Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
react-native-ble-plx
Advanced tools
It supports:
It does NOT support:
For old RN versions (<0.60) please check old README (1.x) for the old instructions or migration guide.
React Native | 3.1.2 |
---|---|
0.74.1 | :white_check_mark: |
0.69.6 | :white_check_mark: |
Expo 51 | :white_check_mark: |
3.2.0
Current version changes All previous changes
Interested in React Native project involving Bluetooth Low Energy? We can help you!
Documentation can be found here.
Quick introduction can be found here
Contact us at intent.
Tested against Expo SDK 49 This package cannot be used in the "Expo Go" app because it requires custom native code. First install the package with yarn, npm, or
npx expo install
.
After installing this npm package, add the config plugin to the plugins
array of your app.json
or app.config.js
:
{
"expo": {
"plugins": ["react-native-ble-plx"]
}
}
Then you should build the version using native modules (e.g. with npx expo prebuild
command).
And install it directly into your device with npx expo run:android
.
You can find more details in the "Adding custom native code" guide.
The plugin provides props for extra customization. Every time you change the props or plugins, you'll need to rebuild (and prebuild
) the native app. If no extra properties are added, defaults will be used.
isBackgroundEnabled
(boolean): Enable background BLE support on Android. Adds <uses-feature android:name="android.hardware.bluetooth_le" android:required="true"/>
to the AndroidManifest.xml
. Default false
.neverForLocation
(boolean): Set to true only if you can strongly assert that your app never derives physical location from Bluetooth scan results. The location permission will be still required on older Android devices. Note, that some BLE beacons are filtered from the scan results. Android SDK 31+. Default false
. WARNING: This parameter is experimental and BLE might not work. Make sure to test before releasing to production.modes
(string[]): Adds iOS UIBackgroundModes
to the Info.plist
. Options are: peripheral
, and central
. Defaults to undefined.bluetoothAlwaysPermission
(string | false): Sets the iOS NSBluetoothAlwaysUsageDescription
permission message to the Info.plist
. Setting false
will skip adding the permission. Defaults to Allow $(PRODUCT_NAME) to connect to bluetooth devices
.Expo SDK 48 supports iOS 13+ which means
NSBluetoothPeripheralUsageDescription
is fully deprecated. It is no longer setup in@config-plugins/react-native-ble-plx@5.0.0
and greater.
{
"expo": {
"plugins": [
[
"react-native-ble-plx",
{
"isBackgroundEnabled": true,
"modes": ["peripheral", "central"],
"bluetoothAlwaysPermission": "Allow $(PRODUCT_NAME) to connect to bluetooth devices"
}
]
]
}
}
npm install --save react-native-ble-plx
ios
folder and run pod update
NSBluetoothAlwaysUsageDescription
in info.plist
file. (it is a requirement since iOS 13)Capabilities
tab and enable Uses Bluetooth LE Accessories
in
Background Modes
section.restoreStateIdentifier
and restoreStateFunction
to BleManager
constructor.npm install --save react-native-ble-plx
In top level build.gradle
make sure that min SDK version is at least 23:
buildscript {
ext {
...
minSdkVersion = 23
...
In build.gradle
make sure to add jitpack repository to known repositories:
allprojects {
repositories {
...
maven { url 'https://www.jitpack.io' }
}
}
In AndroidManifest.xml
, add Bluetooth permissions and update <uses-sdk/>
:
<manifest xmlns:android="http://schemas.android.com/apk/res/android">
...
<!-- Android >= 12 -->
<uses-permission android:name="android.permission.BLUETOOTH_SCAN" />
<uses-permission android:name="android.permission.BLUETOOTH_CONNECT" />
<!-- Android < 12 -->
<uses-permission android:name="android.permission.BLUETOOTH" android:maxSdkVersion="30" />
<uses-permission android:name="android.permission.BLUETOOTH_ADMIN" android:maxSdkVersion="30" />
<!-- common -->
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
<!-- Add this line if your application always requires BLE. More info can be found on:
https://developer.android.com/guide/topics/connectivity/bluetooth-le.html#permissions
-->
<uses-feature android:name="android.hardware.bluetooth_le" android:required="true"/>
...
(Optional) In SDK 31+ You can remove ACCESS_FINE_LOCATION
(or mark it as android:maxSdkVersion="30"
) from AndroidManifest.xml
and add neverForLocation
flag into BLUETOOTH_SCAN
permissions which says that you will not use location based on scanning eg:
<uses-permission android:name="android.permission.INTERNET" />
<!-- Android >= 12 -->
<uses-permission android:name="android.permission.BLUETOOTH_SCAN" android:usesPermissionFlags="neverForLocation" />
<uses-permission android:name="android.permission.BLUETOOTH_CONNECT" />
<!-- Android < 12 -->
<uses-permission android:name="android.permission.BLUETOOTH" android:maxSdkVersion="30" />
<uses-permission android:name="android.permission.BLUETOOTH_ADMIN" android:maxSdkVersion="30" />
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" android:maxSdkVersion="30" />
...
With neverForLocation
flag active, you no longer need to ask for ACCESS_FINE_LOCATION
in your app
FAQs
React Native Bluetooth Low Energy library
We found that react-native-ble-plx demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.