
Security News
Next.js moves to scheduled security releases
Vercel is formalizing a monthly release program for Next.js. The change follows React2Shell and a sharp rise in AI-assisted vulnerability discovery.
react-native-libsodium
Advanced tools
React Native bindings to Libsodium matching the libsodium-wrappers API
React Native bindings to Libsodium matching the libsodium-wrappers package API
Supported Platforms:
Currently only a subset of the libsodium-wrappers exposed functionality is implemented. For missing functionality we welcome pull-requests or you can sponsor the development. Get in touch with us at hi@serenity.re.
This package support the Expo plugin system and can be used together with the Expo dev-client.
npm install react-native-libsodium
Extend app.config.js with the following plugins entry:
export default {
expo: {
…
plugins: [["react-native-libsodium", {}]],
}
}
npm install react-native-libsodium
cd ios && pod install
Hint: see the example app in the repository regarding how to use the functions
import {
crypto_auth,
crypto_auth_verify,
crypto_auth_BYTES,
crypto_auth_KEYBYTES,
crypto_auth_keygen,
crypto_aead_xchacha20poly1305_ietf_decrypt,
crypto_aead_xchacha20poly1305_ietf_encrypt,
crypto_aead_xchacha20poly1305_ietf_KEYBYTES,
crypto_aead_xchacha20poly1305_ietf_NPUBBYTES,
crypto_aead_xchacha20poly1305_ietf_keygen,
crypto_box_easy,
crypto_box_keypair,
crypto_box_open_easy,
crypto_box_PUBLICKEYBYTES,
crypto_box_SECRETKEYBYTES,
crypto_box_seal,
crypto_box_seal_open,
crypto_kdf_CONTEXTBYTES,
crypto_kdf_derive_from_key,
crypto_kdf_KEYBYTES,
crypto_kdf_keygen,
crypto_pwhash, // only with loadSumoVersion with react-native-web
crypto_pwhash_ALG_DEFAULT, // only with loadSumoVersion with react-native-web
crypto_pwhash_MEMLIMIT_INTERACTIVE, // only with loadSumoVersion with react-native-web
crypto_pwhash_OPSLIMIT_INTERACTIVE, // only with loadSumoVersion with react-native-web
crypto_pwhash_SALTBYTES, // only with loadSumoVersion with react-native-web
crypto_generichash,
crypto_generichash_BYTES,
crypto_generichash_BYTES_MIN,
crypto_generichash_BYTES_MAX,
crypto_generichash_KEYBYTES,
crypto_generichash_KEYBYTES_MIN,
crypto_generichash_KEYBYTES_MAX,
crypto_secretbox_easy,
crypto_secretbox_KEYBYTES,
crypto_secretbox_keygen,
crypto_secretbox_NONCEBYTES,
crypto_secretbox_open_easy,
crypto_sign_detached,
crypto_sign_keypair,
crypto_sign_SEEDBYTES,
crypto_sign_verify_detached,
from_base64,
randombytes_buf,
randombytes_uniform,
to_base64,
to_hex,
to_string,
ready, // only needed for react-native-web
loadSumoVersion, // only relevant for react-native-web
_unstable_crypto_kdf_hkdf_sha256_BYTES_MAX, // has no counterpart in libsodium-wrappers yet
_unstable_crypto_kdf_hkdf_sha256_BYTES_MIN, // has no counterpart in libsodium-wrappers yet
_unstable_crypto_kdf_hkdf_sha256_KEYBYTES, // has no counterpart in libsodium-wrappers yet
_unstable_crypto_kdf_hkdf_sha256_extract, // has no counterpart in libsodium-wrappers yet
_unstable_crypto_kdf_hkdf_sha256_expand, // has no counterpart in libsodium-wrappers yet
} from 'react-native-libsodium';
// ...
For the web platform the constants and functions from the libsodium-wrappers package is exposed. This also means you need to wait for the ready Promise to be resolved before using any constant or function.
Certain constants and functions e.g. crypto_pwhash are only available in the libsodium-wrappers-sumo package. To load this package instead for web you can call loadSumoVersion right after importing the package.
import { loadSumoVersion, ready } from 'react-native-libsodium';
loadSumoVersion();
See the contributing guide to learn how to contribute to the repository and the development workflow.
MIT
The to_string function and base64_variants enum was copied from the libsodium.js project and you can find the license at LICENSE_libsodiumjs.
Made with create-react-native-library
Thanks to Donus for freeing up the react-native-libsodium package name on npm.
FAQs
React Native bindings to Libsodium matching the libsodium-wrappers API
The npm package react-native-libsodium receives a total of 3,039 weekly downloads. As such, react-native-libsodium popularity was classified as popular.
We found that react-native-libsodium demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
Vercel is formalizing a monthly release program for Next.js. The change follows React2Shell and a sharp rise in AI-assisted vulnerability discovery.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.