Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
@oclif/plugin-plugins
Advanced tools
@oclif/plugin-plugins
plugins plugin for oclif
What is this?
This plugin is used to allow users to install plugins into your oclif CLI at runtime. For example, in the Heroku CLI this is used to allow people to install plugins such as the Heroku Kafka plugin:
$ heroku plugins:install heroku-kafka
$ heroku kafka
This is useful to allow users to create their own plugins to work in your CLI or to allow you to build functionality that users can optionally install.
One particular way this is useful is for building functionality you aren't ready to include in a public repository. Build your plugin separately as a plugin, then include it as a core plugin later into your CLI.
Usage
First add the plugin to your project with yarn add @oclif/plugin-plugins, then add it to the package.json of the oclif CLI:
{
"name": "mycli",
"version": "0.0.0",
// ...
"oclif": {
"plugins": ["@oclif/plugin-help", "@oclif/plugin-plugins"]
}
}
Now the user can run any of the commands below to manage plugins at runtime.
Friendly names
To make it simpler for users to install plugins, we have "friendly name" functionality. With this, you can run mycli plugins:install myplugin and it will first check if @mynpmorg/plugin-myplugin exists on npm before trying to install myplugin. This is useful if you want to use a generic name that's already taken in npm.
To set this up, simply set the oclif.scope to the name of your npm org. In the example above, this would be mynpmorg.
Commands
mycli pluginsmycli plugins:install PLUGIN...mycli plugins:link PLUGINmycli plugins:uninstall PLUGIN...mycli plugins:update
mycli plugins
list installed plugins
USAGE
$ mycli plugins
OPTIONS
--core show core plugins
EXAMPLE
$ mycli plugins
See code: src/commands/plugins/index.ts
mycli plugins:install PLUGIN...
installs a plugin into the CLI
USAGE
$ mycli plugins:install PLUGIN...
ARGUMENTS
PLUGIN plugin to install
OPTIONS
-f, --force yarn install with force flag
-h, --help show CLI help
-v, --verbose
DESCRIPTION
Can be installed from npm or a git url.
Installation of a user-installed plugin will override a core plugin.
e.g. If you have a core plugin that has a 'hello' command, installing a user-installed plugin with a 'hello' command
will override the core plugin implementation. This is useful if a user needs to update core plugin functionality in
the CLI without the need to patch and update the whole CLI.
ALIASES
$ mycli plugins:add
EXAMPLES
$ mycli plugins:install myplugin
$ mycli plugins:install https://github.com/someuser/someplugin
$ mycli plugins:install someuser/someplugin
See code: src/commands/plugins/install.ts
mycli plugins:link PLUGIN
links a plugin into the CLI for development
USAGE
$ mycli plugins:link PLUGIN
ARGUMENTS
PATH [default: .] path to plugin
OPTIONS
-h, --help show CLI help
-v, --verbose
DESCRIPTION
Installation of a linked plugin will override a user-installed or core plugin.
e.g. If you have a user-installed or core plugin that has a 'hello' command, installing a linked plugin with a 'hello'
command will override the user-installed or core plugin implementation. This is useful for development work.
EXAMPLE
$ mycli plugins:link myplugin
See code: src/commands/plugins/link.ts
mycli plugins:uninstall PLUGIN...
removes a plugin from the CLI
USAGE
$ mycli plugins:uninstall PLUGIN...
ARGUMENTS
PLUGIN plugin to uninstall
OPTIONS
-h, --help show CLI help
-v, --verbose
ALIASES
$ mycli plugins:unlink
$ mycli plugins:remove
See code: src/commands/plugins/uninstall.ts
mycli plugins:update
update installed plugins
USAGE
$ mycli plugins:update
OPTIONS
-h, --help show CLI help
-v, --verbose
See code: src/commands/plugins/update.ts
Other packages similar to @oclif/plugin-plugins
yeoman-environment
Yeoman Environment handles the lifecycle and bootstrapping of generators in the Yeoman ecosystem. It provides functionalities to register, load, and run generators, which are similar to plugins in Oclif. However, it is more focused on scaffolding projects rather than managing CLI plugins.
commander
Commander is a popular Node.js library for building command-line interfaces. While it does not have built-in support for managing plugins, it provides a flexible API for defining commands and options, which can be extended to support plugin-like functionality.
inquirer
Inquirer is a library for creating interactive command-line prompts. It can be used in conjunction with other CLI frameworks to enhance user interaction. While it does not manage plugins directly, it can be integrated into a CLI application to provide a better user experience.
Keywords
FAQs
plugins plugin for oclif
The npm package @oclif/plugin-plugins receives a total of 405,558 weekly downloads. As such, @oclif/plugin-plugins popularity was classified as popular.
We found that @oclif/plugin-plugins demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 06 Feb 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025