Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@bubblewrap/core

Package Overview
Dependencies
Maintainers
7
Versions
67
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@bubblewrap/core

Core Library to generate, build and sign TWA projects

latest
Source
npmnpm
Version
1.24.1
Version published
Weekly downloads
4.9K
40.75%
Maintainers
7
Weekly downloads
 
Created
Source

Bubblewrap Core

Node CI Status

Bubblewrap Core is a NodeJS library that helps developers to create a Project for an Android application that launches an existing Progressive Web App (PWA) using a Trusted Web Activity (TWA).

Requirements

  • Node.js 14.15.0 or above

Setting up the Environment

Get the Java Development Kit (JDK) 8.

The Android Command line tools requires the correct version of the JDK to run. To prevent version conflicts with a JDK version that is already installed, Bubblewrap uses a JDK that can unzipped in a separate folder.

Download a version of JDK 8 that is compatible with your OS from AdoptOpenJDK and extract it in its own folder.

Warning: Using a version lower than 8 will make it impossible to compile the project and higher versions are incompatible with the Android command line tools.

Get the Android command line tools

Download a version of Android command line tools that is compatible with your OS from https://developer.android.com/studio#command-tools. Create a folder and extract the downloaded file into it.

Using @bubblewrap/core in a NodeJs project

npm i -g @bubblewrap/core

Contributing

See CONTRIBUTING for more.

License

See LICENSE for more.

Disclaimer

This is not a Google product.

Keywords

twa
trusted-web-activities
pwa
progressive-web-apps
android

FAQs

Package last updated on 29 Sep 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

OWASP 2025 Top 10 Adds Software Supply Chain Failures, Ranked Top Community Concern

Security News

OWASP 2025 Top 10 Adds Software Supply Chain Failures, Ranked Top Community Concern

OWASP’s 2025 Top 10 introduces Software Supply Chain Failures as a new category, reflecting rising concern over dependency and build system risks.

By Sarah Gooding  -  Nov 08, 2025
9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads

Research

/

Security News

9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads

Socket researchers discovered nine malicious NuGet packages that use time-delayed payloads to crash applications and corrupt industrial control systems.

By Kush Pandya  -  Nov 06, 2025