Introducing Socket Firewall: Free, Proactive Protection for Your Software Supply Chain.Learn More
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@grabjs/superapp-sdk

Package Overview
Dependencies
Maintainers
35
Versions
34
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@grabjs/superapp-sdk

SDK for Grab SuperApp WebView.

Source
npmnpm
Version
1.7.19
Version published
Weekly downloads
210
-65.96%
Maintainers
35
Weekly downloads
 
Created
Source

JavaScript to Native bridge communication

Overview

Communication between web-app and native Grab app happens via web bridge. Each request and response object must have a structure defined in this document.

Currently available modules

  • Camera Module
  • Checkout Module.
  • Container Module.
  • Location Module.
  • Media Module.
  • Scope Module.
  • Locale Module.
  • Storage Module
  • Platform Module
  • SystemWebViewKit Module

One point to note is that partner engineers need to call ScopeModule.reloadScopes after redirection to partner website to load permissions from GrabID:

const scopeModule = new ScopeModule();
await scopeModule.reloadScopes();

Afterwards, calls to module methods will reflect actual permissions.

Request

Each request to native API should be done through JavaScript bridge provided by Grab. Please refer to specific Module API documentation for more details

Response

Each resonse from the native bridge follows the same structure described bellow.

KeyTypeDescription
status_codeIntegerResponse status code (see list of codes below)
resultObject or primitive typeResult object according to method specification (required for 200 status code)
errorStringError message (required for non-200 status codes)

Response status codes

CodeTypeDescription
200OKRequest successful, result value contains response data
204No ContentRequest successful, result value doesn't contain data
400Bad RequestThe request is malformed (e.g. missing parameters, missing method name)
403ForbiddenThe client doesn't have permission to access this method
424Failed DependencyUnderlying request returned an error
500Internal ErrorUnexpected internal error (e.g. failed to serialize response object)

Success response example

{
  "status_code": 200,
  "result": {
    "latitude": 1.234567,
    "longitude": -1.234567
  }
}

Failure response example

{
  "status_code": 403,
  "error": "Client doesn't have access to method \"getLocation\" in module \"LocationModule\""
}
  • GDMCOMMENT: Latitudes and longitudes used in this file are either sourced from GrabPlaces, GrabMaps, OSM or randomly created by the developer and are not obtained from other external sources.

Keywords

superapp
webview
android
ios

FAQs

Package last updated on 29 Jul 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Google’s OSV Fix Just Added 500+ New Advisories — All Thanks to One Small Policy Change

Security News

Google’s OSV Fix Just Added 500+ New Advisories — All Thanks to One Small Policy Change

A data handling bug in OSV.dev caused disputed CVEs to disappear from vulnerability feeds until a recent fix restored over 500 advisories.

By Jonathan Leitschuh  -  Oct 10, 2025