Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@grabjs/superapp-sdk

Package Overview
Dependencies
Maintainers
35
Versions
32
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@grabjs/superapp-sdk

SDK for Grab SuperApp WebView.

1.7.22
latest
Source
npmnpm
Version published
Maintainers
35
Created
Source

JavaScript to Native bridge communication

Overview

Communication between web-app and native Grab app happens via web bridge. Each request and response object must have a structure defined in this document.

Currently available modules

  • Camera Module
  • Checkout Module.
  • Container Module.
  • Location Module.
  • Media Module.
  • Scope Module.
  • Locale Module.
  • Storage Module
  • Platform Module
  • SystemWebViewKit Module

One point to note is that partner engineers need to call ScopeModule.reloadScopes after redirection to partner website to load permissions from GrabID:

const scopeModule = new ScopeModule();
await scopeModule.reloadScopes();

Afterwards, calls to module methods will reflect actual permissions.

Request

Each request to native API should be done through JavaScript bridge provided by Grab. Please refer to specific Module API documentation for more details

Response

Each resonse from the native bridge follows the same structure described bellow.

KeyTypeDescription
status_codeIntegerResponse status code (see list of codes below)
resultObject or primitive typeResult object according to method specification (required for 200 status code)
errorStringError message (required for non-200 status codes)

Response status codes

CodeTypeDescription
200OKRequest successful, result value contains response data
204No ContentRequest successful, result value doesn't contain data
400Bad RequestThe request is malformed (e.g. missing parameters, missing method name)
403ForbiddenThe client doesn't have permission to access this method
424Failed DependencyUnderlying request returned an error
500Internal ErrorUnexpected internal error (e.g. failed to serialize response object)

Success response example

{
  "status_code": 200,
  "result": {
    "latitude": 1.234567,
    "longitude": -1.234567
  }
}

Failure response example

{
  "status_code": 403,
  "error": "Client doesn't have access to method \"getLocation\" in module \"LocationModule\""
}
  • GDMCOMMENT: Latitudes and longitudes used in this file are either sourced from GrabPlaces, GrabMaps, OSM or randomly created by the developer and are not obtained from other external sources.

Keywords

superapp
webview
android
ios

FAQs

Package last updated on 14 Aug 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials

Research

Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials

Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.

By Kush Pandya  -  Sep 05, 2025
SocketSocket SOC 2 Logo

Product

About

Packages

Explore npm
Explore Cargo
Explore Go
Explore Maven
Explore NuGet
Explore PyPI
Explore Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc

U.S. Patent No. 12,346,443 & 12,314,394. Other pending.