Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
expo-updates
Advanced tools
Fetches and manages remotely-hosted assets and updates to your app's JS bundle.
The expo-updates package allows you to manage and deploy updates to your Expo app over-the-air (OTA). This means you can push updates to your app without requiring users to download a new version from the app store.
Check for Updates
This feature allows you to check if there is a new update available for your app. If an update is available, you can notify the user or proceed to download it.
import * as Updates from 'expo-updates';
async function checkForUpdates() {
const update = await Updates.checkForUpdateAsync();
if (update.isAvailable) {
// Update is available, you can notify the user or download it
}
}
Fetch and Apply Updates
This feature allows you to fetch the latest update and apply it. If a new update is fetched, the app will reload to apply the update.
import * as Updates from 'expo-updates';
async function fetchAndApplyUpdates() {
const update = await Updates.fetchUpdateAsync();
if (update.isNew) {
await Updates.reloadAsync(); // This will reload the app with the new update
}
}
Event Listeners for Updates
This feature allows you to listen for update-related events, such as when an update has been downloaded. You can handle these events to provide a better user experience.
import * as Updates from 'expo-updates';
import { EventEmitter } from 'expo-modules-core';
const eventEmitter = new EventEmitter(Updates);
const subscription = eventEmitter.addListener('Expo.updates.updateDownloaded', (event) => {
// Handle the update downloaded event
console.log('Update downloaded:', event);
});
// Remember to remove the listener when it's no longer needed
subscription.remove();
React Native CodePush is a similar package that allows you to push updates to your React Native app over-the-air. It integrates with Microsoft's CodePush service and provides similar functionalities like checking for updates, downloading updates, and applying updates. Compared to expo-updates, it requires additional setup and configuration but offers more control and flexibility.
The rn-update-apk package is used for updating Android apps by downloading and installing APK files. It is more suitable for apps that need to update the entire APK rather than just JavaScript bundles. Unlike expo-updates, it is platform-specific and does not support iOS.
The expo-updates
module enables your app to manage remote updates to your application code.
This module works with a server that implements the Expo Update protocol.
The EAS Update hosted service implements this protocol.
To build a custom server that implements the protocol, see the example server source code here.
Learn how to install expo-updates in your project in the Installing expo-updates documentation page.
FAQs
Fetches and manages remotely-hosted assets and updates to your app's JS bundle.
We found that expo-updates demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 28 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.