Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@bubblewrap/core

Package Overview
Dependencies
Maintainers
7
Versions
65
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@bubblewrap/core

Core Library to generate, build and sign TWA projects

latest
Source
npmnpm
Version
1.23.0
Version published
Weekly downloads
2.8K
38.34%
Maintainers
7
Weekly downloads
 
Created
Source

Bubblewrap Core

Node CI Status

Bubblewrap Core is a NodeJS library that helps developers to create a Project for an Android application that launches an existing Progressive Web App (PWA) using a Trusted Web Activity (TWA).

Requirements

  • Node.js 14.15.0 or above

Setting up the Environment

Get the Java Development Kit (JDK) 8.

The Android Command line tools requires the correct version of the JDK to run. To prevent version conflicts with a JDK version that is already installed, Bubblewrap uses a JDK that can unzipped in a separate folder.

Download a version of JDK 8 that is compatible with your OS from AdoptOpenJDK and extract it in its own folder.

Warning: Using a version lower than 8 will make it impossible to compile the project and higher versions are incompatible with the Android command line tools.

Get the Android command line tools

Download a version of Android command line tools that is compatible with your OS from https://developer.android.com/studio#command-tools. Create a folder and extract the downloaded file into it.

Using @bubblewrap/core in a NodeJs project

npm i -g @bubblewrap/core

Contributing

See CONTRIBUTING for more.

License

See LICENSE for more.

Disclaimer

This is not a Google product.

Keywords

twa
trusted-web-activities
pwa
progressive-web-apps
android

FAQs

Package last updated on 25 Jun 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Introducing Tier 1 Reachability: Precision CVE Triage for Enterprise Teams

Product

Introducing Tier 1 Reachability: Precision CVE Triage for Enterprise Teams

Socket’s new Tier 1 Reachability filters out up to 80% of irrelevant CVEs, so security teams can focus on the vulnerabilities that matter.

By Martin Torp  -  Sep 09, 2025
DuckDB npm Account Compromised in Continuing Supply Chain Attack

Research

/

Security News

DuckDB npm Account Compromised in Continuing Supply Chain Attack

Ongoing npm supply chain attack spreads to DuckDB: multiple packages compromised with the same wallet-drainer malware.

By Peter van der Zee, Sarah Gooding  -  Sep 09, 2025
SocketSocket SOC 2 Logo

Product

About

Packages

Explore npm
Explore Cargo
Explore Go
Explore Maven
Explore NuGet
Explore PyPI
Explore Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc

U.S. Patent No. 12,346,443 & 12,314,394. Other pending.