Code Monkey home page Code Monkey logo

react-native-version-check's Introduction

react-native-version-check

npm version npm downloads Build Status DevDependencies Status Known Vulnerabilities

A version checker for react-native applications. This library gets the latest app version by parsing google play store, apple app store's app information or custom url. Parsing code is referenced from here

Looking for maintainers!

I have almost zero experience in ios development, and I am no longer working on mobile app development(doing backend and devops works mainly and some web frontend). It makes it hard to maintain this library actively. Hope to have someone to help maintaining react-native-version-check!

expo

react-native-version-check supports expo! with react-native-version-check-expo

  • usage
// import
import VersionCheck from 'react-native-version-check-expo'

VersionCheck.getCountry().then(country => console.log(country))

Getting started

  • npm
$ npm install react-native-version-check
  • yarn
$ yarn add react-native-version-check

Example

$ git clone https://github.com/kimxogus/react-native-version-check.git
$ cd react-native-version-check/example
$ yarn # or npm install
$ react-native run-android # or react-native run-ios

Automatic Installation

$ react-native link react-native-version-check

Manual Installation

- iOS - Link Manually

  • Add .xcodeproj file as library to XCode project.

    1. In project navigator, right click Libraries
    2. Select Add Files to [PROJECT_NAME]
    3. Add the node_modules/react-native-version-check/ios/RNVersionCheck.xcodeproj file

  • Add the libRNVersionCheck.a from the RNVersionCheck project to your project's Build Phases > Link Binary With Libraries

iOS - CocoaPods Package Manager

  • Add to your Podfile (assuming it's in ios/Podfile): 
    pod 'react-native-version-check', :path => '../node_modules/react-native-version-check'
  • Reinstall pod with cd ios && pod install && cd ..

- Android

  • Append the following lines to android/settings.gradle:
...
include ':react-native-version-check'
project(':react-native-version-check').projectDir = new File(rootProject.projectDir, 	'../node_modules/react-native-version-check/android')
  • Insert the following lines inside the dependencies block in android/app/build.gradle:
...
dependencies {
   ...
   compile project(':react-native-version-check')
}
  • Open up android/app/src/main/java/[...]/MainApplication.java
......
import io.xogus.reactnative.versioncheck.RNVersionCheckPackage;  // <--- HERE

......

@Override
protected List<ReactPackage> getPackages() {
   ......
   new RNVersionCheckPackage()            // <------ HERE
   ......
}

Usage

import { Linking } from 'react-native';
import VersionCheck from 'react-native-version-check';

VersionCheck.getCountry()
  .then(country => console.log(country));          // KR
console.log(VersionCheck.getPackageName());        // com.reactnative.app
console.log(VersionCheck.getCurrentBuildNumber()); // 10
console.log(VersionCheck.getCurrentVersion());     // 0.1.1

VersionCheck.getLatestVersion()
  .then(latestVersion => {
    console.log(latestVersion);    // 0.1.2
  });

VersionCheck.getLatestVersion({
    provider: 'appStore'  // for iOS
  })
  .then(latestVersion => {
    console.log(latestVersion);    // 0.1.2
  });

VersionCheck.getLatestVersion({
    provider: 'playStore'  // for Android
  })
  .then(latestVersion => {
    console.log(latestVersion);    // 0.1.2
  });

VersionCheck.getLatestVersion()    // Automatically choose profer provider using `Platform.select` by device platform.
  .then(latestVersion => {
    console.log(latestVersion);    // 0.1.2
  });

VersionCheck.getLatestVersion({
  forceUpdate: true,
  provider: () => fetch('http://your.own/api')
    .then(r => r.json())
    .then(({version}) => version),   // You can get latest version from your own api.
}).then(latestVersion =>{
  console.log(latestVersion);
});

VersionCheck.needUpdate()
  .then(async res => {
    console.log(res.isNeeded);    // true
    if (res.isNeeded) {
      Linking.openURL(res.storeUrl);  // open store if update is needed.
    }
  });

VersionCheck.needUpdate({
  depth: 2
}).then(res => {
  console.log(res.isNeeded);
  // false; because first two fields of current and the latest versions are the same as "0.1".
});

VersionCheck.needUpdate({
  currentVersion: "1.0",
  latestVersion: "2.0"
}).then(res => {
  console.log(res.isNeeded);  // true
});

VersionCheck.needUpdate({
  depth: 1,
  currentVersion: "2.1",
  latestVersion: "2.0",
}).then(res => {
  console.log(res.isNeeded);  // false
});

Methods

  • #getCountry() (Promise<country: String>) - Returns device's country code of 2 characters.

  • #getPackageName() (packageName: String) - Returns package name of app.

  • #getCurrentBuildNumber() (buildNumber: Number) - Returns current app build number.

  • #getStoreUrl([option: Object]) (Promise<storeUrl: String>) - Returns url of Play Market or App Store of app.

  • #getAppStoreUrl([option: Object]) (Promise<storeUrl: String>) - Returns url of App Store of app.

    • Option

      Field Type Default
      appID string App ID
      ignoreErrors boolean true

  • #getPlayStoreUrl([option: Object]) (Promise<storeUrl: String>) - Returns url of Play Store of app.

    • Option

      Field Type Default
      packageName string Package Name
      ignoreErrors boolean true

  • #getCurrentVersion() (currentVersion: String) - Returns current app version.

  • #getLatestVersion([option: Object]) (Promise<latestVersion: String>) - Returns the latest app version parsed from url. Returns null when parsing error occurs.

    • Option

      Field Type Default
      forceUpdate boolean false
      provider string or function provider name or function that returns promise or value of the latest version
      fetchOptions object isomorphic-fetch options (https://github.github.io/fetch/)
      ignoreErrors boolean true

  • #needUpdate([option: Object]) (Promise<result: Object>) - Returns an object contains with boolean value whether update needed, current version and latest version. Current and the latest app versions are first split by delimiter, and check each split numbers into depth.

    • Option

      Field Type Default
      currentVersion string app's current version from getCurrentVersion()
      latestVersion string app's latest version from getLatestVersion()
      depth number Infinity
      forceUpdate boolean false
      provider string or function provider name or function that returns promise or value of the latest version
      fetchOptions object isomorphic-fetch options (https://github.github.io/fetch/)
      ignoreErrors boolean true

    • Result

      Field Type
      isNeeded boolean
      storeUrl string
      currentVersion string
      latestVersion string

License

MIT

react-native-version-check's People

Contributors

adeilsonesilva avatar adrianchinghc avatar axelcm avatar behzad888 avatar carlateo avatar dependabot[bot] avatar diegoplatap avatar duonghongthuan avatar exilz avatar fatmamahmoud698 avatar fnimick avatar henninghall avatar inceptsolutions avatar kimxogus avatar leecsargent avatar lfkwtz avatar macintoshhelper avatar mklb avatar rf1804 avatar roelandvanbatenburg avatar shinarasheed avatar slvtrs avatar smdjeff avatar stdavis avatar strdr4605 avatar thunderbird7 avatar titozzz avatar tschoffelen avatar vitalik7 avatar yujin-noh avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

clearscholar redwind tjsaini007 pjbr narodejesus behzad888 softwerkab titozzz kholiavko-roman femotizo ismnoiet alexsweat homepass trendingtechnology denisdimitrov coderwassananmol chansuke adrianchinghc thunderbird7 mklb gregory-light-it slvtrs panda-ref shahbazmancho thinhbui duonghongthuan workit-health fauzzi deepu281993 jhakaasco pigflymoon mgenov journlas congnguyen91 stdavis juansimon18 jonnyonit webintricom devstoragerepossitory thegamenicorus maximeconan roelandvanbatenburg bagyaru ajency chauvv praddy89jai nzepa74 trihoang3011 lethienhung limdongkyu sepakk cohedz94 xiaoleonex tungcsc103 ulion edilsonlsouza weepeclabs thanhthang2295 vitalik7 marqroldan sckoh abduljeleelng hadajung ankurgahtori2012 john-88 pmtc sadhr hosek mangowi zarir ig4ever bfriedrichs arkan4ik leecsargent fernando922 lazyflog andrespi medigvijay henninghall juliofihdeldev yadhu88 mnghn07 webyonet react-native-noob active-image sebaxf koyta sofiyaca monceeef huy-lv boltfive505 aleksandern 5hyunseok liorokach ppang0405 bang9 masrurimz jeffrey-dozva iainheng mendesfelipe87

react-native-version-check's Issues

appName or appID is undefined

these methods return well:

console.log(VersionCheck.getCountry());            // KR
console.log(VersionCheck.getPackageName());        // com.reactnative.app
console.log(VersionCheck.getCurrentBuildNumber()); // 10
console.log(VersionCheck.getCurrentVersion());     // 0.1.1

but the others like VersionCheck.getLatestVersion()

return an error : appName or appID is undefined.

VersionCheck.setAppID(CONFIG.ITUNE_INFOS.id);
VersionCheck.setAppName(CONFIG.ITUNE_INFOS.name);

are setted correctly i think :/

getStoreUrl will not work in expo. Please use "getCountryAsync()"

I using getStoreUrl for open Google Play / Apple Store if users version is outdated, but get this warn:

getStoreUrl will not work in expo. Please use "getCountryAsync()" instead. This will be deprecated from v3

but I don't understand - getStoreUrl is for open application in Google Play or in App Store, while getCountry / getCountryAsync is for display country name. Or I miss something?

p.s. I don't use Expo

WS-2019-0019 (Medium) detected in braces-1.8.5.tgz

WS-2019-0019 - Medium Severity Vulnerability

Vulnerable Library - braces-1.8.5.tgz

Fastest brace expansion for node.js, with the most complete support for the Bash 4.3 braces specification.

Library home page: https://registry.npmjs.org/braces/-/braces-1.8.5.tgz

Path to dependency file: /react-native-version-check/packages/react-native-version-check/package.json

Path to vulnerable library: /tmp/git/react-native-version-check/packages/react-native-version-check/node_modules/braces/package.json,/tmp/git/react-native-version-check/packages/react-native-version-check/node_modules/braces/package.json,/tmp/git/react-native-version-check/packages/react-native-version-check/node_modules/braces/package.json

Dependency Hierarchy:

  • jest-22.4.4.tgz (Root Library)
    • jest-cli-22.4.4.tgz
      • micromatch-2.3.11.tgz
        • braces-1.8.5.tgz (Vulnerable Library)

Found in HEAD commit: d52a5161ca4eeb5387c6b83aba1683450896bcd8

Vulnerability Details

Version of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.

Publish Date: 2019-03-25

URL: WS-2019-0019

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/786

Release Date: 2019-02-21

Fix Resolution: 2.3.1

Step up your Open Source Security Game with WhiteSource here

CVE-2017-16138 (High) detected in mime-1.3.4.tgz

CVE-2017-16138 - High Severity Vulnerability

Vulnerable Library - mime-1.3.4.tgz

A comprehensive library for mime-type mapping

Library home page: https://registry.npmjs.org/mime/-/mime-1.3.4.tgz

Path to dependency file: /react-native-version-check/packages/react-native-version-check-expo/package.json

Path to vulnerable library: /tmp/git/react-native-version-check/packages/react-native-version-check-expo/node_modules/send/node_modules/mime/package.json,/tmp/git/react-native-version-check/packages/react-native-version-check-expo/node_modules/send/node_modules/mime/package.json

Dependency Hierarchy:

  • react-native-0.48.4.tgz (Root Library)
    • connect-2.30.2.tgz
      • serve-static-1.10.3.tgz
        • send-0.13.2.tgz
          • mime-1.3.4.tgz (Vulnerable Library)

Found in HEAD commit: d52a5161ca4eeb5387c6b83aba1683450896bcd8

Vulnerability Details

The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.

Publish Date: 2018-06-07

URL: CVE-2017-16138

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

How to test?

I'm new in mobile development so could you please tell me if testing is possible without releasing the app on App\Play Store.
If possible, please, tell me how.

Fatal Exception: NSInvalidArgumentException

Hello,
I've the package installed on one of my application, few weeks ago i've started see crashes on my app, and since i've Fabric installed i found that the issue in the below line !! any help how to fix it ?! or why even this happens ?!
[RNVersionCheck constantsToExport] (RNVersionCheck.m:42)

Expo required 

Unable to resolve module `expo` from `react-native-version-check/src/versionInfo.js`: 
Module does not exist in the module map

I do not use expo, I don't plan on using it either.

 ~node
> process.env.RNVC_EXPO
undefined

Xcode Error: 2 duplicate symbols for architecture x86_64

I have installed this all manually following your readme, and when I link the library:

screen shot 2018-01-24 at 2 30 02 pm

I get an build failure error:

    /Users/.../Library/Developer/Xcode/DerivedData/.../Build/Products/Debug-iphonesimulator/react-native-version-check/libreact-native-version-check.a(RNVersionCheck.o)
    /Users/.../Library/Developer/Xcode/DerivedData/.../Build/Products/Debug-iphonesimulator/libRNVersionCheck.a(RNVersionCheck.o)
duplicate symbol _OBJC_METACLASS_$_RNVersionCheck in:
    /Users/.../Library/Developer/Xcode/DerivedData/.../Build/Products/Debug-iphonesimulator/react-native-version-check/libreact-native-version-check.a(RNVersionCheck.o)
    /Users/.../Library/Developer/Xcode/DerivedData/.../Build/Products/Debug-iphonesimulator/libRNVersionCheck.a(RNVersionCheck.o)
ld: 2 duplicate symbols for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)

react-native link - Error: Cannot read property 'match' of undefined

While try automatic link libraries, got error.

$ react-native link
...
rnpm-install info Linking react-native-version-check android dependency 
rnpm-install info Android module react-native-version-check has been successfully linked 
rnpm-install info Linking react-native-version-check ios dependency 
rnpm-install **ERR**! Something went wrong while linking. Error: Cannot read property 'match' of undefined 
Please file an issue here: https://github.com/facebook/react-native/issues

I have RN:

react-native-cli: 2.0.1 
react-native: 0.50.4

What should I do?

i'm new at this 

checkVersion(){
      VersionCheck.setAppID('123456789');
      VersionCheck.setAppName('awesomeproject');

      platformCheck = Platform.OS === 'ios' ? 'https://www.google.com/' : 'https://www.bing.com/',
      curVersion = VersionCheck.getCurrentVersion()
      console.log('this is current version ========-=-=-=-=-=-=-=-=-=-=-=-= ', VersionCheck.getCurrentVersion())
      VersionCheck.getLatestVersion({
          forceUpdate: true,
          url: "https://www.bing.com/version",   // this url contain number for latestversion
      }).then(latestVersion =>{
          VersionCheck.needUpdate({
              currentVersion: curVersion, // curversion is 2.0 
              latestVersion: latestVersion // latestversion is 10
          }).then(res => {
            console.log('this is latest version -=-=-=-=-=-=-=-=-=- ', latestVersion)
              if (res.isNeeded) {
                  Alert.alert(
                      'you need to bloody update',
                      'new version bloody available',
                      [{
                          text: 'Bloody Upgrade',
                          onPress: () => {
                              Linking.openURL(platformCheck)
                          }
                      }]
                  )
              }
          })
      });
  }

so the function i put inside componentwillmount() and it didn't budge!!
where have I done wrong?
i think it read 10 as 1.0

CVE-2016-10539 (High) detected in negotiator-0.5.3.tgz

CVE-2016-10539 - High Severity Vulnerability

Vulnerable Library - negotiator-0.5.3.tgz

HTTP content negotiation

Library home page: https://registry.npmjs.org/negotiator/-/negotiator-0.5.3.tgz

Path to dependency file: /react-native-version-check/packages/react-native-version-check-expo/package.json

Path to vulnerable library: /tmp/git/react-native-version-check/packages/react-native-version-check-expo/node_modules/negotiator/package.json,/tmp/git/react-native-version-check/packages/react-native-version-check-expo/node_modules/negotiator/package.json

Dependency Hierarchy:

  • react-native-0.48.4.tgz (Root Library)
    • connect-2.30.2.tgz
      • compression-1.5.2.tgz
        • accepts-1.2.13.tgz
          • negotiator-0.5.3.tgz (Vulnerable Library)

Found in HEAD commit: d52a5161ca4eeb5387c6b83aba1683450896bcd8

Vulnerability Details

negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string.

Publish Date: 2018-05-31

URL: CVE-2016-10539

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/106

Release Date: 2016-06-16

Fix Resolution: Upgrade to at least version 0.6.1

Express users should update to Express 4.14.0 or greater. If you want to see if you are using a vulnerable call, a quick grep for the acceptsLanguages function call in your application will tell you if you are using this functionality.

Step up your Open Source Security Game with WhiteSource here

iOS Version check not working when outside the US and app not added to US Store

We have an app that is only available in the GB store (NOT in the US store).

We see that the library uses the following url to get our version info:

https://itunes.apple.com/lookup?id=1327861046

This returns no results:
{ "resultCount":0, "results": [] }

However, if the country code is added to the URL we get the expected results.
https://itunes.apple.com/lookup?id=1327861046**&country=GB**

I believe that the solution would be to always add the country code to the lookup URL, but not sure if this would have any side effects?

Alternatively make this an option that if specified and not blank will be used as part of the lookup url (the same way that the id and store name are set as options for iOS).

version check seems to be cached

I've tried manually fetching the latest versions with the url's provided in the library and I get the latest version of my app, but I get an old version of the file once I run the app and log the response of the getVersion fetch in appStore.js. It seems like my app (phone) is caching the responses. Is there a way to bypass/fix this?

Always get 'Parse error.' when try to use needUpdate

I try to use the above code:

    VersionCheck.needUpdate()
      .then((res) => console.log('>>>>>', res))
      .catch(error => console.log('[VersionCheck] error', error));

And always go to catch block with error message: Parse error.
React Native: v0.50.4
React: v0.16.0
React Native Version Check: v2.3.2
Platform: Android

WS-2017-0247 (Low) detected in ms-0.7.1.tgz, ms-0.7.2.tgz

WS-2017-0247 - Low Severity Vulnerability

Vulnerable Libraries - ms-0.7.1.tgz, ms-0.7.2.tgz

ms-0.7.1.tgz

Tiny ms conversion utility

Library home page: https://registry.npmjs.org/ms/-/ms-0.7.1.tgz

Path to dependency file: /react-native-version-check/packages/react-native-version-check/package.json

Path to vulnerable library: /tmp/git/react-native-version-check/packages/react-native-version-check-expo/node_modules/finalhandler/node_modules/ms/package.json,/tmp/git/react-native-version-check/packages/react-native-version-check-expo/node_modules/finalhandler/node_modules/ms/package.json

Dependency Hierarchy:

  • react-native-0.48.4.tgz (Root Library)
    • connect-2.30.2.tgz
      • body-parser-1.13.3.tgz
        • debug-2.2.0.tgz
          • ms-0.7.1.tgz (Vulnerable Library)
ms-0.7.2.tgz

Tiny milisecond conversion utility

Library home page: https://registry.npmjs.org/ms/-/ms-0.7.2.tgz

Path to dependency file: /react-native-version-check/packages/react-native-version-check-expo/package.json

Path to vulnerable library: /tmp/git/react-native-version-check/packages/react-native-version-check/node_modules/serve-favicon/node_modules/ms/package.json,/tmp/git/react-native-version-check/packages/react-native-version-check/node_modules/serve-favicon/node_modules/ms/package.json

Dependency Hierarchy:

  • react-native-0.48.4.tgz (Root Library)
    • connect-2.30.2.tgz
      • serve-favicon-2.3.2.tgz
        • ms-0.7.2.tgz (Vulnerable Library)

Found in HEAD commit: d52a5161ca4eeb5387c6b83aba1683450896bcd8

Vulnerability Details

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS).

Publish Date: 2017-05-15

URL: WS-2017-0247

CVSS 2 Score Details (3.4)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: vercel/ms@305f2dd

Release Date: 2017-04-12

Fix Resolution: Replace or update the following file: index.js

Step up your Open Source Security Game with WhiteSource here

bug in version checking

currentVersion: 3.0.2 vs latestVersion: 2.6.1 => updateNeeded = true
the version checking code does not break the checking if the major version is higher than the minor versions

Data is not being fetched when VersionCheck.needUpdate is called inside react's lifecycle method

I'm trying to use VersionCheck.needUpdate method inside my component scope so i can call prop's methods on needUpdate callback:

componentDidMount() {
      VersionCheck.needUpdate({
        depth: 2,
      }).then((res) => {
        console.log('res', res);
        if (res.isNeeded === true) {
           // call this.props.someMethod();
        }
        return null;
      });
}

but .then() is never reached.
Digging into package's code i saw that when i call VersionCheck.needUpdate, fetch() method is not returning any data when it request https://play.google.com/store/apps/details?id=, for instance.

Does anyone have any solution to this?

Can't get getStoreUrl() working

Hello. I'm trying to use VersionCheck.getStoreUrl() to get the url and link it to button, but i'm getting following error on console:

Error: At least one of appID and appName is empty.
Error: At least one of appID and appName is empty.

Do i have to set the app id and name manually?

I don't have any problem with other methods, such as VersionCheck.needUpdate, it fetches the correct versioning from the stores.

Thanks.

"react-native": "0.57.5"

CVE-2018-16487 (High) detected in lodash-3.10.1.tgz

CVE-2018-16487 - High Severity Vulnerability

Vulnerable Library - lodash-3.10.1.tgz

The modern build of lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz

Path to dependency file: /react-native-version-check/packages/react-native-version-check-expo/package.json

Path to vulnerable library: /tmp/git/react-native-version-check/packages/react-native-version-check-expo/node_modules/xmlbuilder/node_modules/lodash/package.json,/tmp/git/react-native-version-check/packages/react-native-version-check-expo/node_modules/xmlbuilder/node_modules/lodash/package.json

Dependency Hierarchy:

  • react-native-0.48.4.tgz (Root Library)
    • plist-1.2.0.tgz
      • xmlbuilder-4.0.0.tgz
        • lodash-3.10.1.tgz (Vulnerable Library)

Found in HEAD commit: d52a5161ca4eeb5387c6b83aba1683450896bcd8

Vulnerability Details

A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.

Publish Date: 2019-02-01

URL: CVE-2018-16487

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16487

Release Date: 2019-02-01

Fix Resolution: 4.17.11

Step up your Open Source Security Game with WhiteSource here

TypeError: Cannot read property of undefined

I'm trying to use this library on iOS but I always get the Cannot read property [...] of undefined . I tried installing using NPM/link and Pods but no success. I'm simply trying to get the current package name using this library. My code is console.log(VersionCheck.getPackageName());.

I also tried using the needUpdate method, but I get a similar error message TypeError: Cannot read property 'currentVersion' of undefined.

Any idea of how I could fix this issue? Let me know if you need more info. Thanks!

Edit: I'm using "react-native-version-check": "^3.0.0-rc.2"

WS-2017-0330 (Medium) detected in mime-1.3.4.tgz

WS-2017-0330 - Medium Severity Vulnerability

Vulnerable Library - mime-1.3.4.tgz

A comprehensive library for mime-type mapping

Library home page: https://registry.npmjs.org/mime/-/mime-1.3.4.tgz

Path to dependency file: /react-native-version-check/packages/react-native-version-check-expo/package.json

Path to vulnerable library: /tmp/git/react-native-version-check/packages/react-native-version-check-expo/node_modules/send/node_modules/mime/package.json,/tmp/git/react-native-version-check/packages/react-native-version-check-expo/node_modules/send/node_modules/mime/package.json

Dependency Hierarchy:

  • react-native-0.48.4.tgz (Root Library)
    • connect-2.30.2.tgz
      • serve-static-1.10.3.tgz
        • send-0.13.2.tgz
          • mime-1.3.4.tgz (Vulnerable Library)

Found in HEAD commit: d52a5161ca4eeb5387c6b83aba1683450896bcd8

Vulnerability Details

Affected version of mime (1.0.0 throw 1.4.0 and 2.0.0 throw 2.0.2), are vulnerable to regular expression denial of service.

Publish Date: 2017-09-27

URL: WS-2017-0330

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: broofa/mime@1df903f

Release Date: 2019-04-03

Fix Resolution: 1.4.1,2.0.3

Step up your Open Source Security Game with WhiteSource here

forceUpdate

Hi, I'm doing an apps for android and ios.
it seems that forceUpdate: true only work iOS, I might be using it the wrong way or understand it the wrong way.
forceUpdate: true function is to prevent user from not updating to the latest apps right?
say if I display alert, a modal, user shouldn't be able to click the grey area outside the modal, right?
Please, help....

Podspec missing from npm package

Hello, podspec is missing when I install react-native-version-check, which makes using this repo with cocoapods only impossible

Something wrong, please fix it.

change to this code:
const indexStart = text.indexOf(startToken);
if (indexStart === -1) {
latestVersion = text.trim();
return Promise.resolve(latestVersion);
}
text = text.substr(indexStart + startToken.length);
const indexEnd = text.indexOf(endToken);
if (indexEnd === -1) {
return Promise.reject("Parse error.");
}
text = text.substr(0, indexEnd);

Parse error

Apparently, google playstore changed their markup for the current version so the plugin throws a parse error every time although it works perfectly before. I think the parsing needed an update to adapt to the changed Google made in the current version markup.

CVE-2018-3721 (Medium) detected in lodash-3.10.1.tgz

CVE-2018-3721 - Medium Severity Vulnerability

Vulnerable Library - lodash-3.10.1.tgz

The modern build of lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz

Path to dependency file: /react-native-version-check/packages/react-native-version-check-expo/package.json

Path to vulnerable library: /tmp/git/react-native-version-check/packages/react-native-version-check-expo/node_modules/xmlbuilder/node_modules/lodash/package.json,/tmp/git/react-native-version-check/packages/react-native-version-check-expo/node_modules/xmlbuilder/node_modules/lodash/package.json

Dependency Hierarchy:

  • react-native-0.48.4.tgz (Root Library)
    • plist-1.2.0.tgz
      • xmlbuilder-4.0.0.tgz
        • lodash-3.10.1.tgz (Vulnerable Library)

Found in HEAD commit: d52a5161ca4eeb5387c6b83aba1683450896bcd8

Vulnerability Details

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.

Publish Date: 2018-06-07

URL: CVE-2018-3721

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-3721

Release Date: 2018-06-07

Fix Resolution: 4.17.5

Step up your Open Source Security Game with WhiteSource here

control react-native version from app project

It would be good if react-native version is controlled from the parent project instead of defining concrete version internally.

def safeExtGet(prop, fallback) {
    rootProject.ext.has(prop) ? rootProject.ext.get(prop) : fallback
}

dependencies {
  implementation "com.facebook.react:react-native:${safeExtGet('reactNativeVersion', '+')}"
}

e.g this snippet will ensure that project could specify rn version on it's own.

WS-2017-0421 (High) detected in ws-2.3.1.tgz, ws-1.1.5.tgz

WS-2017-0421 - High Severity Vulnerability

Vulnerable Libraries - ws-2.3.1.tgz, ws-1.1.5.tgz

ws-2.3.1.tgz

Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js

Library home page: https://registry.npmjs.org/ws/-/ws-2.3.1.tgz

Path to dependency file: /react-native-version-check/packages/react-native-version-check-expo/package.json

Path to vulnerable library: /tmp/git/react-native-version-check/packages/react-native-version-check-expo/node_modules/react-devtools-core/node_modules/ws/package.json,/tmp/git/react-native-version-check/packages/react-native-version-check-expo/node_modules/react-devtools-core/node_modules/ws/package.json

Dependency Hierarchy:

  • react-native-0.48.4.tgz (Root Library)
    • react-devtools-core-2.5.2.tgz
      • ws-2.3.1.tgz (Vulnerable Library)
ws-1.1.5.tgz

Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js

Library home page: https://registry.npmjs.org/ws/-/ws-1.1.5.tgz

Path to dependency file: /react-native-version-check/packages/react-native-version-check-expo/package.json

Path to vulnerable library: /tmp/git/react-native-version-check/packages/react-native-version-check/node_modules/ws/package.json,/tmp/git/react-native-version-check/packages/react-native-version-check/node_modules/ws/package.json

Dependency Hierarchy:

  • react-native-0.48.4.tgz (Root Library)
    • ws-1.1.5.tgz (Vulnerable Library)

Found in HEAD commit: d52a5161ca4eeb5387c6b83aba1683450896bcd8

Vulnerability Details

Affected version of ws (0.2.6--3.3.0) are vulnerable to A specially crafted value of the Sec-WebSocket-Extensions header that used Object.prototype property names as extension or parameter names could be used to make a ws server crash.

Publish Date: 2017-11-08

URL: WS-2017-0421

CVSS 2 Score Details (7.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/550/versions

Release Date: 2019-01-24

Fix Resolution: 3.3.1

Step up your Open Source Security Game with WhiteSource here

CVE-2017-16119 (High) detected in fresh-0.3.0.tgz

CVE-2017-16119 - High Severity Vulnerability

Vulnerable Library - fresh-0.3.0.tgz

HTTP response freshness testing

Library home page: https://registry.npmjs.org/fresh/-/fresh-0.3.0.tgz

Path to dependency file: /react-native-version-check/packages/react-native-version-check-expo/package.json

Path to vulnerable library: /tmp/git/react-native-version-check/packages/react-native-version-check/node_modules/fresh/package.json,/tmp/git/react-native-version-check/packages/react-native-version-check/node_modules/fresh/package.json

Dependency Hierarchy:

  • react-native-0.48.4.tgz (Root Library)
    • connect-2.30.2.tgz
      • fresh-0.3.0.tgz (Vulnerable Library)

Found in HEAD commit: d52a5161ca4eeb5387c6b83aba1683450896bcd8

Vulnerability Details

Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.

Publish Date: 2018-06-07

URL: CVE-2017-16119

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Different between getStoreUrlAsync and getStoreUrl

I got this error "Unhandled Promise Rejection" in sentry tracker using your package 2.0.0-alpha.3. Checking the new version 2.3.1 . I notice that there are new updated getStoreUrlAsync. Will this help me to handle the Unhandled Promise Rejection ? I did not use async and await for getting the getStoreUrl in my code.

Versioncheck needupdate function returning error in ios

For ios added appid and appname.
on checking need update function throwing promise rejection error.

here is my code snippet
if(Platform.OS === 'ios'){
VersionCheck.setAppID(13******98); // Your App ID for App Store URL
VersionCheck.setAppName('app name');
}

VersionCheck.needUpdate().then(res => {
console.log(res);
})
.catch( err => {
console.log(err);
})

Unable to download project

Hi!
I'm trying to download the project, but neither yarn add or npm install are working. They just keep running indefinitely without downloading the project.
Can be something wrong with the packages?

Thanks in advance.

Lodash error

I'm doing the following

    VersionCheck.needUpdate()
      .then(res => {
        if (res.isNeeded) {
          Alert.alert(
            'You must upgrade',
            'There is an updated version available.',
            [
              {
                text: 'Upgrade',
                onPress: () => {
                  Linking.openURL(VersionCheck.getStoreUrl())
                }
              }
            ]
          )
        }
      })

But I'm getting the following error:

( is not a function. (In '(0,_lodash5.defaultsDeep)', '(' is undefined)

Did you know any workaround to fix this?

RNVersionCheck.country

After I imported the plugin, I've received an error "Undefined is not an object (evaluating 'RNVersionCheck.country')

Version check not working in production

Version: 3.0.0-rc.4

The version check works fine locally in development.

However, I just updated my app in the App Store, and haven’t received an in app alert for the update.

Tried again after 3 hours, and haven’t received an alert.

Also, both my currently installed build and updated build are using rn version check.

What should I do?

When the MARKETVERSION_STARTTOKEN is not found, getLatestVersionFromUrl returns the whole HTML page.

In the getLatestVersionFromUrl function, if the MARKETVERSION_STARTTOKEN is not found, the functions returns the whole HTML page:
const indexStart = text.indexOf(MARKETVERSION_STARTTOKEN); if (indexStart === -1) { latestVersion = text.trim(); return Promise.resolve(latestVersion); }
In this case, we should reject the promise :
return Promise.reject('Parse error.');
like when the MARKETVERSION_ENDTOKEN is not found.

This issue happens when the network is off.

Issue with getLatestVersion()

getLatestVersion is returning older version than the current version.

actually app-store version of the app is 1.0.8 and is returning 1.0.6.

here is my code:

if(Platform.OS === 'ios'){
VersionCheck.setAppID(13**********); // Your App ID for App Store URL
VersionCheck.setAppName('App name');
}

VersionCheck.getLatestVersion({
provider: 'store'
})
.then(latestVersion => {
console.log(latestVersion); //1.0.6
});

Can't find latestVersion in Android 8 (Parse Error)

Testing in older versions of Android the App Store page does have the field softwareVersion">, but on Android 8 this is what the code of Current Version looks like:

...<div class="hAyfc"><div class="BgcNfc">Current Version</div><div><span class="htlgb">0.16.0</span></div></div><div class="hAyfc"><div class="BgcNfc">Requires Android</div>...

iOS: undefined is not an object (evaluating 'option.appID') on VersionCheck.needUpdate()

Hi ! I'm implementing this module on my App and when I run on iOS I get this error in my logs:

undefined is not an object (evaluating 'option.appID')
getAppStoreUrl$@http://localhost:8081/index.ios.bundle?platform=ios&dev=true&minify=false:152698:45
tryCatch@http://localhost:8081/index.ios.bundle?platform=ios&dev=true&minify=false:35294:44
invoke@http://localhost:8081/index.ios.bundle?platform=ios&dev=true&minify=false:35482:30
tryCatch@http://localhost:8081/index.ios.bundle?platform=ios&dev=true&minify=false:35294:44
invoke@http://localhost:8081/index.ios.bundle?platform=ios&dev=true&minify=false:35352:28
http://localhost:8081/index.ios.bundle?platform=ios&dev=true&minify=false:35382:17
tryCallTwo@http://localhost:8081/index.ios.bundle?platform=ios&dev=true&minify=false:35009:7

The app version is visible on the AppStore, if that would have been a problem in any case
How can I fix this ?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.