Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
react-native-tcp-socket
Advanced tools
React Native TCP socket API for Android & iOS with SSL/TLS support
React Native TCP socket API for Android & iOS with client SSL/TLS support. It allows you to create TCP clients and servers sockets, imitating some of Node's net API functionalities (check the available API for more information).
Install the library using either Yarn:
yarn add react-native-tcp-socket
or npm:
npm install --save react-native-tcp-socket
Linking the package manually is not required anymore with Autolinking.
iOS Platform:
$ cd ios && pod install && cd ..
# CocoaPods on iOS needs this extra step
Android Platform:
Modify your android/build.gradle
configuration to match minSdkVersion = 21
:
buildscript {
ext {
...
minSdkVersion = 21
...
}
You will need a metro.config.js file in order to use a self-signed SSL certificate. You should already have this file in your root project directory, but if you don't, create it.
Inside a module.exports
object, create a key called resolver
with another object called assetExts
. The value of assetExts
should be an array of the resource file extensions you want to support.
If you want to support .pem
files (plus all the already supported files), your metro.config.js
would like like this:
const {getDefaultConfig} = require('metro-config');
const defaultConfig = getDefaultConfig.getDefaultValues(__dirname);
module.exports = {
resolver: {
assetExts: [...defaultConfig.resolver.assetExts, 'pem'],
},
// ...
};
You then need to link the native parts of the library for the platforms you are using. The easiest way to link the library is using the CLI tool by running this command from the root of your project:
$ react-native link react-native-tcp-socket
If you can't or don't want to use the CLI tool, you can also manually link the library using the instructions below (click on the arrow to show them):
Libraries
➜ Add Files to [your project's name]
node_modules
➜ react-native-tcp-socket
and add TcpSockets.xcodeproj
libTcpSockets.a
to your project's Build Phases
➜ Link Binary With Libraries
Cmd+R
)<android/app/src/main/java/[...]/MainApplication.java
import com.asterinet.react.tcpsocket.TcpSocketPackage;
to the imports at the top of the filenew TcpSocketPackage()
to the list returned by the getPackages()
methodandroid/settings.gradle
:
include ':react-native-tcp-socket'
project(':react-native-tcp-socket').projectDir = new File(rootProject.projectDir, '../node_modules/react-native-tcp-socket/android')
android/app/build.gradle
:
compile project(':react-native-tcp-socket')
To use this library you need to ensure you are using the correct version of React Native. If you are using a version of React Native that is lower than 0.60
you will need to upgrade before attempting to use this library latest version.
react-native-tcp-socket version | Required React Native Version |
---|---|
4.X.X , 3.X.X | >= 0.60.0 |
1.4.0 | >= Unknown |
Import the library:
import TcpSocket from 'react-native-tcp-socket';
// const net = require('react-native-tcp-socket');
// Create socket
const client = TcpSocket.createConnection(options, () => {
// Write on the socket
client.write('Hello server!');
// Close socket
client.destroy();
});
client.on('data', function(data) {
console.log('message was received', data);
});
client.on('error', function(error) {
console.log(error);
});
client.on('close', function(){
console.log('Connection closed!');
});
const server = TcpSocket.createServer(function(socket) {
socket.on('data', (data) => {
socket.write('Echo server', data);
});
socket.on('error', (error) => {
console.log('An error ocurred with client socket ', error);
});
socket.on('close', (error) => {
console.log('Closed connection with ', socket.address());
});
}).listen({ port: 12345, host: '0.0.0.0' });
server.on('error', (error) => {
console.log('An error ocurred with the server', error);
});
server.on('close', () => {
console.log('Server closed connection');
});
const client = TcpSocket.createConnection({
port: 8443,
host: "example.com",
tls: true,
// tlsCheckValidity: false, // Disable validity checking
// tlsCert: require('./selfmade.pem') // Self-signed certificate
});
// ...
Note: In order to use self-signed certificates make sure to update your metro.config.js configuration.
Here are listed all methods implemented in react-native-tcp-socket
, their functionalities are equivalent to those provided by Node's net (more info on #41). However, the methods whose interface differs from Node are marked in bold.
createConnection()
createConnection(options[, callback])
creates a TCP connection using the given options
.
createConnection: options
Required. Available options for creating a socket. It must be an object
with the following properties:
Property | Type | iOS | Android | Description |
---|---|---|---|---|
port | <number> | ✅ | ✅ | Required. Port the socket should connect to. |
host | <string> | ✅ | ✅ | Host the socket should connect to. IP address in IPv4 format or 'localhost' . Default: 'localhost' . |
timeout | <number> | ✅ | ✅ | If set, will be used to call setTimeout(timeout) after the socket is created, but before it starts the connection. |
localAddress | <string> | ✅ | ✅ | Local address the socket should connect from. If not specified, the OS will decide. It is highly recommended to specify a localAddress to prevent overload errors and improve performance. |
localPort | <number> | ✅ | ✅ | Local port the socket should connect from. If not specified, the OS will decide. |
interface | <string> | ❌ | ✅ | Interface the socket should connect from. If not specified, it will use the current active connection. The options are: 'wifi', 'ethernet', 'cellular' . |
reuseAddress | <boolean> | ❌ | ✅ | Enable/disable the reuseAddress socket option. Default: true . |
tls | <boolean> | ✅ | ✅ | Enable/disable SSL/TLS socket creation. Default: false . |
tlsCheckValidity | <boolean> | ✅ | ✅ | Enable/disable SSL/TLS certificate validity check. Default: true . |
tlsCert | <any> | ✅ | ✅ | CA file (.pem format) to trust. If null , it will use the device's default SSL trusted list. Useful for self-signed certificates. See example for more info. Default: null . |
Note: The platforms marked as ❌ use the default value.
listen()
listen(options[, callback])
creates a TCP server socket using the given options
.
listen: options
Required. Available options for creating a server socket. It must be an object
with the following properties:
Property | Type | iOS | Android | Description |
---|---|---|---|---|
port | <number> | ✅ | ✅ | Required. Port the socket should listen to. |
host | <string> | ✅ | ✅ | Host the socket should listen to. IP address in IPv4 format or 'localhost' . Default: '0.0.0.0' . |
reuseAddress | <boolean> | ❌ | ✅ | Enable/disable the reuseAddress socket option. Default: true . |
Note: The platforms marked as ❌ use the default value.
The library is released under the MIT license. For more information see LICENSE
.
FAQs
React Native TCP socket API for Android & iOS with SSL/TLS support
The npm package react-native-tcp-socket receives a total of 8,446 weekly downloads. As such, react-native-tcp-socket popularity was classified as popular.
We found that react-native-tcp-socket demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.