
Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
react-native-jpush-notify
Advanced tools
react-native link
。如果出错了,无需惊慌,手动配置一下即可,具体可参考这篇文章npm install react-native-jpush-notify jcore-react-native --save
配置包括两个步骤,自动配置和手动操作。
如果工程不是通过 Cocoapods 来集成 ReactNative 的可以直接使用下面代码来 link 插件。
react-native link
根据提示,输入 appKey
等即可。
自动配置操作会自动插入 Native 代码(iOS 中使用 Appdelegate.m 文件名,如果修改了该文件名需要手动插入代码),这个部分用户无需关系具体细节。
pod 'JPushRN', :path => '../node_modules/react-native-jpush-notify'
pod install
在 iOS 工程中设置 TARGETS-> BUILD Phases -> LinkBinary with Libraries 找到 UserNotifications.framework 把 status 设为 optional
在 iOS 工程中如果找不到头文件可能要在 TARGETS-> BUILD SETTINGS -> Search Paths -> Header Search Paths 添加如下路径
$(SRCROOT)/../node_modules/react-native-jpush-notify/ios/RCTJPushModule
your react native project/android/app/build.gradle
android {
defaultConfig {
applicationId "yourApplicationId"
...
manifestPlaceholders = [
JPUSH_APPKEY: "yourAppKey", //在此替换你的APPKey
APP_CHANNEL: "developer-default" //应用渠道号
]
}
}
...
dependencies {
implementation fileTree(dir: "libs", include: ["*.jar"])
implementation project(':react-native-jpush-notify') // 添加 jpush 依赖
implementation project(':jcore-react-native') // 添加 jcore 依赖
implementation "com.facebook.react:react-native:+" // From node_modules
}
将此处的 yourApplicationId 替换为你的项目的包名;yourAppKey 替换成你在官网上申请的应用的 AppKey。
Android v1.6.6 版本后新增 notifyJSDidLoad,请务必在接收事件之前调用此方法。
jumpToPushActivity
,使用参考 demoFAQs
a jpush plugin for react native application
The npm package react-native-jpush-notify receives a total of 1 weekly downloads. As such, react-native-jpush-notify popularity was classified as not popular.
We found that react-native-jpush-notify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Product
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
Security News
Research
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.