- rotation: Add versioned key rotation via
rotateKeys()andgetKeyVersion()with lazy re-encryption on read. NewuseKeyRotationhook exposes the same flow declaratively. - security hardening: Defense-in-depth pass — non-breaking, applied transparently to new writes and via lazy upgrade on rotation:
- HMAC-SHA256 integrity tag bound to every entry's metadata + ciphertext, surfaced on
StorageMetadata.integrityTag. Tampering with SharedPreferences/Keychain attributes now raisesIntegrityViolationError(E_INTEGRITY_VIOLATION) before any biometric prompt is shown. - AES-GCM AAD on Android binds ciphertext to
service|key|v<version>, defeating cross-entry swap attacks. setUnlockedDeviceRequired(true)on every Android Keystore key (API 28+), mirroring iOS'skSecAttrAccessibleWhenUnlockedsemantics.- Plaintext byte buffers are zeroized after use on both platforms.
- Constant-time HMAC comparison via
MessageDigest.isEqual/ manualUInt8XOR fold. - Backwards compatible: entries written by earlier versions decode without verification and are upgraded on the next write or rotation.
- HMAC-SHA256 integrity tag bound to every entry's metadata + ciphertext, surfaced on
- errors: New typed error classes (
SensitiveInfoError,NotFoundError,AuthenticationCanceledError,IntegrityViolationError,KeyInvalidatedError,RotationFailedError) withcodediscriminants andinstanceofpredicates. Importable from thereact-native-sensitive-info/errorssubpath. - tree-shaking:
"sideEffects": falseeverywhere; the package now publishes three focused subpath entries (.,/hooks,/errors). The default export has been removed — import only the helpers you use. - nitro 0.35: Regenerated against
nitrogen@0.35.5andreact-native-nitro-modules@0.35.5. - tooling: Migrated linting/formatting from ESLint + Prettier to Biome 2. Single config at
biome.json, faster CI runs.
- Introduced
useAsyncQuery(read-only hooks) anduseMutation(mutation hooks) primitives.useHasSecret,useSecretItem,useSecureOperation,useKeyRotation, anduseSecureStoragenow compose the same lifecycle/abort/error-handling pipeline — no duplicated state machines. useSecureStorageshrunk from ~230 LOC to ~180 LOC and reuses the shared abort + auth-cancel semantics; behaviour is unchanged.- Test fixtures consolidated in
src/__tests__/__mocks__/fixtures.ts(buildTestItem,buildTestMetadata). - Removed redundant re-exports from
src/internal/errors.ts.
- The default export is gone. Use named imports:
import { setItem } from 'react-native-sensitive-info'. - React hooks are no longer re-exported from the package root — import them from
react-native-sensitive-info/hooks.
- iOS rotation updates the Keychain metadata via
SecItemUpdate, preserving the original access-control attributes while bumpingkeyVersion. - Android rotation mints a fresh per-entry Keystore alias (
SensitiveInfo_<hash>_v<version>) during lazy or eager re-encryption and deletes the stale alias after a successful rewrite. - Version state lives in a non-secret registry (
SharedPreferenceson Android,UserDefaultson iOS). Delete the app's data to reset.
6.0.0-rc.12 (2025-12-16)
- restructure app components and implement secure storage functionality (b84ec82)
- add tokenRef for npm access verification in release-it configuration (9e39622)
- update repository field format in package.json (eeadcb8)
6.0.0-rc.11 (2025-11-05)
- ios: prompt simulator biometric auth before keychain fetch and probe security on main thread (240bc60)
6.0.0-rc.10 (2025-11-05)
- ios: run SecItemCopyMatching on main thread and refine auth cancel handling (c6cbfe3)
6.0.0-rc.9 (2025-11-03)
- auth: treat authentication cancellations as soft-failures and map native cancel codes (4454883)
6.0.0-rc.8 (2025-10-27)
6.0.0-rc.7 (2025-10-27)
6.0.0-rc.6 (2025-10-27)
6.0.0-rc.5 (2025-10-27)
6.0.0-rc.4 (2025-10-25)
6.0.0-rc.3 (2025-10-24)
- Add biometric authentication support for Android and iOS (0310140)
- Add biometric security demo component and integrate biometric storage options (1f7e3ac)
- Add SecurityCapabilitiesDemo component and integrate security capabilities checks (7f942a0)
- Adding a hasItem method (#259) (1dc4825)
- Enhance security options with biometric and strongbox support in storage functions (f554332)
- Implement secure storage using EncryptedSharedPreferences for Android (5671fcd)
6.0.0-alpha9 (2020-12-17)
- android: biometric api implementation (9b608cf)
- android: Android 11 auth required check (#238) (89dab84)
- android: handle UnrecoverableKeyException (79c8197)
- android: key user not authenticated (#224) (bb9ef04)
- android: normalize error codes (#225) (6937221)
- android: remove unused code (595e955)
- android: same callback logic between showModal options (#220) (7eef64a)
- updated react dependency in podspec to enable build in Xcode 12 (for iOS >= 12) (#246) (a1b7e88)
5.5.0 (2019-07-31)
- Revert "Add config on android to controlled setInvalidatedByBiometricEnrollment property" (8a01182)
5.2.5 (2018-08-07)
5.2.4 (2018-07-27)
5.2.2 (2018-07-26)
- adding TypeScript typings (5a10dce)
5.2.1 (2018-06-14)
5.2.0 (2017-10-10)
5.1.0 (2017-05-25)
5.0.1 (2017-05-16)
3.0.1 (2016-06-20)
3.0.0 (2016-06-14)
2.2.0 (2016-06-11)
2.1.0 (2016-06-07)
- Revert "adding more items into .gitignore" (f4de6a4)