npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

react-native-app-attest

v2.0.1

Published

React Native iOS App Attest wrapper for any iOS target (App Clip, app, extensions)

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

gautham495gautham495

Keywords

react-nativeiosandroid

Readme

react-native-app-attest

A React Native TurboModule that provides a bridge to Apple’s App Attest API (DeviceCheck framework), allowing iOS apps and App Clips to generate hardware-backed cryptographic keys,
perform device attestation, and generate assertions to securely verify app integrity on your backend.

[!NOTE]

  • This library was originally built for my work app, which uses the Bare React Native CLI (non-Expo).
  • I’ve open-sourced it so the wider React Native community can easily integrate App Attest APIs
  • Pull requests are welcome — especially for Expo support (via custom config plugins) or additional native enhancements.

📦 Installation

npm install react-native-app-attest

Then install pods:

cd ios && pod install

[!IMPORTANT]

  • Requires iOS 14+ (App Attest API availability).
  • Works on real devices only (Secure Enclave required).
  • App Attest helps detect cloned apps, replay attacks, and tampering of iOS apps or App Clips.

✅ Required native setup (must-do)

Enable App Attest in Apple Developer (App ID)

Go to Apple Developer → Certificates, IDs & Profiles → Identifiers.

Select your App ID (and the App Clip App ID if using App Clip).

Under Capabilities, enable App Attest / DeviceCheck (if shown). If “App Attest” is not toggled there, enable the DeviceCheck/App Attest related capability.

Add App Attest entitlement (optional for sandbox testing) Add to your app’s entitlements file (YourApp.entitlements and App Clip entitlements if applicable):

<key>com.apple.developer.devicecheck.appattest-environment</key>
<string>development</string>

Use "development" for debug/TestFlight testing (sandbox).

Remove or change to production per Apple docs when releasing to App Store as instructed.

Use a real device App Attest requires Secure Enclave — simulator will not work.

No AppDelegate changes required App Attest calls are in-process and handled by the native module. (You still need the usual bridging/native module compile steps.)

Provisioning profile Ensure the provisioning profile for the App ID contains the App Attest/DeviceCheck capability.

🔗 Reference Links

 Why This Library Exists

App Attest provides Apple-signed, Secure Enclave–generated keys to help backends verify that a request truly comes from your legitimate app binary.

🧠 What It Does

This module wraps Apple’s DCAppAttestService and exposes three async methods:

{
  generateAppAttestKey(): Promise<string>;
  attestAppKey(keyID: string, challenge: string): Promise<string>;
  generateAppAssertion(keyID: string, payload: string): Promise<string>;
}

⚙️ Usage

import {
  generateAppAttestKey,
  attestAppKey,
  generateAppAssertion,
} from 'react-native-app-attest';
import axios from 'axios';
import { Alert } from 'react-native';

export default async function secureHandshake() {
  const challenge = 'example-server-challenge';

  try {
    const keyID = await generateAppAttestKey();
    const attestation = await attestAppKey(keyID, challenge);

    const payload = JSON.stringify({
      subject: 'Hello',
      message: 'World',
    });

    const assertion = await generateAppAssertion(keyID, payload);

    const { data } = await axios.post(
      'https://your-backend.com/api/verify-app-attest',
      {
        keyID,
        attestation,
        assertion,
        challenge,
      }
    );

    if (data.verified) Alert.alert('✅ Verified', 'App Attest succeeded');
    else Alert.alert('❌ Verification failed', data.reason);
  } catch (err: any) {
    Alert.alert('Error', err.message);
  }
}

🧩 Supported Platforms

| Platform | Status | | ------------- | ------------------------------------ | | iOS (14+) | ✅ Fully supported | | App Clip | ✅ Supported | | Android | 🚫 Not applicable | | Simulator | ⚠️ Not supported (no Secure Enclave) |

🧰 Backend Verification

You can use this library to verify your app attestation in the backend to secure your API:

https://www.npmjs.com/package/node-app-attest

🤝 Contributing

Pull requests and discussions are welcome!

🪪 License

MIT © Gautham Vijayan

Made with create-react-native-library