Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
@yarnpkg/libzip
Advanced tools
@yarnpkg/libzip is a library that provides functionalities for working with ZIP archives. It is part of the Yarn package manager's ecosystem and allows for creating, reading, and manipulating ZIP files programmatically.
Creating a ZIP Archive
This code demonstrates how to create a ZIP archive and add a file to it using @yarnpkg/libzip. The `makeInterface` function initializes the libzip interface, and `ZipFS` is used to create and manipulate the ZIP file.
const { makeInterface } = require('@yarnpkg/libzip');
const { ZipFS } = require('@yarnpkg/fslib');
(async () => {
const libzip = await makeInterface();
const zipFs = new ZipFS(null, { libzip });
zipFs.writeFileSync('/file.txt', 'Hello, world!');
zipFs.saveAndClose();
})();
Reading a ZIP Archive
This code demonstrates how to read a ZIP archive and extract a file's content using @yarnpkg/libzip. The ZIP file is read from the filesystem, and `ZipFS` is used to access and read the file within the archive.
const { makeInterface } = require('@yarnpkg/libzip');
const { ZipFS } = require('@yarnpkg/fslib');
const fs = require('fs');
(async () => {
const libzip = await makeInterface();
const zipData = fs.readFileSync('archive.zip');
const zipFs = new ZipFS(zipData, { libzip });
const content = zipFs.readFileSync('/file.txt', 'utf8');
console.log(content); // Outputs: Hello, world!
})();
Listing Files in a ZIP Archive
This code demonstrates how to list all files in a ZIP archive using @yarnpkg/libzip. The ZIP file is read from the filesystem, and `ZipFS` is used to list the files within the archive.
const { makeInterface } = require('@yarnpkg/libzip');
const { ZipFS } = require('@yarnpkg/fslib');
const fs = require('fs');
(async () => {
const libzip = await makeInterface();
const zipData = fs.readFileSync('archive.zip');
const zipFs = new ZipFS(zipData, { libzip });
const files = zipFs.readdirSync('/');
console.log(files); // Outputs: ['file.txt']
})();
ADM-ZIP is a pure JavaScript implementation for ZIP file handling. It provides similar functionalities to @yarnpkg/libzip, such as creating, reading, and extracting ZIP files. ADM-ZIP is widely used and has a straightforward API, making it a good alternative for ZIP file manipulation.
JSZip is a library for creating, reading, and editing .zip files with a JavaScript API. It is highly popular and well-documented, offering a range of features similar to @yarnpkg/libzip. JSZip is known for its ease of use and compatibility with both Node.js and browser environments.
node-stream-zip is a library for working with ZIP archives in a streaming manner. It allows for efficient reading and extraction of large ZIP files without loading the entire archive into memory. This makes it a good choice for handling large ZIP files compared to @yarnpkg/libzip.
@yarnpkg/libzip
This package contains a wasm-compiled version of the libzip.
artifacts/build.sh
artifacts/build.sh
scriptartifacts/exported.json
sources/index.ts
artifacts/build.sh
script2.3.0
yarn set version 2.3.0
yarn tag
set of commands has been ported over from Yarn Classic as yarn npm tag
.yarn info
will now print many information about your dependencies. Various options are available to tweak the output, including --json
. Plugin authors can provide their own information sections via the fetchPackageInfo
hook.yarn stage
with the -r,--reset
flag will now unstage all changes that seem related to Yarn.yarn add -h
to see an example).Terminate batch job (Y/N)?
prompts when invoking dependency binaries.The following changes only apply to the pnp
linker (which is the default install strategy):
pnpapi
module now exposes a new function called getAllLocators
allow you to access the list of all locators in the map without having to traverse the dependency tree. This method is considered a Yarn extension, so you should check for its existence if you plan to use it in your code.The following changes only apply to the node-modules
linker:
node_modules/.bin
folder as their corresponding dependencies are removed.nmHoistingLimits
has appeared. It replaces what was previously known as nohoist
in Yarn 1.node-modules
linker, and that the strictly correct behavior can only be obtained by using the default Plug'n'Play linker.$$
and $PPID
yarn constraints --fix
command will now properly persist the changes on disk.yarn unplug
command will now work when used on packages with peer dependencies.yarn stage
command will now allow to stage files when called without the -c,--commit
flag.yarnPath
setting.FAQs
Unknown package
The npm package @yarnpkg/libzip receives a total of 586,134 weekly downloads. As such, @yarnpkg/libzip popularity was classified as popular.
We found that @yarnpkg/libzip demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.