Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@shopify/app-bridge
Advanced tools
**[Join our team and work on libraries like this one.](https://www.shopify.ca/careers)**
@shopify/app-bridge
Join our team and work on libraries like this one.
You can use Shopify App Bridge to embed apps and channels directly into the Shopify admin, Shopify Mobile, and Shopify POS. Shopify App Bridge helps to reduce your development time by accessing native Shopify features across different platforms, and makes sure that the user experience is consistent wherever merchants are using your app.
Shopify App Bridge is a replacement for the now deprecated Embedded App SDK.
You can install Shopify App Bridge by using Yarn:
yarn add @shopify/app-bridge
In the following example, you need to store host
during the authentication process and then retrieve it for the code to work properly. To learn more about this process, see Getting and storing the shop origin.
Import the library from the @shopify/app-bridge
package and provide a configuration:
import createApp from '@shopify/app-bridge';
const app = createApp({
apiKey: 'API key from Shopify Partner Dashboard',
host: 'host from URL search parameter',
});
Shopify App Bridge introduces the concept of actions. An action provides a way for applications and hosts to trigger events with a statically-typed payload.
To learn more about the supported actions, see the actions documentation.
Once the app is set up, you can access additional details and the state of the app at
any time by making async call app.getState()
:
app.getState().then((state: any) => {
console.info('App State: %o', state);
});
You can also use a shorthand to retrieve nested properties by passing in a query
when calling getState(query)
, for example:
app.getState('pos.user').then((user: any) => {
console.log('POS User: %o', user);
});
Shopify App Bridge can be extended with hooks, which run when actions are dispatched and updated. Hooks are middleware that can modify or cancel actions.
Shopify App Bridge is shipped with a development build, which provides detailed debugging information during development.
If you're consuming App Bridge from a CDN or using the UMD build, simply include the development version:
umd/index.development.js
instead of umd/index.js
When consumed as JS Modules, development/production build is dynamically selected based on the NODE_ENV
variable. Development build is used when NODE_ENV=development
.
Please note that the development build is not intended for production use, as the file size is significantly larger.
FAQs
**[Join our team and work on libraries like this one.](https://www.shopify.ca/careers)**
The npm package @shopify/app-bridge receives a total of 44,787 weekly downloads. As such, @shopify/app-bridge popularity was classified as popular.
We found that @shopify/app-bridge demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 25 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.