Active attacks exploit Metro4Shell (CVE-2025-11953) in React Native CLI to execute commands and deploy Rust malware.

The bug exposes the Metro development server to remote attacks, allowing arbitrary OS command execution on developer systems before a fix in version 20.0.0. A critical remote-code execution (RCE) flaw ...

Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system (OS) ...

Software supply chain security firm JFrog has disclosed the details of a critical vulnerability affecting a popular React Native NPM package. React Native is an open source framework designed for ...

A critical security weakness was discovered and patched in the popular @react-native-community/cli package, which supports developers building React Native mobile apps. The vulnerability could let ...

If you don’t specify a simulator, the default iOS simulator will be used. Common iOS tips-- If you changed native iOS deps, re-run: cd ios && pod install. -- Clean derived data if Xcode gets stuck: ...

A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack. Over the weekend, multiple React Native Aria packages for GlueStack were backdoored as ...

"@babel/core": "^7.25.2", "@babel/preset-env": "^7.25.3", "@babel/runtime": "^7.25.0", "@react-native-community/cli": "15.0.1", "@react-native-community/cli-platform ...