Node-RED on iOS

MQTT works fine, you have to have the broker on another device on your network.

Just installed the latest and the tabs in the sidebar don”t work. So you can’t switch to the Help then Debug unless you use the pull down menu.

Hi, nice app. Now on iphone, I might buy a new ipad just because of this app.
But ...

  • After installing node-red-node-mysql (which works on my network) I cannot delete this node from the palette: ‘Failed to remove, npmCommand is not defined’.

  • After importing nodes (from safari or another app) I get a sliding down pop-up every few seconds saying ‘Node pad pasted from Safari’.

How can I resolve this?

it seems fine in my devices, what ios version and device are you using so i could check it out.

Yup, sorry about that, i havent fix the uninstall part in the modules, you may still manually remove the nodes you installed by using a Files app provided by apple. Open the node-pad folder there, then select nodes folder and delete the node-red node folder that you wish to remove. You cannot remove the node-red modules that came preinstalled with node-pad

Another thing is you can edit your ipad workflows in pc, just visit your ipads ip address with port 1880, eg.

Really ? Given the more mobile nature of iPhones and iPads you could more easily expose yourself to the “raw” internet. It would be safer to limit it to local host access only by default.


weird, now it works. I wonder if it was in the background when I updated. I just flushed the app and tried again and it works.

Yes, I was about to give this a go but I'm going to hold off for now. It isn't safe to expose Node-RED even to the "local" network - since that might be an untrusted Wi-Fi network.

Hard to know whether the device would be exposed when on a 3/4/5G wireless network, I don't think I've ever had an app that published its own website before. Indeed, I suspect that this is one of the reasons that Apple have banned such apps in the past.

Yup, thanks for the advice guys, i was also thinking about that security issue and disable the remote access to the /ui and /dashboard by default unless he has adminAuth.json but then i just went ahead and did the default behavior of node-red, my bad. This security issue is not exclusive to ios version, it just so happen that ios could be already been connected to a mobile network. NR in ios also needs to run in foreground and its completely sandboxed and nodes that access the system was so limited it might not even work.

I think I have to do that on the next update since it’s brought up. Also, apple review team is actually strict but they are also reasonable. They actually approve the update containing nodes i created that exposes data from their low level API. Im contemplating if they will approve if i expose BLE, ive already seen apps in the app store already doing it though.


I think a node red server on ios is like a tool for learning rather than real server, so you should spend your time on other features rather than security.

But it is also dangerous if some one could exploit core function of NR and access data on phone. So it is best to block access from outside, and let user open if they know the risk

1 Like

hi! i already closed the port by default on the latest release, also it's impossible to exploit the phone os with of its ecosystem For me I velcroed my old iPod touch plugged in the wall all the time. It works for me.. :slight_smile:


Thanks for your answer.

I bought a new ipad today. Something strange which I also saw when testing on my iphone: every few seconds there is a message in the top of the screen that something is copied. Either from a textfile to node-pad but on my ipad also when an url was copied from firefox to safari.

Do you know how I can remove this repeating message?

The ios app continuosly feeds device information in node pad even unused, maybe thats it? Those are the blue nodes in the ios device pallete. Can you share a screenshot so i could investigate and make the fix/patch for it,

The pop-up isn’t visible in a screenshot so I made a photo.

I started with firefox and safari open, no other apps active.
I copied an url from firefox to safari. In safari I get a pop-up (this pop-up) once. Then after I opened node-pad I get this same pop-up repeatedly but only while node-pad is opened and active.

I found this:

I got rid of this effect by copying a single ‘space’.

Just did an update of the dashboard from the Palette, quit the application, tossed it out of the open apps list and restarted it. This is what I see in the palette now:

Don't see that on my mac....

Were you able to workaround On this, i was not able to test, also do you mean firefox on ios?

I see, thats actually rejecting the updates on the dashboard cause it was preinstalled in a read only files system, any nodes that came preinstalled with node-pad cannot be changed or removed.

Copying from firefox is just an example. The source of the copied data is not important.

When there is any data in the copy buffer of ios, node-pad will read it every 6 seconds or so. In ios version <14 you would not notice it but ios14 shows whenever an app reads the copy buffer.

Node-pad reads the copy buffer every six seconds. I don’t know why; I will test with a sniffer if it generates data transfer.

Also please see the article I linked to in my previous post.

Interesting because it is showing the latest version. Is there a way to fix it without deleting the app and reinstalling it?

yes, just open th Files app of your ios device, select node-pad and delete node-dashboard inside the nodes or node_modules folder

1 Like