feat: React Native Upgrade / 0.81.5

[adnxy]

Description

Upgrades the core mobile stack from React Native 0.76.9 to 0.81.5,
React 18.3 to 19.1, and Expo SDK 52 to 54. Includes all necessary
migration fixes for breaking changes in the new architecture, test
infrastructure updates, and dependency alignment.

Changelog

Core stack

• React Native 0.76.9 → 0.81.5
• React 18.3.1 → 19.1.0 (and react-test-renderer to match)
• Expo SDK 52 → 54 (every expo-* package bumped to its SDK 54 line)
• Hermes updated alongside RN 0.81
• @react-native-community/cli (+ cli-platform-android/-ios) 15.0.1 → 20.0.0
• @react-native/metro-config 0.76.9 → 0.81.5
• @types/react ^18.2.6 → ^19.1.0
• iOS app entry point migrated from Objective-C (main.m) to Swift (AppDelegate.swift) as required by the RN 0.81 iOS template

React Native ecosystem libraries

• react-native-screens 3.37.0 → 4.16.0 (major)
• react-native-safe-area-context ^5.4.0 → ~5.6.0
• react-native-reanimated ^3.17.2 → 3.19.0
• react-native-gesture-handler ^2.25.0 → ~2.28.0
• react-native-mmkv ^3.2.0 → ^4.1.2 (major; resolves to 4.3.1)
• react-native-pager-view ^6.7.0 → 6.9.1
• react-native-nitro-modules ^0.29.6 → 0.35.5
• react-native-svg ^15.11.1 → 15.12.1
• react-native-video ^6.10.1 → ^6.19.0
• react-native-vision-camera ^4.6.4 → ^4.7.3
• react-native-view-shot ^3.1.2 → 4.0.3 (major; legacy patch-package patch dropped)
• react-native-qrcode-svg 5.1.2 → 6.3.21 (major; legacy patch dropped)
• react-native-performance ^5.1.2 → ^6.0.0 (major; legacy patch dropped)
• react-native-release-profiler ^0.4.0 → ^0.4.4
• @react-native-community/slider ^4.4.3 → 5.0.1 (major)
• @react-native-async-storage/async-storage ^1.23.1 → 2.2.0 (major)
• @react-native-community/viewpager new direct dep (patched) to keep legacy paged-view consumers building under RN 0.81
• lottie-react-native 6.7.2 → ~7.3.1 (major)
• rive-react-native 9.3.4 → ^9.8.0 (legacy patch dropped)

Native / platform integrations

• @sentry/react-native ~6.15.0 → ~7.2.0
• @segment/analytics-react-native ^2.20.3 → ^2.21.4
• @solana-mobile/mobile-wallet-adapter-protocol ^2.2.5 added (replaces the removed Solana shim path)

Tooling / test infra

• detox ^20.35.0 → ^20.43.0
• @expo/fingerprint ^0.15.0 → ~0.15.4
• pretty-format/react-is pinned to ^19.0.0 (resolution; required for React 19 test compat)
• New global mock: tests/module-mocking/sentry/react-native.ts (E2E-only Sentry shim selected by metro.config.js when IS_TEST=true)
• tsconfig.json path aliases for selected @metamask/* dist subpaths

Breaking Changes Addressed

React 19

• Removed defaultProps from all function components (deprecated in React 18.3, removed in 19)
• useRef now requires an explicit initial value — every useRef<T>() updated to useRef<T>(null)
• RefObject<T> typing tightened — call sites switched to RefObject<T | null> where they were assuming non-null
• React.cloneElement generics tightened — added explicit type parameters where inference no longer narrows
• ReactChild removed — switched to ReactNode
• Migrated hook tests from @testing-library/react-hooks (unmaintained on React 19) to @testing-library/react-native renderHook
• Updated mocked ref parameters from {} to undefined to match the new forwardRef signature
• Updated test rerender() call sites to the new return shape

React Native 0.81

• Added a BackHandler.removeEventListener shim (the static method was removed; addEventListener now returns a subscription)
• Migrated iOS entry point to Swift AppDelegate.swift + new LaunchScreen.xib (deleted main.m)
• MMKV is now a type-only export and .remove() was renamed to .delete() (react-native-mmkv v4)
• NavigationContainerRef requires a generic parameter (@react-navigation/native v7)
• BlurEvent / FocusEvent typing changes on TextInput callbacks
• refreshControl prop typing on virtualized lists
• New MessageEvent (private) usage in WebSocket is internal — Snaps continue to boot via the existing patches/@metamask+post-message-stream+10.0.0.patch (no shim needed)
• Patched @metamask/react-native-webview, @metamask/react-native-button, @metamask/react-native-payments, @metamask/react-native-acm for RN 0.81 / React 19 compatibility (see TODO list below)
• Fixed expo-modules-core EventEmitter mock, Linking mock path (now .default.openURL), safe-area / screens snapshots

Snaps

• AbstractExecutionService renamed to ExecutionService in @metamask/snaps-controllers
• Allowed XMLSerializer and DOMParser inside the snap iframe via the new yarn patch on @metamask/snaps-execution-environments (replaces the runtime HTML mutation we previously carried in SnapsExecutionWebView.tsx)
• Restored upstream pump usage in snap/background bridges (rolled back local stream-cleanup defensive code in MobilePortStream.js and execution-service-init.ts)

Test infrastructure

• Fixed wallet adapter tests (dynamic import race with @expensify/react-native-wallet)
• Restored the isClosingRef guard in BottomSheetDialog to prevent double goBack (MUSD-406) and rolled back a faulty lodash.debounce attempt
• Fixed PolymarketProvider fetch mocks (missing response.text())
• Fixed useTokenSearch throttle timing, EarnLendingWithdrawal mock ordering
• Updated initial-background-state.json fixture, useTailwind mock, reanimatedLogger config
• E2E: fixed URL editor dismissal and snap error assertions across platforms; raised default Detox timeout

Build / CI

• iOS Podfile.lock regenerated for RN 0.81's new Pod graph
• iOS PrivacyInfo.xcprivacy updated for the SDK 54 surface
• Android: CMAKE_VERSION pinned for RN 0.81's NDK build
• E2E CI workflows append ${{ github.run_id }} to native-build cache keys (Android APKs/Gradle, iOS DerivedData) to force fresh builds during the upgrade rollout
• .depcheckrc.yml ignores extended for short-name Babel plugins

Dependencies Patched (.yarn/patches/)

MetaMask-owned (see TODO below — should be upstreamed and the patches dropped):

• @metamask/react-native-acm@1.2.0
• @metamask/react-native-button@3.0.0
• @metamask/react-native-payments@2.0.2
• @metamask/react-native-webview@14.6.0
• @metamask/snaps-execution-environments@11.0.2

Third-party (need upstream PRs or version bumps as they ship RN 0.81-compatible releases):

• react-native@0.81.5 (RN itself — small follow-up patch on top of 0.81.5)
• @react-native-community/viewpager@3.3.0
• @braze/react-native-sdk@19.1.0 (ReactModuleInfo signature change)
• react-native-aes-crypto-forked (we maintain the fork; can be folded into the fork repo)
• react-native-fast-crypto@2.2.0
• react-native-gzip@1.1.0
• react-native-i18n@2.0.15 (deprecated upstream — long-term replace)
• react-native-os@1.2.6
• react-native-sensors@5.3.0
• reactotron-core-client@2.9.7
• expo-web-browser@14.0.2

Legacy patches/ (patch-package) entries removed in this PR
because the upstream packages or our own forks now cover them, or
because the patched version is no longer installed:
@metamask+react-native-button+3.0.0,
@metamask+react-native-payments+2.0.0,
react-native+0.76.9,
react-native-aes-crypto-forked+1.2.1,
react-native-fast-crypto+2.2.0,
react-native-performance+5.1.2,
react-native-qrcode-svg+5.1.2,
react-native-view-shot+3.8.0,
expo-updates-npm-0.27.4. Net result: no orphan patches carried forward.

TODO — follow-ups after this PR is merged

Several Yarn patches added by this upgrade target packages we own under
@metamask/*. They unblock RN 0.81 today, but we should publish fixed
releases and drop the local patches in follow-up PRs:

• @metamask/react-native-acm@1.2.0 — RN 0.81's Kotlin rewrite of
  ReactContextBaseJavaModule removed the currentActivity synthetic
  accessor (now getCurrentActivity()) and made onNewIntent(intent: Intent)
  non-nullable. Patch updates the 4 affected sites in GoogleAcmModule.kt.
  → Publish a 1.x compatible release that compiles against RN 0.81.
• @metamask/react-native-button@3.0.0 — TouchableOpacity.propTypes,
  Text.propTypes and ViewPropTypes.style no longer exist on RN 0.81 /
  React 19. Patch falls back to PropTypes.any/PropTypes.bool defensively.
  → Replace propTypes with TypeScript types or PropTypes.shape literals
  upstream.
• @metamask/react-native-payments@2.0.2 — Bumps Android
  compileSdk/buildTools/targetSdk from 28 → 36 and drops the removed
  ReactBridge import. → Publish a release with the SDK bump (and
  optionally migrate the module to Kotlin / TurboModules while we're there).
• @metamask/react-native-webview@14.6.0 — Adds
  codegenConfig.ios.componentProvider/modulesProvider entries needed by
  RN 0.81's Fabric codegen so RNCWebView and RNCWebViewModule register
  correctly. → Cherry-pick into the next published release; this is purely
  a package.json metadata fix.
• @metamask/snaps-execution-environments@11.0.2 — Adds XMLSerializer
  and DOMParser to the LavaMoat scuttleGlobalThis.exceptions list in
  dist/webpack/webview/index.html so snaps can run inside the iframe
  after lockdown. (This replaces the runtime HTML mutation we previously
  carried in SnapsExecutionWebView.tsx.) → Land the equivalent change in
  snaps upstream so the scuttle exceptions are baked into the published
  HTML.

Other notable patches added here target third-party packages we don't own
(see the "Third-party" list above); they'll need separate upstream PRs or
version bumps as those projects publish RN 0.81-compatible releases.

CHANGELOG entry: null

Manual testing steps

Because this PR moves the entire native floor (RN 0.81 / React 19 / Expo 54),
the surfaces most likely to regress are the ones that cross the JS↔native
bridge or rely on WebViews, animations, and platform integrations. Run the
scenarios below on both iOS and Android (release-style build preferred so
LavaMoat lockdown and Hermes kick in).

Feature: RN 0.81 / React 19 / Expo 54 upgrade smoke

  Scenario: In-place upgrade from the latest production build
    Given a device with the latest store version of MetaMask Mobile installed
    And a wallet that has been used (multiple accounts, custom networks, contacts, NFTs, recent txs, push enabled, biometrics enabled)
    When the user installs this build over the existing one (without uninstalling)
    Then the app launches without crashing on cold start
    And redux-persist migrations run cleanly (no migration errors in logs)
    And accounts, custom networks, contacts, hidden tokens, NFT collections, transaction history, and address book entries are preserved
    And MMKV-backed storage opens (no "Failed to open MMKV" or version mismatch errors)
    And biometric unlock still works without re-prompting for a password reset
    And push-notification token registration still resolves
    And no data needs to be re-imported

  Scenario: In-place upgrade from an older minor (n-3 versions back)
    Given a device with a 3-versions-old build of MetaMask Mobile and a used wallet
    When the user installs this build over it
    Then the chained migrations execute in order with no errors
    And the same continuity assertions as above hold

  Scenario: Onboarding — create new wallet
    Given a fresh install
    When the user creates a new wallet, sets a password, and skips backup
    Then onboarding completes and the wallet screen renders without animation glitches
    And the BackHandler shim does not trigger duplicate goBacks on Android

  Scenario: Onboarding — import via SRP
    Given a fresh install
    When the user imports an existing 12-word SRP via "Import using Secret Recovery Phrase"
    Then accounts populate and the home screen loads with balances

  Scenario: Manual backup flow (Steps 1, 2, 3)
    Given a wallet that has not yet completed manual backup
    When the user walks through ManualBackupStep1 → 2 → 3
    Then the SRP is shown, verification succeeds, and Step 3 navigates to HomeNav without re-registering the Android back handler twice

  Scenario: Send ETH (legacy + EIP-1559)
    Given a funded EOA on Sepolia and Mainnet
    When the user sends ETH to another address using both legacy and 1559 gas
    Then the confirmation sheet renders, the user signs, and the tx appears in Activity → confirmed

  Scenario: Token send + ERC-20 approval
    Given a funded EOA with USDC on Mainnet
    When the user sends USDC and (separately) approves a spender via dApp
    Then both flows render their confirmation sheets correctly and the txs land

  Scenario: Swap (single-chain) + Bridge (cross-chain)
    Given a funded EOA
    When the user performs a Swap and a Bridge from the wallet UI
    Then quotes load, approvals (if needed) sign, the user can switch routes, and the txs land

  Scenario: Smart transactions (STX) on Mainnet
    Given an account with STX enabled
    When the user submits a swap eligible for STX
    Then the STX status sheet renders, polls, and resolves to confirmed without flicker

  Scenario: Transaction batching (EIP-7702 / 5792)
    Given a smart account that supports batched txs
    When the user signs a batch confirmation
    Then the batch appears in Activity with the correct sub-txs

  Scenario: Hardware wallet — Ledger BLE
    Given a Ledger device paired via BLE
    When the user signs an EVM transaction using the Ledger account
    Then the BLE connection succeeds, the user approves on-device, and the tx is broadcast

  Scenario: WalletConnect / SDK dApp connection
    Given a sample dApp (e.g. Uniswap testnet) on desktop
    When the user scans the QR with the in-app camera and connects via WalletConnect
    Then the connection request renders, methods (eth_signTypedData_v4, personal_sign, eth_sendTransaction) work end-to-end, and the dApp shows the wallet address

  Scenario: Deeplinks — universal links + custom scheme + cold/warm start
    Given the app is killed (cold) and separately, in the background (warm)
    When the user taps:
      | metamask://send?recipient=0x...                          | from another app |
      | metamask://buy?address=0x...&chainId=0x1                 | from another app |
      | metamask://swap?from=ETH&to=USDC                         | from another app |
      | metamask://wc?uri=wc:abcd...                             | from a dApp QR  |
      | https://metamask.app.link/wallet                         | universal link  |
      | https://metamask.app.link/buy?...                        | universal link  |
    Then each link routes to the correct screen on both cold and warm starts
    And in-app `Linking.openURL(...)` (e.g. ramp Buy widget, support links) opens the external browser correctly

  Scenario: In-browser dApp via the built-in Browser tab
    Given the wallet is unlocked
    When the user opens the in-app Browser, navigates to a dApp, and signs a tx
    Then the WebView renders, the provider injects, and signing flows work
    # exercises the @metamask/react-native-webview Fabric codegen patch

  Scenario: Snaps — install + invoke
    Given a Flask build with snaps enabled
    When the user installs a permissioned snap and invokes a method that opens a snap UI dialog
    Then the snap iframe loads under LavaMoat lockdown without "XMLSerializer is not a function" or scuttle errors and the dialog renders
    # exercises the @metamask/snaps-execution-environments LavaMoat patch

  Scenario: Buy/Sell ramps (in-app + external browser)
    Given a wallet unlocked and a quote available
    When the user purchases via Transak (in-app widget) and via an external-browser provider
    Then both routes complete; on the external path Linking.openURL or InAppBrowser is invoked correctly and Activity reflects the precreated order

  Scenario: Apple Pay / Google ACM
    Given the user has an Apple Pay card (iOS) or a Google account on device (Android)
    When the user triggers a flow that hits @metamask/react-native-payments (iOS) and Google ACM sign-in (Android)
    Then both native sheets present, complete, and return values to JS without crashing
    # exercises the @metamask/react-native-payments and @metamask/react-native-acm patches

  Scenario: Biometrics / Keychain unlock
    Given a wallet protected by biometrics
    When the user backgrounds the app, returns, and unlocks
    Then Face ID / Touch ID / Android biometric prompts present and unlock works on cold start, warm resume, and after switching networks

  Scenario: Push notifications (transaction notifications)
    Given push notifications enabled
    When an inbound tx confirms
    Then a notification arrives, deeplink tap-through navigates to the right activity row, and Sentry breadcrumbs do NOT show "[E2E Sentry Mock]" (verifies dev/prod env separation)

  Scenario: Token detail chart (TradingView WebView)
    Given the user opens a token detail (e.g. ETH) with MM_CHARTING_LIBRARY_URL set
    When the chart loads
    Then the TradingView library loads from CDN, the OHLC data renders, the crosshair pills work, and there is no "Failed to load TradingView library" error

  Scenario: BottomSheets, modals, and gestures
    Given any flow with a bottom sheet (account selector, network picker, confirmation, settings)
    When the user opens a sheet and rapidly taps the overlay 3-5 times
    Then the sheet closes once, the screen behind is unchanged (no double goBack — MUSD-406 regression check), and the swipe-to-dismiss gesture also works

  Scenario: Animations and Reanimated surfaces
    Given the user navigates onboarding → wallet → token → bridge → settings
    When the fox loader, onboarding success animation, carousel cards, and Rive-driven loaders play
    Then all animations render at 60fps with no warning spam and no crash on iOS 18 / Android 14+

  Scenario: Background restoration after long suspend
    Given the app is backgrounded for >15 minutes
    When the user resumes
    Then accounts, balances, and websocket connections (price feed, notifications) reconnect without leaking timers or duplicate listeners

  Scenario: SDK / WebSocket reconnection
    Given an active dApp connection and an active price-feed websocket
    When the user toggles airplane mode off→on→off
    Then both connections recover and txs/quotes flow again

  Scenario: Settings → Reveal SRP / Private Key
    Given an unlocked wallet
    When the user reveals the SRP and a private key from settings
    Then biometrics gate works, the secrets render correctly, and the "Hold to reveal" + scroll-on-iPhone-SE behaviors are unchanged

  Scenario: Power-user wallet (many accounts / tokens / NFTs)
    Given a power-user SRP imported (see internal SRPs)
    When the user navigates Wallet, Activity, NFTs, and switches networks
    Then list rendering, scrolling, and network switching remain smooth (FlashList 2 / RN 0.81 perf check)

The [E2E Sentry Mock] log line should NOT appear in any of the dev/release
builds above; if it does, IS_TEST=true is leaking into the bundler env.

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Performance checks (if applicable)

• I've tested on Android
  • Ideally on a mid-range device; emulator is acceptable
• I've tested with a power user scenario
  • Use these power-user SRPs to import wallets with many accounts and tokens
• I've instrumented key operations with Sentry traces for production performance metrics
  • See trace() for usage and addToken for an example

For performance guidelines and tooling, see the Performance Guide.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

High Risk
High risk because it updates core React Native/Android build toolchain and introduces multiple Yarn patches to native dependencies, which can affect app startup, native compilation, and E2E reliability across both platforms.

Overview
Upgrades the RN stack to react-native@0.81.5 and aligns native build tooling around it: Android moves to compileSdk/targetSdk 36, Kotlin 2.1.20, NDK 27.1, Gradle 8.14.3, updates app initialization to loadReactNative(this), and adds an MLKit dependency override plus Detox flavor handling.

Stabilizes CI/E2E builds during the upgrade by forcing fresh native caches (cache keys include ${{ github.run_id }}), pinning CMake for Android E2E builds, bumping iOS cache versions, increasing E2E timeout, and restoring iOS app/framework execute permissions after artifact download.

Introduces/updates multiple .yarn/patches/* to keep third-party and MetaMask native modules building under RN 0.81 (Gradle/SDK bumps, Kotlin/ObjC signature fixes, codegen metadata, safer JS snippets), removes obsolete patches, and adjusts JS/TS code for React 19 typing/runtime changes (BackHandler subscription cleanup, stricter RefObject<T | null>/useRef init, safer prop spreads/cloneElement generics, default props moved to parameters, and test expectation updates).

^{Reviewed by Cursor Bugbot for commit c3c6e6e. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

There are 2 total unresolved issues (including 1 from previous review).

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 1a18a5e. Configure here.}

[cursor]

Main cache fallback will never hit due to run_id

Medium Severity

The "Restore from main cache" fallback steps append -${{ github.run_id }} to their cache keys, but the main branch was built under a different run_id. Since cache keys must match exactly, these fallback lookups will never produce a cache hit. The github.run_id suffix is intentional on the branch cache keys (to force fresh builds), but applying it to the main fallback keys defeats the purpose of falling back to a known-good main build. The main fallback keys need to omit the run_id suffix, or the fallback is dead code and every branch build always does a full rebuild even when main has a valid cached artifact.

Additional Locations (2)

• .github/workflows/build-android-e2e.yml#L144-L145
• .github/workflows/build-android-e2e.yml#L181-L182

 

^{Reviewed by Cursor Bugbot for commit 1a18a5e. Configure here.}

[github-actions]

🔍 Smart E2E Test Selection

⏭️ Smart E2E selection skipped - skip-smart-e2e-selection label found

All E2E tests pre-selected.

View GitHub Actions results

[sonarqubecloud]

Quality Gate failed

Failed conditions
61.8% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud