Gathering detailed insights and metrics for @sap-devx/webview-rpc
Gathering detailed insights and metrics for @sap-devx/webview-rpc
Provides a conventient way to communicate between VSCode extension and his Webviews. Use RPC calls to invoke functions on the webview and receive callbacks.
Installations
npm install @sap-devx/webview-rpcDeveloper Guide
BETA
Typescript
No
Module System
N/A
Node Version
18.20.2
NPM Version
10.5.0
Releases
6
Languages
3
TypeScript
HTML
JavaScript
TypeScript (88.38%)
HTML (7.77%)
JavaScript (3.85%)
Developer
SAP
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
Apache-2.0 License
38 Stars
190 Commits
5 Forks
4 Watchers
10 Branches
622 Contributors
Updated on May 21, 2025
Maintainers
3
Package Meta Information
Latest Version
1.0.0
Package Id
@sap-devx/webview-rpc@1.0.0
Unpacked Size
42.60 kB
Size
10.73 kB
File Count
21
NPM Version
10.5.0
Node Version
18.20.2
Published on
Apr 21, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
vscode-webview-rpc-lib
Description
Provides a conventient way to communicate between VSCode extension and its webviews. Use RPC calls to invoke functions on the webview, receive callbacks and vice versa.
Requirements
You need to have node.js installed on your machine. Also, to use this library, you need to run it inside a VSCode extension using VSCode or Theia.
How to use
An example of using this libary can be seen under the "example" folder.
Installation
- Create VSCode extension with a Webview. To create your extension go to https://code.visualstudio.com/api/extension-guides/webview.
- Install using npm
This will install the library in your node_modules folder. The extension library can be used as any node.js module (with TypeScript). The webview library needs to be imported to your html.1npm install @sap-devx/webview-rpc - Add the following script to the root html of your Webview
1<head> 2 <script>var exports = {};</script> 3 <script type="module" src="vscode-resource:/node_modules/@sap-devx/webview-rpc/out.browser/rpc-common.js"></script> 4 <script type="module" src="vscode-resource:/node_modules/@sap-devx/webview-rpc/out.browser/rpc-browser.js"></script> 5 <script type="module" src="vscode-resource:/out/media/main.js"></script> 6</head>
Initializations
Create new instance of the Rpc in the extension side and the Webview side
- In the extension code use the following example to start new instance of the RpcExtension:
1this._rpc = new RpcExtension(this._panel.webview); - In the Webview JS code use the following example to start new instance of the RpcBrowser:
1const vscode = acquireVsCodeApi(); 2let rpc = new RpcBrowser(window, vscode);
Register methods
In order to invoke an extension method from the webbiew or webview method from the extension, you will have to register the functions that can be invoked. Here is an example on how to register the methods
1function add(a,b) { 2 return a+b; 3} 4 5rpc.registerMethod({func: add});
Usage
To invoke a method use the invoke method on the rpc instance. You can pass a callback that will be invoked once the response received.
For version < 1.x :
1rpc.invoke("add", [1,2]).then((response)=>{ 2 console.log("1+2="+response); 3});
Since version 1.x :
1rpc.invoke("add", 1,2).then((response)=>{ 2 console.log("1+2="+response); 3});
Build and Development
To build for development purpose do the following:
- Run "npm install" on the repo to download the project dependencies.
1npm install @sap-devx/webview-rpc - Run "npm run compile-ext" to compile the extension library sources to javascript. The compilation results will be on the directory "out.ext".
1npm run compile-ext - Run "npm run compile-browser" to compile the browser library sources to javascript. The compilation results will be on the directory "out.browser".
1npm run compile-browser - Run the test using "npm run test".
1npm run test
Known Issues
-
Browser library is does not generate d.ts files.
-
overcome Cors issue preventing post message to get through and hit the window: use the setHost method and sent the host name from the webview - and then the message should get through.
How to obtain support
- To get more help, support and information please open a github issue.
Contributing
Contributing information can be found in the CONTRIBUTING.md file.
To-Do (upcoming changes)
- remove the need to decalre exposed functions
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/SAP/.github/SECURITY.md:1
- Info: Found linked content: github.com/SAP/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/SAP/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/SAP/.github/SECURITY.md:1
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/vscode-webview-rpc-lib/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/vscode-webview-rpc-lib/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commitlint.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/vscode-webview-rpc-lib/commitlint.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/commitlint.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/vscode-webview-rpc-lib/commitlint.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/vscode-webview-rpc-lib/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/vscode-webview-rpc-lib/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/vscode-webview-rpc-lib/release.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:32
- Warn: npmCommand not pinned by hash: .github/workflows/release.yml:20
- Info: 0 out of 5 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
- Info: 2 out of 4 npmCommand dependencies pinned
Reason
Found 4/23 approved changesets -- score normalized to 1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/commitlint.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact v1.0.0 not signed: https://api.github.com/repos/SAP/vscode-webview-rpc-lib/releases/152083132
- Warn: release artifact v1.0.0 does not have provenance: https://api.github.com/repos/SAP/vscode-webview-rpc-lib/releases/152083132
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 12 are checked with a SAST tool
Reason
12 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Score
3.4
/10
Last Scanned on 2025-07-14
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More