Transcript from Thursday May 16th, 2019
Janic Duplessis, React Native core contributor & Co-founder of th3rdwave
# Q: How is React Native is going? – christoph
A: It's going better than ever, I can tell from being around for over 3 years. (you may or may not have something to do with it).
# Q: Hey Janic thanks for being here. I have been here for quite a while and been looking for a payment solution in react native. Like any payment APIs related solution in react native? Like react-native-payments. – rizwan_atta
Follow up: I have been using this https://tipsi.github.io/tipsi-stripe/ for quite a while but it always snaps back like its real version is crashing a lot! 7.5.0. It is failing on CIRCLE CI too. Build is failing.
I haven't seen production crashes with it, we can discuss your issues later if you'd like!
# Q: Hello @janic, I'm trying to create something like Instagram in react native , but I stuck on stories screen. Given a screenshot of what I'm trying to achieve. I'm trying to implement Instagram story in my app but how can I add left right tap clicks. The second problem is that how can I display dynamic story count (with stories seen as progress) as shown in top side of the image. Please help if have any idea about it. – JayTailor45
A: You probably want to take a look at the great react-native-gesture-handler library to handle gesture based interactions like stories. I haven't done something exactly like this before but had success implementing a tinder like swipe UI.
# Q: What are your thoughts on having official Web platform support in React Native? Is it something you'd support/like to see, or would having one codebase for mobile and web be a detriment in your opinion? – hodgef
A: I don't think official support for other RN platforms is necessary. Unless facebook uses it there's no point in having the code live in the React Native repo as it just slows things down.
RNW is actually pretty well maintained as an unofficial platform and I'm currently using it to build the web version of Th3rd Wave.
# Q: Hi, I have a question, I don't know if you can answer it but I would like your thinking on it, Airbnb is one of the company that try to do a full React Native, but they dropped it for performance issue and others, do you have any thinking on this? – Rose Grenth (Thyrande.7103)
A: I think Airbnb is a special case. They already have a large native app and probably were not willing to invest enough resource into their integration between their native and react-native code. If you're starting with a greenfield react-native app you should not have to worry too much about perf and the problems encountered by Airbnb.
# Q: GraphQL, imagine you are going to build an app mobile and dashboard and you'll create everything with GraphQL, are you going to create different "namespaces", one for mobile and another for dashboard (/mobile/graphql & /dashboad/graphql) ??? ... and how you will manage roles-permissions per query or mutation? (nodejs, php) – klmus
A: I'm currently using a single GraphQL endpoint for everything including admin dashboards. My permissions system is not handled at the GraphQL layer but at the service layer so multiple endpoints wouldn't really change much.
However I can see having a separate API for things like admin dashboard useful but I would split it too much.
# Q: Hi Janic, you've been with RN for quite a while. Do you think it's a benefit that a person knows given tool / library for such a long time and so well and one should deepen that knowledge, or do you think it's better to get a broader perspective and be eg. a full-stack developer rather than just doing frontend? Do you think one may get tired of RN after working in the environment / ecosystem for a long time? – vonovak
A: I think it does help if you are looking to lead a project. RN has such a huge surface area that you end up interacting with many technologies which is something I really like. I've worked on native iOS, Android, JS, babel transforms, JS packaging, polyfilling web apis and more recently C++ stuff so I never really get bored :).
At my company I also do full stack so I do enjoy backend work a bit (not as much as frontend).
# Q: Hey @janic! What are your opinions on React Native in the web? Do you think it still has some to grow and form or is it ready to be used out in production? You'll probably answer "of course it is!", but I'm a bit curious about what you have to say. Thank you! 😄 – Martinnord
A: React Native for the web is great (using it in production)! I'm working on a component library that works on both RN and web using it. The goal is not to reuse the code as is but to use the same abstractions to build on mobile and web so engineers feel comfortable switching between the 2 platforms.
The api is based on styled-system and I'm looking forward to open sourcing it when I get a bit of free time 😃.
# Q: Hello! Me and a friend are very keen to contribute to the React Native project. We have had a lot of problem building from source though. I have tried to follow the 'Building from source'-guide in the docs (before it disappeared a few days ago) and the guide provided by Cpojer, but both guides has led to an error. On Windows you get an error earlier (with seemingly no solution) which is avoided on Mac OS. My question is if there is a thorough guide which specifies the exact requirements, settings and packages needed to get a working build environment going? Otherwise, how do you recommend going forward? And is it even possible to build from source on Windows? – Dalbino
A: Developing on Windows is more or less supported sadly. It gets broken quite a bit so you have to be ready to dig in issues. If you're starting to contribute to react-native I really recommend using a mac (not sure about Linux). I did use windows for a while to do work in the RN repo so it is possible but I ended up spending most of my time fixing windows specific issues -_-.
# Q: How do you see web development in a few years? Is JS good enough for performance ? Do you think it's the language of the future? – SwiTool
A: I think we'll see more different languages used in the coming year because of compilation to web assembly.
I think JS is here to stay though, I do enjoy working with a typed version (Flow/TS) the most though. I've also experimented with ReasonML a bit which I find the type system fascinating.
# Q: Hey, do you think native iOS/Android development is still important for developers to learn or it's too "low level" nowadays like assembly, when you can accomplish most things with RN or similar? Or are we still a ways to go for that? – zpr
A: I think this is similar to "is knowing HTML / CSS / vanilla JS important or can I just learn React". You can get around fine with knowing just React Native (hello Expo!!) but if you want to be an "expert" you need minimal knowledge of iOS/Android.
Even for things not related to code it is important to know the design guidelines / UX expectations of the native platforms.
A: I'm pretty sure JS devs are common everywhere now so I'd definitely choose MERN.
# Q: What's the best way to jump into graphQL for a node/express/mongo/react developer? – zpr
A: I think this depends on how you learn the best. I usually just read through the doc a bit to give me an idea about how a new technology works then apply it in a real project. I'll keep the doc around as a reference and google whatever else issue I face. I also like looking at example projects.
# Q: Hi @janic, I'm a finance pentester about to start working with RN defining test approach and collaborating with dev teams on best practice. what are your top 3 tips for product security? – m0ogz
A: I'm not a security expert but RN is similar to native Android / iOS so you should use the same security best practices. In practice it's a bit easier to get access to the JS bundle of an app than decompiling an APK/IPA so you should assume your client code is public (you should on native iOS/Android too anyway!).
# Q: To continue on the contributing issue. I have tried building from source on a mac as well, following the official guide, as well as, Cpojer's, and I haven't managed to get it working there either. That's why I'm curious if there is a thorough guide which specifies the exact requirements, settings and packages needed to get a working build environment going? And are there any issues you are aware of? – Dalbino
# Q: Thanks @janic can you recommend security research resources I can investigate – m0ogz
A: I don't know any but if you look for security resources around iOS / Android they probably apply to react-native as well.
# Q: Have you messed with using the apollo cache for local state? If so, how was that experience? – timmywil
A: I haven't used Apollo much so I can't tell. I've been using mostly Redux + redux persist to handle local state and Relay for backend data. Now that Relay also supports local state I'm looking forward to experimenting with that and maybe get rid of Redux once for all!!
A: I haven't used Flask before, I'm one of the cool kids that use NodeJS. 😆
I found that working with the same language across the full stack makes it easier for engineers to develop a feature completely instead of having to rely on splitting the work between backend and frontend engineers.
# Q: What's something you're excited about in the react native ecosystem? – vcarl
A: It has to be Fabric. Especially the ability to have code update the UI synchronously.
# Q: Any thoughts on ReasonML? Have you used it? – Gabe
A: I really like reason, I'm currently using it in some small parts of the th3rdwave backend. I actually wrote a small library to write a type safe GraphQL schema in reason that compiles to GraphQL JS. It interops fully with the rest of the schema defined in JS. https://github.com/janicduplessis/bs-graphql-js.
However I did take a step back from using it more as I'm onboarding new team members and prefer to keep the full stack in the same language.
# Q: Did you have experience integrating in react native with crypto wallet? How and which libraries did you use? – GuyL
A: Sadly I don't, I've never worked with any crypto libraries but you can probably either use bindings to native ones or use a browser one if RN supports all browser APIs used by the lib.
# Q: For a video calling algorithm like doing it WebRTC and react native, do you have some thoughts on that? I tried it by using an open source npm pkg aka Jitsi Meet! But I was still not able to get a hang of it totally. – rizwan_atta
A: Kind of similar to my previous answer, if you can't get the browser library working you can look at bridging a native library instead.
# Q: Regarding security, for example Cordova have unique security considerations (was presented in some conference), so I would imagine react native also? Usually related to the layer which connects to the native side and the react developers writing on top of react native not being aware of implications on the native side of what happens. In iOS systems maybe even buffer overflows are a concern!? – GuyL
A: React Native doesn't allow arbitrary code execution and all communication is currently done through serialized JSON payloads (this will change soon) so it gets rid of a lot of potential security issues around things like buffer overflows.
The code also runs in the same sandbox as regular native apps so you get all this security layer too. I don't think you need additional security measures as you would in the browser or regular native apps.