react-native-security
Installation
SKILL.md
React Native Security
Priority: P0 (CRITICAL)
Store Credentials Securely
- Keychain/Keystore: Use
react-native-keychainfor tokens, passwords. - Never AsyncStorage: Not encrypted. Only for non-sensitive data.
- Biometric Auth: Use
react-native-biometricsfor Face ID/Touch ID.
See keychain usage reference for Keychain storage with biometric access control.
Validate Deep Links
- Validate URLs: Check scheme and host before navigation.
- Sanitize Params: Never trust URL params. Validate and sanitize.
- Token Extraction: Avoid passing tokens in deep link URLs. Use secure code exchange.
See keychain usage reference for deep link URL validation with scheme and host whitelisting.