We are getting vulnerabilities for passkit generator, used for apple wallet creation. Could you please suggest how to resolve this issue In our system we updated MIME with latest version but passkit is referring older version 1.4.1 npm audit report mime <1.4.1 Severity: high mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input - https://github.com/advisories/GHSA-wrvr-8mpx-r7pp No fix available node_modules/mime passkit * Depends on vulnerable versions of mime node_modules/passkit 2 high severity vulnerabilities Some issues need review, and may require choosing a different dependency.

We are currently developing a wallet solution that uses the iOS EEA HCE API’s, during the testing of enabling our wallet as the system default wallet, we are being presented with an iOS system alert that states: “Change the default contactless app? You can double-click to use cards in your default app. If Apple Wallet is not your default wallet app, you’ll need to open Wallet to use its cards, keys and tickets. Express Mode will continue to work when iphone is held near a compatible reader” Please can you advise how we can prevent Apple Pay’s express mode from intercepting the customers preferred wallet actions including transit payments. If this is not possible please can you provide the rationale for this not being possible given the Digital Marketing Act interoperability guidelines and EU Commitments in case AT.40452.

Hi! I have set up an APNS API that sends push notifications to update my Apple Wallet pass. I am using the APN library and a .p8 key for APNS push notifications. I keep getting 200 responses and "sent successfully" logs, but Apple Wallet is not receiving the notification. Which configuration or payload should I check to make it work? Thanks

When downloading a .zip file with a pass package, when trying to open a file it only appears as a file but is not added to the wallt.

Hi all, I'm working on a use case where a customer checks in at a point of service (e.g., a cafeteria or restaurant) using their Apple Wallet pass (e.g., a digital employee badge). In this scenario, we would like to use an iPhone (with a custom iOS app) as the NFC terminal to read the pass directly from the customer's iPhone over NFC. I’m aware that "Tap to Pay on iPhone" allows NFC-based payment acceptance, but it’s unclear if similar functionality is available or permitted for reading access-type passes from another iPhone via NFC. Key questions: Is it technically possible for an iPhone to act as an NFC reader for a Wallet pass on another iPhone? If not, is this restricted due to Secure Element isolation or protocol limitations? Is there any Apple-supported path for building such a solution — or is certified external hardware (e.g., HID, Wavelynx) the only option? I’ve reviewed the Core NFC and PassKit documentation but couldn't find a definitive answer. Thanks in advance for your clarification!

Hello, We watched the WWDC25 presentation about Apple Wallet on the upgrade boarding pass features with Live Activities. We’re interested in integrating this into our app for iOS 26 beta testing. Could you please provide: Sample code or example projects API documentation Implementation guidelines Details on sharing functionality Thanks in advance!

We are implementing a feature that uses PKPassLibrary.requestAutomaticPassPresentationSuppression to prevent the Wallet from appearing when unlocking a lock. We have already completed the approval process for the entitlement to enable Pass Presentation Suppression. In most cases, our code snippet works as expected, and the result is .success. However, we are also encountering other results, such as .denied, .alreadyPresenting, and .cancelled or .notSupported, which cause the Wallet to appear for users. Here's the code snippet we're using: PKPassLibrary.requestAutomaticPassPresentationSuppression { result in logger.log( .info, "PKPassLibrary suppression result: \(result.description)", LogContext.homeFeature ) } I would appreciate clarification on the following points: What's the meaning of each result type (.denied, .alreadyPresenting, .cancelled, .notSupported) beyond what is mentioned in the documentation? The documentation here does not provide additional details. What is the recommended handling for these specific result states? Should we be taking different actions or retries based on each case? Thank you very much for your help. Best, Ramiro.

I am fallowing the steps mention here https://developer.apple.com/wallet/get-started-with-verify-with-wallet/ and https://developer.apple.com/documentation/passkit/requesting-identity-data-from-a-wallet-pass to run a POC in simulator but I am getting a crash DigitalPresentmentSession requestDocument fatal error from xpc: This app has crashed because it called an API it is not entitled to use. :0: Fatal error: This app has crashed because it called an API it is not entitled to use.