Product
Introducing Supply Chain Attack Campaigns Tracking in the Socket Dashboard
Campaign-level threat intelligence in Socket now shows when active supply chain attacks affect your repositories and packages.
By Philipp Burckhardt - Jan 21, 2026
🚀 Launch Week Day 3:Introducing Supply Chain Attack Campaigns Tracking.Learn More →
@yarnpkg/plugin-npm
Advanced tools
@yarnpkg/plugin-npm
This plugin adds support for downloading packages from the npm registry.
Install
This plugin is included by default in Yarn.
Attribution
Provenance code adapted from npm/cli, under ISC license.
FAQs
Unknown package
The npm package @yarnpkg/plugin-npm receives a total of 72,215 weekly downloads. As such, @yarnpkg/plugin-npm popularity was classified as popular.
We found that @yarnpkg/plugin-npm demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 07 Nov 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
PyPI Package Impersonates SymPy to Deliver Cryptomining Malware
Malicious PyPI package sympy-dev targets SymPy users, a Python symbolic math library with 85 million monthly downloads.
By Kirill Boychenko - Jan 21, 2026
Security News
Node.js 25.4.0 Ships with Stable require(esm)
Node.js 25.4.0 makes require(esm) stable, formalizing CommonJS and ESM compatibility across supported Node versions.
By Sarah Gooding - Jan 21, 2026