What is manifest?

A manifest is a simple text file that lists important information about a software package or web application. It tells the operating system, browser, or runtime what the package contains, how it should be installed, and what permissions or features it needs.

Let's break it down

  • File format: Usually JSON (web) or XML (Android) but can also be plain text.
  • Key fields: name, version, description, icons, start URL, required permissions, supported platforms.
  • Location: Placed at the root of the project (e.g., manifest.json for PWAs, AndroidManifest.xml for Android apps).
  • Purpose: Acts like a table of contents and a set of rules that the host environment reads before loading the app.

Why does it matter?

The manifest gives the host environment a quick, standardized way to understand what the app is and how it should behave. This helps with:

  • Correct installation and updates
  • Security (by declaring required permissions)
  • User experience (icons, display mode, launch behavior)
  • Compatibility across different devices and browsers

Where is it used?

  • Android apps - AndroidManifest.xml defines activities, services, permissions, etc.
  • Progressive Web Apps (PWAs) - manifest.json tells browsers about icons, theme colors, and how the app should appear when “installed”.
  • Browser extensions - manifest.json lists scripts, permissions, and UI elements.
  • Docker containers - manifest.json describes image layers and architecture.
  • Microsoft Windows apps - appxmanifest.xml for UWP apps.

Good things about it

  • Provides a clear, machine‑readable summary of an app’s requirements.
  • Enables automatic handling by platforms (install, update, launch).
  • Improves security by forcing developers to declare needed permissions.
  • Enhances user experience with consistent icons and launch behavior.
  • Makes apps portable across different environments that understand the same manifest format.

Not-so-good things

  • Extra file to maintain; forgetting to update it can cause bugs or broken installs.
  • Misconfigured permissions can expose users to security risks.
  • Some platforms have strict validation rules, making debugging tricky for beginners.
  • Large manifests can become hard to read if not organized well.
  • Relying solely on the manifest may give a false sense of security; runtime checks are still needed.