Conversation
Replace the legacy sample with a simplified "Sensitive Info Playground" example that leverages useSecureStorage and useSecurityAvailability. Clean up imports, reduce access-control options to 'open' and 'biometric', wire up save/reveal/delete/clear/refresh handlers, update ActionButton behaviour, and refresh styles/layout to match the streamlined UI.
- Update dev deps: @eslint/compat -> 1.4.1, @eslint/js -> 9.39.0, eslint -> 9.39.0, globals -> 16.5.0, nitrogen -> 0.31.4 - Update runtime/example deps: react-native-nitro-modules -> 0.31.4, react-native-safe-area-context -> ^5.6.2 - Update yarn.lock to match dependency bumps - Docs: change README references from "5.6.0" to "5.6.x" for consistent versioning
…p native cancel codes - Add CODE_OF_CONDUCT - Bump LICENSE copyright range to 2016-2025 - Android: - Introduce SensitiveInfoException.AuthenticationCanceled and throw/resume with it when user cancels biometric/device-credential prompts - Simplify device credential flow to always return cipher after prompt - iOS: - Map relevant OSStatus values to an E_AUTH_CANCELED runtime error for friendly messaging - Internal errors: - Add AUTH_CANCELED marker and helper hasErrorMarker/isAuthenticationCanceledError - Centralize detection of auth-cancelled errors - Hooks & utilities: - Export and use isAuthenticationCanceledError in error-utils - Create user-friendly hook error message for canceled auths and export detector - Update hooks (useSecretItem, useHasSecret, useSecureOperation, useSecureStorage, useSecurityAvailability) to treat auth cancellations as non-fatal: preserve/clear state appropriately and avoid surfacing HookError when user dismisses prompts - Add applyError helper in useSecureStorage to centralize error handling - Update hook types and exports - Nitro/native layers & types: - Type and formatting fixes across sensitive-info.nitro.ts, internal/native, options, core/storage and index exports - Tests & tooling: - Apply consistent code style (semicolons, trailing commas) across tests and configs - Update many test files to match changes and ensure behavior for canceled auth flows - Misc: - Update package.json description - ESLint config formatting fixes This change makes authentication prompt cancellations explicit (E_AUTH_CANCELED) and prevents noisy error states in hooks when users dismiss biometric / device credential prompts.
There was a problem hiding this comment.
Pull Request Overview
This pull request introduces authentication cancellation handling, code formatting improvements (semicolons), dependency updates, and documentation enhancements. The key changes include:
- New authentication cancellation error handling with
[E_AUTH_CANCELED]markers - Consistent semicolon formatting across TypeScript files
- Updates to ESLint, Nitro modules, and other dependencies
- Enhanced example app UI with simplified user flows
- New documentation files (SECURITY.md, CODE_OF_CONDUCT.md)
Reviewed Changes
Copilot reviewed 47 out of 48 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| src/internal/errors.ts | Adds isAuthenticationCanceledError helper function |
| src/hooks/error-utils.ts | Creates friendly messages for canceled authentication |
| src/hooks/useSecureStorage.ts | Implements authentication cancellation handling in hooks |
| ios/HybridSensitiveInfo.swift | Adds iOS authentication cancellation detection |
| android/.../BiometricAuthenticator.kt | Handles biometric cancellation on Android |
| example/App.tsx | Complete UI redesign with simplified interface |
| package.json | Dependency updates and improved package description |
| README.md | Adds error handling section and updates version guidance |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -1,15 +1,15 @@ | |||
| import { useCallback, useEffect, useRef } from 'react' | |||
| import type { MutableRefObject } from 'react' | |||
| import type { RefObject } from 'react' | |||
There was a problem hiding this comment.
The import type change from MutableRefObject to RefObject is incorrect. RefObject is read-only and should not be used for refs that need to be mutated. The code at line 16 assigns to cachedInstance and line 28 assigns to mountedRef.current, which requires a mutable reference. This will cause TypeScript errors.
| * Indicates whether the component that owns the hook is still mounted. Helpful when dispatching asynchronous state updates. | ||
| */ | ||
| readonly mountedRef: MutableRefObject<boolean> | ||
| readonly mountedRef: RefObject<boolean> |
There was a problem hiding this comment.
Using RefObject for mountedRef is incorrect because the code mutates mountedRef.current in the cleanup effect. RefObject is read-only and should remain as MutableRefObject<boolean> to allow mutations.
| * Stores the last {@link AbortController} created by {@link begin}. Exposed for advanced scenarios such as manual cancellation. | ||
| */ | ||
| readonly controllerRef: MutableRefObject<AbortController | null> | ||
| readonly controllerRef: RefObject<AbortController | null> |
There was a problem hiding this comment.
Using RefObject for controllerRef is incorrect because the code mutates controllerRef.current when creating new AbortControllers. RefObject is read-only and should remain as MutableRefObject<AbortController | null> to allow mutations.
| useState, | ||
| type ReactNode, | ||
| } from 'react'; | ||
| import React, { useCallback, useMemo, useState } from 'react' |
There was a problem hiding this comment.
The import statement is missing semicolons while the rest of the file uses semicolons consistently. This creates inconsistency within the same file.
| Text, | ||
| TextInput, | ||
| View, | ||
| } from 'react-native' |
There was a problem hiding this comment.
Missing semicolon at the end of the import statement, inconsistent with the rest of the file's formatting.
| } from 'react-native' | |
| } from 'react-native'; |
| useSecureStorage, | ||
| useSecurityAvailability, | ||
| type AccessControl, | ||
| } from 'react-native-sensitive-info' |
There was a problem hiding this comment.
Missing semicolon at the end of the import statement, inconsistent with the rest of the file's formatting.
| } from 'react-native-sensitive-info' | |
| } from 'react-native-sensitive-info'; |
1 participant
This pull request introduces several documentation updates, dependency upgrades, and a significant improvement to error handling for biometric authentication. The most notable change is the introduction of a standardized error for user-canceled authentication prompts, which now surfaces as a friendly message in both Android and iOS implementations. The documentation has also been enhanced with a new security policy and expanded guidance on error handling. Additionally, dependencies have been updated for better stability and compatibility.
Error Handling Improvements
SensitiveInfoException.AuthenticationCanceledon Android and a corresponding error on iOS). This ensures cancellations are surfaced as[E_AUTH_CANCELED] Authentication prompt canceled by the user.and do not poison hook state. [1] [2] [3] [4]Documentation Updates
README.md, explaining how hook errors are structured and how to handle authentication cancellations gracefully.README.mdto include error handling.README.mdto clarify the difference between 5.6.x and 6.x releases.SECURITY.mdfile detailing supported versions, vulnerability reporting, and hardening recommendations.CODE_OF_CONDUCT.mdfile to establish community standards and enforcement policies.Dependency Upgrades
package.jsonandexample/package.json, includingreact-native-nitro-modules,nitrogen,eslint, and related plugins for improved stability and compatibility. [1] [2] [3] [4]License and Metadata
LICENSEfile to cover 2016–2025.package.jsonfor clarity and marketing.Code Quality
eslint.config.mts. [1] [2]