Runtimes
React Native Runtime
React Native capability detection and key-vault bridge.
Use @meshkit/react-native when a React Native app needs MeshKit with native bridge awareness for identity storage, file streaming, and background work.
The runtime detects what the app actually installed. If native bridges are missing, MeshKit can fall back, but the security and persistence profile changes.
Install
npm install @meshkit/react-nativeCreate A React Native Client
import {
createMeshkitReactNative,
createReactNativeKeyVault,
detectReactNativeCapabilities,
} from "@meshkit/react-native";
const capabilities = detectReactNativeCapabilities();
const mesh = await createMeshkitReactNative({
keyVault: capabilities.nativeKeyVault ? createReactNativeKeyVault() : false,
identity: "mobile-user",
});
console.log({
nativeKeyVault: capabilities.nativeKeyVault,
provider: mesh.providers.current().name,
});What To Verify
| Area | Check |
|---|---|
| Key vault | Is the native key-vault bridge installed and available? |
| Identity persistence | Are exported identity records protected at rest? |
| Non-exportable keys | Do not assume support unless your bridge implements it |
| File streaming | Confirm native file/stream APIs for large payloads |
| Background sync | Wire platform background tasks; MeshKit does not schedule them automatically |
| Provider access | Avoid privileged Kubo or metadata tokens in public mobile clients |
Expo And Native Bridges
React Native secure storage behavior depends on native modules. Expo Go-style environments may not expose the same bridge surface as a development build or production app. Treat missing bridges as a configuration issue, not as equivalent security.
Production Caveats
- Native key vault support can protect exported identity records at rest, but that is not the same as non-exportable ECDH/signing unless implemented by the bridge.
- Lost-device and recovery flows are product decisions; document them before launch.
- Mobile background execution is platform-constrained and caller-managed.
- Use a trusted backend or app-owned provider strategy instead of placing broad provider credentials in the app.