage.
import * as SecureStore from 'expo-secure-store';
async function save(key, value) {
await SecureStore.setItemAsync(key, value);
}
Retrieving a value
This feature allows you to retrieve a value stored under a specific key. The `getItemAsync` method takes a key as an argument and returns the corresponding value.
import * as SecureStore from 'expo-secure-store';
async function getValueFor(key) {
let result = await SecureStore.getItemAsync(key);
if (result) {
console.log("🔐 Here's your value 🔐 \n" + result);
} else {
console.log('No value stored under that key.');
}
}
Deleting a value
This feature allows you to delete a key-value pair from the secure storage. The `deleteItemAsync` method takes a key as an argument and removes the corresponding key-value pair from the storage.
import * as SecureStore from 'expo-secure-store';
async function deleteValueFor(key) {
await SecureStore.deleteItemAsync(key);
}
The react-native-keychain package provides similar functionality for securely storing key-value pairs. It supports both iOS and Android and offers additional features such as biometric authentication. Compared to expo-secure-store, react-native-keychain provides more advanced security options but may require more setup.
The redux-persist-sensitive-storage package is designed to work with redux-persist to securely store sensitive data. It uses the device's secure storage mechanisms and is a good option if you are already using Redux for state management. Compared to expo-secure-store, it integrates more seamlessly with Redux but is less general-purpose.
The secure-store package is another option for securely storing key-value pairs. It is lightweight and easy to use, making it a good alternative to expo-secure-store for simple use cases. However, it may not offer as many features or as much flexibility as expo-secure-store.
Provides a way to encrypt and securely store key–value pairs locally on the device.
For managed managed Expo projects, please follow the installation instructions in the API documentation for the latest stable release.
For bare React Native projects, you must ensure that you have installed and configured the react-native-unimodules
package before continuing.
expo install expo-secure-store
Run npx pod-install
after installing the npm package.
No additional set up necessary.
Contributions are very welcome! Please refer to guidelines described in the contributing guide.
FAQs
Provides a way to encrypt and securely store key-value pairs locally on the device.
We found that expo-secure-store demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.