You should always update Cordova to the latest version. When a new version of Cordova is available you will receive an update message in your Terminal when you use it. In case you don't, you can still verify the outdated packages globally using the following command:
npm outdated -g --depth=0
That should generate the following output (according to the globally installed packages it may change):
As you can see, the cordova package is out of date, therefore is recommendable to update it. In this article, you'll learn all you need about updating the cordova CLI tools and the cordova platforms of a project.
Why should I verify and update cordova and the cordova platforms
There are a lot of reasons (some of them very obvious) of why you should be always up to date with your code. The most important, is to offer maintainability to your project, as time goes by there are security flaws discovered in the Cordova platform, that happened a couple of years ago, when Google Play warned all the developers with a published cordova application whose android platform was out of date, showing the following warning in the Google Play Console:
This is a notification that your --mycompany.packages.id--, is built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability. Under certain circumstances, vulnerable apps could be remotely exploited to steal sensitive information, such as user login credentials.
You should upgrade to Apache Cordova 3.5.1 or higher as soon as possible. For more information about the vulnerabilities, and for guidance on upgrading Apache Cordova, please see http://cordova.apache.org/announcements/2014/08/04/android-351.html.
Please note, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.
Well, to compromise the security of your user is already a reason of why you should always update your cordova application to its latest version.
Besides, we are not talking about of only update the platform of your cordova application, but the tools that you use to create cordova applications too (because the "Security Alert" refers to the version of Cordova used in the app, not the version of Cordova installed on your system, which may be different). Be sure that you always work with the latest cordova version in your development environment, so you will have the latest toys and functions that will make your development experience much better.
1. Verifying Cordova
You can verify the installed cordova version in Node.js executing the following command:
cordova -v REM or the long version cordova --version
Till the date (29-12-2016), the latest version is Cordova 6.4.0.
To update cordova is as easy to execute the following command:
npm update -g cordova
And you're ready to work with the latest version of Cordova and its latest tools.
2. Verifying Cordova platforms (Android, iOS, Windows)
You can verify the platforms of an existing project using
cordova platform version <PLATFORM_NAME> if you're located with the terminal in your project, e.g to verify the version of Android, you can execute the following command:
cordova platform version android
The execution of the previous command, should generate the following output:
Updating an existent platform
As mentioned in the reasons why you should update cordova, is the warning for developers in Android with the cordova version with security flaws, in case you have an existing platform but it's out of date, you can simply update it with , e.g you can update the android platform executing:
cordova platform update android
In order to update a platform it needs obviously to exist and be already installed, otherwise you'll get the following warning:
Error: Platform "android" is not yet added. See `cordova platform list`.
Once you execute the update command, you should get the following output:
Happy coding !
Become a more social person