Prerequisites
Hedis requires three runtime dependencies:
- Go 1.23 or higher
- MongoDB — Stores function fingerprints and package metadata
- Node.js — Required for JavaScript utilities (dependency resolution and package fetching)
Install Go
You need Go 1.23 or higher to build and run Hedis.
go version
# Output: go version go1.23.0 ...
Install MongoDB
Hedis uses MongoDB to store function fingerprints and package metadata. You can run MongoDB locally or use a cloud instance.
Docker (recommended)
macOS
Linux
MongoDB Atlas
The fastest way to get MongoDB running is with Docker:docker run -d \
--name hedis-mongo \
-p 27017:27017 \
-e MONGO_INITDB_ROOT_USERNAME=hedis \
-e MONGO_INITDB_ROOT_PASSWORD=hedis \
mongo:latest
mongodb://hedis:hedis@localhost:27017
Install with Homebrew:brew tap mongodb/brew
brew install mongodb-community
brew services start mongodb-community
mongodb://localhost:27017
Install on Ubuntu/Debian:wget -qO - https://www.mongodb.org/static/pgp/server-7.0.asc | sudo apt-key add -
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/7.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-7.0.list
sudo apt update
sudo apt install -y mongodb-org
sudo systemctl start mongod
sudo systemctl enable mongod
mongodb://localhost:27017
Use a free MongoDB Atlas cluster:
- Sign up at mongodb.com/cloud/atlas
- Create a free cluster
- Add your IP to the access list
- Create a database user
- Copy your connection string
Your connection string will look like:mongodb+srv://<username>:<password>@cluster0.xxxxx.mongodb.net
Install Node.js
Node.js is required for the JavaScript utilities included with Hedis.
node --version
# Output: v20.x.x
Build Hedis
Clone the repository and build the binary:
git clone https://github.com/yourusername/hedis.git
cd hedis/go/hermes-decompiler
# Build the binary
go build -o hermes-decompiler .
All Go commands must be run from the go/hermes-decompiler/ directory.
./hermes-decompiler --help
.env file in go/hermes-decompiler/ with your configuration:
# MongoDB connection
MONGO_CONNECTION_STRING=mongodb://localhost:27017
MONGO_DB_NAME=hedis
# Hermes binary platform (osx-bin for macOS, linux64-bin for Linux)
OS_HERMES=osx-bin
# GitHub personal access token (required for security advisory API)
GITHUB_TOKEN=ghp_your_token_here
The .env file is automatically loaded via godotenv/autoload. Never commit this file to version control.
Environment variables
| Variable | Description | Example |
|---|
MONGO_CONNECTION_STRING | MongoDB connection URI | mongodb://localhost:27017 |
MONGO_DB_NAME | Database name | hedis (default) |
OS_HERMES | Hermes binary platform | osx-bin or linux64-bin |
GITHUB_TOKEN | GitHub PAT for Security Advisory API | ghp_... |
Get a GitHub token
You need a GitHub personal access token to query the Security Advisory API:
- Go to github.com/settings/tokens
- Click “Generate new token (classic)”
- Select scopes:
public_repo, read:packages
- Copy your token to the
.env file
Database collections
Hedis creates three MongoDB collections:
| Collection | Purpose |
|---|
packages | npm package metadata |
hashes / hashes_ghsa | Function fingerprints per package per RN version |
baselines_v3 | Empty RN app fingerprints (filters framework functions) |
These collections are created automatically when you run the maintain-database command.
Verify installation
Test your setup by disassembling a sample .hbc file:
# Run a test command
./hermes-decompiler disassemble -i sample.hbc -o output.txt
Next steps
Quick start
Analyze your first React Native app
Commands
Learn about all available commands