Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Jetifier is an npm package used to convert Android support libraries in a project to their corresponding AndroidX libraries. This is particularly useful when migrating a React Native project or any Android project that uses older support libraries to the newer AndroidX libraries.
Convert Android support libraries to AndroidX
This command converts all the Android support libraries in your project to their corresponding AndroidX libraries. It scans through your project's node_modules and updates the necessary files.
npx jetify
Revert AndroidX libraries back to support libraries
This command reverts the changes made by Jetifier, converting AndroidX libraries back to the original Android support libraries. This can be useful if you need to roll back the migration for any reason.
npx jetify -r
The jetifier AndroidX transition tool in npm format, with a react-native compatible style
Note that jetifier is included and ran automatically with react-native-community/cli for React Native versions 0.60 and above, so you do not need to install and run jetifier manually.
If you use React Native modules with native Java code that isn't converted to AndroidX, and your app is AndroidX, you probably need this.
Why?
The standard AndroidX migration rewrites your current installed source code, and at build time dynamically re-writes any linked jar/aar/zip files. This is all a "normal" Android app needs.
React Native apps are not standard Android apps. React Native modules with native Java code usually distribute that code as source, and link the source code directly.
When you update your modules (or install them again after following the standard AndroidX migration), the freshly installed Java code from your react-native dependencies will not be translated to AndroidX anymore, and your build will fail.
So you have to perform an AndroidX migration on your linked source every time you update react native modules that ship native Java code. That is what this tool does - it can rewrite the source in node_modules every time you call it.
Imagine you have a react-native project. One of your library dependencies converts to AndroidX., and you need to use the new version.
So now you need to convert your app to AndroidX, but many of your react-native libraries ship native Java code and have not updated. How is this done?
npm install --save-dev jetifier
npx jetify
npx react-native run-android
(your app should correctly compile and work)npx jetify
run in the postinstall target of your package.json (Any time your dependencies update you have to jetify again)As noted above, jetify is ran for you automatically in React Native versions 0.60 and above.
Proof it works / how this is tested: https://github.com/mikehardy/rn-androidx-demo. You can clone that repo, run the script, and see it works. Please feel to make PRs to that repo, especially in App.js or in the dependencies included, if you would like to demonstrate success or failure for a specific module.
Inspiration: this jetify command was based on an idea from @janicduplessis - thank you Janic!
Performance: the reason this thing is so fast you probably did not know you were using it is because Yassine Fathi / @m4tt72 rewrote the original proof-of-concept in javascript - thank you Yassine!
Maybe you are in the position where you must not migrate to AndroidX yet. But your libraries have started to migrate and they ship AndroidX native Java code.
You can convert them back with reverse-jetify mode
Follow steps 2 through 5 above (to install jetifier), but add the -r
flag to the npx jetify
call to use it in reverse mode.
If a library ships only as a jar/aar/zip file, you will have to use jetifier-standalone to convert that as well, but you can delay the AndroidX migration indefinitely with this style.
You may be a library maintainer, wanting to ship an AAR of your support code converted to AndroidX, or maybe you ship an AAR normally and you want to continue to support your non-AndroidX users even after you convert your library to AndroidX?
As part of your build process you can use this tool like so:
npm install jetifier
(or maybe npm install -g jetifier
to make it globally available)npx jetifier-standalone <your arguments here>
(use npx jetifier-standalone -h
for help)I have not altered the jetifier-standalone distribution in any way.
Other than the npm-specific instructions, consult the official jetifier documentation
Note that this is implemented for you if you integrate the bob build tool
Unfortunately jetifier can't solve all your problems. Here are some reasons it could fail:
ENOENT: no such file or directory, stat 'node_modules/fsevents/node_modules/.bin/node-pre-gyp'
- if so try something like npm -i --save-dev node-pre-gyp
, see #22*
) - like import android.support.v4.content.*
. This is a problem with the library, they should not use wildcards, they should use concrete imports. Open upstream issues with the library and use the excellent patch-package
in the meantime to fix them until the library is updated. Example in react-native-navigationSo far there has not been a case of npx jetify
failing that wasn't based in an error in a library, so if you have a problem please examine the error and the dependency very closely and help the libraries with fixes.
One of the goals of this library is to enable module maintainers to support their AndroidX app users and their pre-AndroidX users at the same time, from the same codebase, so the react-native 0.59 -> 0.60 transition is smoother.
Maintainers will potentially have to make a few changes for that to work well though.
Here are the areas libraries may need to change to work well for AndroidX and pre-AndroidX apps at the same time:
Please feel free to pull requests or log issues, especially to update versions if I somehow fail to notice an update.
I have tried to make it easy for contributors to propose changes, by providing a test suite so you can safely make a change and see if it works.
I have continuous integration enabled so we can prove changes work and you can make changes safely, it should pass those tests before you submit for review.
You may need to fork the test suite rn-androidx-demo if you need to add a new react-native module to test, or if you are doing something other than modifying 'jetify' (for instance if you install a python or javascript version - you'll need to copy the git version of your new script-under-test in rn-androidx-demo/make-demo.sh so it is testing your changes). Then you would alter the .travis.yml temporarily to point to your fork of rn-androidx-demo so that your jetifier changes were working against the updated test suite. That's all pretty annoying and I will probably move the test suite so it is internal to jetifier in the future (PRs to do that welcome...)
Thanks!
2.0.0
FAQs
jetifier from Android Studio, in npm package format
The npm package jetifier receives a total of 451,003 weekly downloads. As such, jetifier popularity was classified as popular.
We found that jetifier demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.