Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The command line tool to build, deploy and manage Cordova-based applications.
Apache Cordova allows for building native mobile applications using HTML, CSS and JavaScript. This tool helps with management of multi-platform Cordova applications as well as Cordova plugin integration.
Check out the Getting Started guides for more details on how to work with Cordova sub-projects.
dependencies/tools/bin
folder inside the SDK directory added to your path!tools
and platform-tools
directories on your system path otherwise Android support will fail.cordova-cli has been tested on Mas OS X, Linux, Windows 7 and Windows 8.
npm install -g cordova
cordova-cli has a single global create
command that creates new cordova projects into a specified directory. Once you create a project, cd
into it and you can execute a variety of project-level commands. Completely inspired by git's interface.
create <directory> [<id> [<name>]]
create a new cordova project with optional name and id (package name, reverse-domain style)platform [ls | list]
list all platforms the project will build toplatform add <platform> [<platform> ...]
add one (or more) platforms as a build target for the projectplatform [rm | remove] <platform> [<platform> ...]
removes one (or more) platforms as a build target for the projectplugin [ls | list]
list all plugins added to the projectplugin add <path-to-plugin> [<path-to-plugin> ...]
add one (or more) plugins to the projectplugin [rm | remove] <plugin-name> [<plugin-name> ...]
remove one (or more) added pluginsprepare [platform...]
copies files into the specified platforms, or all platforms. it is then ready for building by Eclipse/Xcode/etc.compile [platform...]
compiles the app into a binary for each added platform. With no parameters, builds for all platforms, otherwise builds for the specified platforms.build [<platform> [<platform> [...]]]
an alias for cordova prepare
followed by cordova compile
emulate [<platform> [<platform> [...]]]
launch emulators and deploy app to them. With no parameters emulates for all platforms added to the project, otherwise emulates for the specified platformsserve <platform> [port]
launch a local web server for that platform's www directory on the given port (default 8000).-d
or --verbose
will pipe out more verbose output to your shell. You can also subscribe to log
and warn
events if you are consuming cordova-cli as a node module by calling cordova.on('log', function() {})
or cordova.on('warn', function() {})
.-v
or --version
will print out the version of your cordova-cli install.A Cordova application built with cordova-cli will have the following directory structure:
myApp/
|--.cordova/
|-- merges/
| | |-- android/
| | |-- blackberry/
| | `-- ios/
|-- www/
| `-- config.xml
|-- platforms/
| |-- android/
| |-- blackberry/
| `-- ios/
`-- plugins/
This directory identifies a tree as a cordova project. Simple configuration information is stored in here (such as BlackBerry environment variables).
Commands other than create
operate against the project directory itself, rather than the current directory - a search up the current directory's parents is made to find the project directory. Thus, any command (other than create
) can be used from any subdirectory whose parent is a cordova project directory (same as git).
Platform-specific web assets (HTML, CSS and JavaScript files) are contained within appropriate subfolders in this directory. These are deployed during a prepare
to the appropriate native directory. Files placed under merges/
will override matching files in the www/
folder for the relevant platform. A quick example, assuming a project structure of:
merges/
|-- ios/
| `-- app.js
|-- android/
| `-- android.js
www/
`-- app.js
After building the Android and iOS projects, the Android application will contain both app.js
and android.js
. However, the iOS application will only contain an app.js
, and it will be the one from merges/ios/app.js
, overriding the "common" app.js
located inside www/
.
Contains the project's web artifacts, such as .html, .css and .js files. These are your main application assets. They will be copied on a cordova prepare
to each platform's www directory.
This file is what you should be editing to modify your application's metadata. Any time you run any cordova-cli commands, the tool will look at the contents of config.xml
and use all relevant info from this file to define native application information. cordova-cli supports changing your application's data via the following elements inside the config.xml
file:
<name>
element.id
attribute from the top-level <widget>
element.version
attribute from the top-level <widget>
element.<access>
elements. Make sure the origin
attribute of your <access>
element points to a valid URL (you can use *
as wildcard). For more information on the whitelisting syntax, see the docs.phonegap.com. You can use either attribute uri
(BlackBerry-proprietary) or origin
(standards-compliant) to denote the domain.<preference>
tags. See docs.phonegap.com for a list of preferences you can use.Platforms added to your application will have the native application project structures laid out within this directory.
Any added plugins will be extracted or copied into this directory.
Projects created by cordova-cli have before
and after
hooks for each project command.
There are two types of hooks: project-specific ones and module-level ones. Both of these types of hooks receive the project root folder as a parameter.
These are located under the .cordova/hooks
directory in the root of your cordova project. Any scripts you add to these directories will be executed before and after the appropriate commands. Useful for integrating your own build systems or integrating with version control systems. Remember: make your scripts executable.
before_build
hook for jade template compiling courtesy of dpogueIf you are using cordova-cli as a module within a larger node application, you can also use the standard EventEmitter
methods to attach to the events. The events include before_build
, before_compile
, before_docs
, before_emulate
, before_run
, before_platform_add
, before_library_download
, before_platform_ls
, before_platform_rm
, before_plugin_add
, before_plugin_ls
, before_plugin_rm
and before_prepare
. There is also a library_download
progress event. Additionally, there are after_
flavours of all the above events.
Once you require('cordova')
in your node project, you will have the usual EventEmitter
methods available (on
, off
or removeListener
, removeAllListeners
, and emit
or trigger
).
This example shows how to create a project from scratch named KewlApp with iOS and Android platform support, and includes a plugin named Kewlio. The project will live in ~/KewlApp
cordova create ~/KewlApp KewlApp
cd ~/KewlApp
cordova platform add ios android
cordova plugin add http://example.org/Kewlio-1.2.3.tar.gz
cordova build
The directory structure of KewlApp now looks like this:
KewlApp/
|-- .cordova/
|-- merges/
| |-- android/
| `-- ios/
|-- www/
| `-- index.html
|-- platforms/
| |-- android/
| | `-- …
| `-- ios/
| `-- …
`-- plugins/
`-- Kewlio/
npm test
Please check Cordova issues with the CLI Component. If you find issues with this tool, please be so kind as to include relevant information needed to debug issues such as:
create
Thanks to everyone for contributing! For a list of people involved, please see the package.json
file.
FAQs
Cordova command line interface tool
The npm package cordova receives a total of 40,065 weekly downloads. As such, cordova popularity was classified as popular.
We found that cordova demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 28 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.