{"id":15625897,"url":"https://github.com/gantman/jail-monkey","last_synced_at":"2026-02-18T08:01:07.270Z","repository":{"id":38611458,"uuid":"63785877","full_name":"GantMan/jail-monkey","owner":"GantMan","description":"A React Native library for identifying if a phone is rooted or mocking locations","archived":false,"fork":false,"pushed_at":"2025-10-12T21:18:07.000Z","size":2484,"stargazers_count":676,"open_issues_count":28,"forks_count":154,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-10-21T08:53:30.185Z","etag":null,"topics":["android","jailbreak","mock-locations","react","react-native","trust"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GantMan.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-07-20T13:59:01.000Z","updated_at":"2025-10-16T08:10:58.000Z","dependencies_parsed_at":"2024-04-18T05:24:15.832Z","dependency_job_id":"9414842f-dce4-4309-982e-d8cb1ba4c571","html_url":"https://github.com/GantMan/jail-monkey","commit_stats":{"total_commits":171,"total_committers":42,"mean_commits":4.071428571428571,"dds":0.7543859649122807,"last_synced_commit":"7c2dea62bb5e2704ccc87c906e5ad0c939f04aba"},"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"purl":"pkg:github/GantMan/jail-monkey","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GantMan%2Fjail-monkey","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GantMan%2Fjail-monkey/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GantMan%2Fjail-monkey/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GantMan%2Fjail-monkey/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GantMan","download_url":"https://codeload.github.com/GantMan/jail-monkey/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GantMan%2Fjail-monkey/sbom","scorecard":{"id":54757,"data":{"date":"2025-08-11","repo":{"name":"github.com/GantMan/jail-monkey","commit":"3ca2b4e5d7d18e031210b8d101a8915612d26312"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.1,"checks":[{"name":"Code-Review","score":2,"reason":"Found 3/12 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":5,"reason":"6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/main.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: ExampleProject/android/gradle/wrapper/gradle-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/GantMan/jail-monkey/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/GantMan/jail-monkey/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/GantMan/jail-monkey/main.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/GantMan/jail-monkey/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/GantMan/jail-monkey/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/GantMan/jail-monkey/main.yml/master?enable=pin","Info:   0 out of   5 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 26 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"18 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-2rxp-v6pw-ch6m","Warn: Project is vulnerable to: GHSA-4xqq-m2hx-25v8","Warn: Project is vulnerable to: GHSA-5866-49gr-22v4","Warn: Project is vulnerable to: GHSA-r55c-59qm-vjw6","Warn: Project is vulnerable to: GHSA-vmwr-mc7x-5vc3","Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-mpg4-rc92-vx8v","Warn: Project is vulnerable to: GHSA-m5qc-5hw7-8vg7","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-15T00:28:13.869Z","repository_id":38611458,"created_at":"2025-08-15T00:28:13.870Z","updated_at":"2025-08-15T00:28:13.870Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29573398,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-18T07:57:19.261Z","status":"ssl_error","status_checked_at":"2026-02-18T07:57:18.820Z","response_time":162,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","jailbreak","mock-locations","react","react-native","trust"],"created_at":"2024-10-03T10:07:45.918Z","updated_at":"2026-02-18T08:01:07.256Z","avatar_url":"https://github.com/GantMan.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"![Jail Monkey](./_art/JailMonkey.jpg)\n\n[![Version](https://img.shields.io/npm/v/jail-monkey.svg)](https://www.npmjs.com/package/jail-monkey) [![Downloads](https://img.shields.io/npm/dm/jail-monkey.svg)](https://npmcharts.com/compare/jail-monkey?minimal=true)\n\n## Can you ever really trust a phone?\n\n# Why?\nAre users claiming they are crossing the globe in seconds and collecting all the Pokeballs?  Some apps need to protect themselves in order to protect data integrity.  JailMonkey allows you to:\n* Identify if a phone has been jail-broken or rooted for iOS/Android.\n* Detect mocked locations for phones set in \"developer mode\".\n* **(ANDROID ONLY)** Detect if the application is running on external storage such as an SD card.\n\n# Use\n```javascript\nimport JailMonkey from 'jail-monkey'\n\nif (JailMonkey.isJailBroken()) {\n  // Alternative behaviour for jail-broken/rooted devices.\n}\n```\n\n![Circle of Trust](./_art/trust.jpg)\n\n# API\n\nMethod | Returns | Description\n---|---|---\n`isJailBroken` | `boolean` | is this device jail-broken/rooted.\n`canMockLocation` | `boolean` | Can this device fake its GPS location.\n`trustFall` | `boolean` | Checks if the device violates either `isJailBroken` or `canMockLocation`.\n`isDebuggedMode` | `Promise\u003cboolean\u003e` | Is the application is running in debug mode. Note that this method returns a Promise.\n\n## iOS Only APIs\n\nMethod | Returns | Description\n---|---|---\n`jailBrokenMessage` | `string` | Returns the reason for jailbroken detection. Will return an empty string on Android.\n\n## Android Only APIs\n\nMethod | Returns | Description\n---|---|---\n`hookDetected` | `boolean` | Detects if there is any suspicious installed applications.\n`isOnExternalStorage` | `boolean` | Is the application running on external storage (ie. SD Card)\n`AdbEnabled` | `boolean` | Is Android Debug Bridge enabled.\n`isDevelopmentSettingsMode` | `Promise\u003cboolean\u003e` | Whether user has enabled development settings on their device. Note that this method returns a Promise.\n`androidRootedDetectionMethods` | `RootedDetectionMethods` | Returns an object with the results of all the Android rooted detection methods for more granular detection, this can be helpful if some devices are giving false positives.\n\n```\ntype RootedDetectionMethods = {\n  rootBeer: {\n    detectRootManagementApps: boolean;\n    detectPotentiallyDangerousApps: boolean;\n    checkForSuBinary: boolean;\n    checkForDangerousProps: boolean;\n    checkForRWPaths: boolean;\n    detectTestKeys: boolean;\n    checkSuExists: boolean;\n    checkForRootNative: boolean;\n    checkForMagiskBinary: boolean;\n  },\n  jailMonkey: boolean;\n}\n```\n\nOn iOS all of the Android only methods will return `false` or `Promise\u003cfalse\u003e` where appropriate.\n\n### :exclamation: Since emulators are usually rooted, you might want to bypass these checks during development.  Unless you're keen on constant false alarms :alarm_clock:\n\n# Install\n\n```bash\nnpm i jail-monkey --save\nreact-native link # Not required as of React Native 0.60.0\n```\nfor iOS:\n```bash\ncd ios \u0026\u0026 pod install\n```\n\nIf you use `rnpm`, you may have trouble as `rnpm` does not link Android properly after 0.29.0!\n\nNote: On Android you should include `location.isFromMockProvider()` from your location provider to compliment `JailMonkey.canMockLocation()`.  Most react-native location libraries already have this check built in\n\n# Additional Info\nThis has been made public to help keep it up to date.  As detection measures get better or out-dated, please send updates to this project so it can be the best method of detection.\n\nSpecial thanks to this fantastic blog article:  http://blog.geomoby.com/2015/01/25/how-to-avoid-getting-your-location-based-app-spoofed/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgantman%2Fjail-monkey","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgantman%2Fjail-monkey","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgantman%2Fjail-monkey/lists"}