Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@devforth/apkup
Advanced tools
Publish APKs to Google Play directly from the terminal
This package offers a streamlined way to publish packages in the Google Play Store.
A fork of playup.
Getting started with apkup
is pretty easy and straight forward.
Install the apkup
package globally or locally:
npm i -g apkup
apkup --help
# or if you just want to use the CLI locally
npx apkup --help
# or install the library into your project
npm i -D apkup
Then use the CLI:
apkup \
--key api.json \
--apk /path/to/Package.apk \
--deobfuscation /path/to/mapping.txt \ # optional
--release-notes "en-US=lorem ipsum dolor" \
--obbs /path/to/Expansion.obb \ # optional
--obbs /path/to/Expansion2.obb # optional
You can also specify each parameter via environment variables prefixed with APKUP_
(e.g. APKUP_KEY
or APKUP_APK
).
Or use the JavaScript library!
// typescript / modulejs
import { Apkup } = from 'apkup';
// or commonjs
const { Apkup } = require('apkup');
const apkup = new Apkup({
client_email: '',
private_key: ''
});
apkup
.upload('/path/to/apk', {
obbs: [
// optional expansion files (max 2)
'/path/to/somefile.obb'
],
releaseNotes: [
{
language: 'en-US',
text: 'Minor bug fixes...'
}
]
})
.then(data => {
console.log(` > ${data.packageName} version ${data.versionCode} is up!`);
});
First you have to create a Google Play API Access. To do that go to the Google Play Developer Console and then with the account owner go to Settings -> API access and create a Google Play Android Developer project.
After that follow the instructions to create a Service Account. When you click Create Client ID, choose Service Account. You will get a JSON file with a public key and the service email.
The created Service Account needs the following role:
See the full docs here.
See also the list of contributors who participated in this project.
FAQs
Publish APKs to Google Play Store
The npm package @devforth/apkup receives a total of 2 weekly downloads. As such, @devforth/apkup popularity was classified as not popular.
We found that @devforth/apkup demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.