The AppBuilder team continues to roll out new changes for the platform. Read on for more information about our latest update—improved plugin support.
The AppBuilder team is proud to unveil a big change in our build infrastructure—you can now use almost any NativeScript plugin. We have also improved our support for Cordova plugins, but there's more work to be done. In order to understand where we are headed, let me give you a bit of background on the challenges we faced when we created our build services.
The core value of the Telerik Platform is providing developers with a stable, dependable and tested environment. Having a stable environment enables developers to concentrate on the important part of their daily work without worrying about the complexities that go into creating a complete development environment for building mobile applications.
When we started on the product five years ago, the Cordova framework was still immature. There was no Cordova CLI yet and the framework changed frequently. What's more, we had to support multiple concurrent builds in an efficient, secure and scalable manner.
Later on, NativeScript arrived. This was an exciting development, but it came with its own plugins model that added even more technical challenges.
These were tough engineering problems and the team had to make many difficult choices while developing our service.
One of the core hurdles to overcome was hardening the security of our cloud infrastructure. An adversary could create a malicious app and try to exploit a weakness. It could lead to accessing other customers' projects, launching a denial of service attack and so on.
To counter these security problems, we allowed only plugins from the Verified Plugins Marketplace to execute code during build. If you haven't used the marketplace before, we use it to publish plugins that we had reviewed and vetted for performance and safety in your applications.
The Technical Details
Over the last few years, the technology landscape changed. Docker containers did not exist when we started. MacOS sandboxing was still new and did not work for AppBuilder cloud builds. However, now these tools are mature, well understood and work well for many different cases.
These technological advancements enabled us to significantly improve our build system. Now all the builds are sandboxed with strong security constraints. A buggy or malicious script simply does not have enough rights to do any damage to your code or our infrastructure, even when untrusted code is allowed.
This enables us to greatly relax the limits on which plugins you can use. Now you can use many NativeScript plugins as you’d like, even when they come from npmjs.org, embedded in the project as custom code (the file:// schema in package.json) or from our Plugins Marketplace.
NOTE: The NativeScript plugins that will work in Telerik Platform are plugins that have before- and after-prepare hooks (which are also executed during build) and are within the security limitations that we set up. These hooks are scripted actions the plugin developer can use to customize installation of the plugin to suit the particular app. They can alter your file system and much more, making them potentially dangerous.
We are implementing the same enhancement for our Cordova builds, and we will be ready with them in one of our next releases. However, they have a very important limitation left in place. Only a plugin’s pre- and post-install hooks are ever executed, regardless of its origin. We know about this limitation and are exploring ways to support all Cordova CLI plugin hooks in the future.
Give Us Feedback
We’re really excited about these changes and the drastically increased latitude and abilities that they provide you as a mobile developer. We have been relentlessly pursuing the best mobile development experience and this is yet another huge step in that direction.
We always strive to improve our service. Please give us your feedback using our portal.