Security News
Deno 2.6 + Socket: Supply Chain Defense In Your CLI
Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.
By Sarah Gooding -  Dec 12, 2025
🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
config-cordova
Advanced tools
Package was removed
Sorry, it seems this package was removed from the registry
cordova-config
Parse and edit the config.xml file of a cordova project.
This project is based on the cordova-config repo (https://github.com/SamVerschueren/cordova-config) and the cordova-config-cli (https://github.com/ragingwind/cordova-config-cli/blob/master/package.json).
Install
npm install --save config-cordova
Programmatic Usage
const Config = require('cordova-config');
// Load and parse the config.xml
const config = new Config('config.xml');
config.setName('My application');
config.setDescription('This is the description of my application');
config.setAuthor('Sam Verschueren', 'sam.verschueren@gmail.com', 'https://github.com/SamVerschueren');
// Write the config file
config.writeSync();
API
Config(file)
Loads and parses the file.
file
Required
Type: string
The path to the config.xml file.
#setName(name)
Sets the
<name>name</name>tag in the xml file.
name
Required
Type: string
The name of the application.
#setElement(tag, [text], [attribs])
Sets a
<tag>text</tag>tag in the xml file.
tag
Required
Type: string
The name of the element.
text
Type: string
The element text.
attribs
Type: object
The element attributes
#setDescription(description)
Sets the
<description>description</description>tag in the xml file.
description
Required
Type: string
The description of the application.
#setAuthor(name [, email [, website]])
Sets the
<author email="email" href="website">name</author>tag in the xml file.
name
Required
Type: string
The name of the author.
Type: string
The email address of the email.
website
Type: string
The website of the author.
#setVersion(version)
Sets the version attribute of the
widgettag in the xml file.
version
Required
Type: string
The version in the format x.y.z.
#setAndroidVersionCode(version)
Sets the android-versionCode attribute of the
widgettag in the xml file.
version
Required
Type: number
The Android version code.
#setAndroidPackageName(packageName)
Sets the Android package name of the config file.
packageName
Required
Type: string
The android package name.
#setIOSBundleVersion(version)
Sets the ios-CFBundleVersion attribute of the
widgettag in the xml file.
version
Required
Type: string
The version in the format x.y.z.
#setIOSBundleIdentifier(identifier)
Sets the iOS CFBundleIdentifier of the config file.
identifier
Required
Type: string
The iOS CFBundleIdentifier.
#setPreference(name, value)
Adds a
<preference name="name" value="value" />tag to the xml file.
name
Required
Type: string
The name of the preference tag.
value
Required
Type: string|boolean
The value of the preference.
#removeAccessOrigins()
Removes all the
<access />tags in the xml file.
#removeAccessOrigin(origin)
Removes the
<access />tag with the origin equal to the parameter.
origin
Required
Type: string
The origin of the access tag you want to remove.
#setAccessOrigin(origin [, options])
Adds an
<access />tag to the xml file.
origin
Required
Type: string
The origin of the access tag.
options
Type: object
A map with extra attributes that will be added to the access tag.
#setID(id)
Sets the ID of the config file.
id
Required
Type: string
The id of the widget tag.
#addHook(type, src)
Adds the hook with type and src. see Apache Cordova API Documentation for more info.
type
Required
Type: string
Cordova hook type. ex) 'after_build', 'after_compile', 'after_clean'
src
Required
Type: string
Src path of hook script
#addRawXML(xml)
Adds a raw xml element to the root of the config file.
xml
Required
Type: string
A raw xml element. You can only pass in one element with one root.
#write()
Writes the
config.xmlfile async.
Resolves a promise when the file is written.
#writeSync()
Writes the
config.xmlfile synchronously.
CLI Usage
$ config-cordova <actions> <config> <value> <options>
Examples
$ config-cordova set name "New Name"
$ config-cordova set name "New Name" --config=../config.xml
$ config-cordova add hook after_prepare script/after_prepare.js --config=../config.xml
$ config-cordova rm access-origin "*" --config=../fixtures/config.xml
Actions and configs
- set: name, desc, author, version, android-version, ios-version
- add: preference, access-origin, xml, hook
- rm: access-origin
Values
See config-cordova APIs to find value signature of the method
Options
- --config: required, string, path of config.xml if not set? use a current path for reading'
License
MIT © Sam Verschueren
FAQs
Parse and edit the config.xml file of a cordova project
The npm package config-cordova receives a total of 0 weekly downloads. As such, config-cordova popularity was classified as not popular.
We found that config-cordova demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
New React Server Components Vulnerabilities: DoS and Source Code Exposure
New DoS and source code exposure bugs in React Server Components and Next.js: what’s affected and how to update safely.
By Sarah Gooding -  Dec 12, 2025
Security News
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
By Sarah Gooding -  Dec 11, 2025