Engineer-first writing on React Native upgrades, New Architecture migration, dependency maintenance, and mobile security. No fluff. Also: original research & teardowns →
React Native itself has few CVEs. Its dependency graph has many. The categories that hit React Native apps — JS, iOS pods, Android Gradle — and how to triage by reachability.
Pinning protects against TLS interception. Done wrong, it bricks your app the day your cert rotates. The four implementations, the failure modes, and the backup-pin pattern.
The cost curve isn't linear. Numbers from real engagements — hours per version step, common stall points, the half-life of in-house upgrade attempts, and how to predict your timeline.
Postponing feels free. It isn't. Compounding upgrade debt, CVE exposure, store-rejection risk, recruiting friction — the real bill comes due during the upgrade you can't postpone.
Some of the most-installed libraries on npm haven't shipped a commit in two years. The four signals to spot them, the categories where it happens most, and the maintained replacements.
Reanimated 3 is the current default. v2 doesn't support the New Architecture. The Babel plugin, the gesture handler integration, the layout animations API, and the common errors.
The Expo vs bare debate from 2020 is over. Expo modules now work in bare apps. Config plugins handle most native customization. The honest 2026 decision framework.
Apple enforces PrivacyInfo.xcprivacy for SDKs that touch required-reason APIs. Half the popular React Native libraries still ship without one. What to add, what to check.
The harder question barely has good content. The real cost comparison, the hidden costs of each path, and the three cases where a Flutter rewrite actually makes sense.
Hermes has been the default since 0.70. JSC still ships. What each engine is good for in 2026, what the benchmarks actually show, and the narrow cases where JSC still makes sense.
Every mature React Native app has 10–20 patches nobody remembers. Most aren't needed anymore. The audit, the four categories, and how to safely prune dead weight.
Fabric, TurboModules, Bridgeless. What the interop layer covers, what custom native modules require, and the common failure modes during the migration.
Microsoft retired App Center and CodePush on March 31, 2025. EAS Update, self-hosted forks, and smaller hosted services — the four real paths forward, with the trade-offs.
A field guide to secure storage. Keychain vs SecureStore vs AsyncStorage. Where SSL pinning fits. The misconfigured accessible flag that leaks tokens to iCloud.
npm 7+ catches the peer-dep conflicts older npm let slide. Diagnose the actual mismatch, pick the right fix, and stop reaching for --legacy-peer-deps on every install.
Real 2026 numbers across every model — full-time, freelance, nearshore, offshore, agency, fixed-price. Plus the recruiter fees, ramp time, and bench risk nobody quotes upfront.
The upgrade helper diffs a tutorial app. Your app isn't a tutorial app. What it gets right, what it misses, and how to use its output without shipping a broken build.
Runtime defenses get the security budget. The dependency graph is where compromises actually reach production. Recent receipts: Axios, @react-native-aria, CVE-2025-11953.
The upgrade helper works for one-version-behind apps with tutorial dependencies. Real codebases need four jobs: audit, plan, execute, verify. Here's the version that holds up.
Five ways to get React Native work done without hiring. The real tradeoffs — price, speed, code safety, specialization — and when each is the wrong fit.
Fixed price. 2–4 weeks. 14-day guarantee. Senior engineers, North America-based.
Get Started →