Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Jetifier is an npm package used to convert Android support libraries in a project to their corresponding AndroidX libraries. This is particularly useful when migrating a React Native project or any Android project that uses older support libraries to the newer AndroidX libraries.
Convert Android support libraries to AndroidX
This command converts all the Android support libraries in your project to their corresponding AndroidX libraries. It scans through your project's node_modules and updates the necessary files.
npx jetify
Revert AndroidX libraries back to support libraries
This command reverts the changes made by Jetifier, converting AndroidX libraries back to the original Android support libraries. This can be useful if you need to roll back the migration for any reason.
npx jetify -r
The jetifier AdnroidX transition tool in npm format, with a react-native compatible style
npm install jetifier
(or maybe npm install -g jetifier
to make it globally available)npx jetifier-standalone <your arguments here>
(use npx jetifier-standalone -h
for help)I have not altered the jetifier-standalone distribution in any way.
Other than the npm-specific instructions, consult the official jetifier documentation
Imagine you are a react-native project and one of your library dependencies converts to AndroidX. Now you need to convert your app, but react-native links source code directly and jetifier doesn't handle that.
If there was a way to take your react-native dependencies and convert them, then you could convert your app and use AndroidX dependencies.
There is a way.
npm install --save-dev jetifier
(or use yarn, but install it locally in your project, not globally)npx jetify
or npx jetify -w=1
(to specify the number of parallel workers)npx react-native run-android
(this should compile and work)npx jetify
run in the postinstall target of your package.json so you don't forget to run it after installing or updating packagesPlease note that any time you install a new dependency, or reinstall node modules, you will need to run npx jetify
again.
I demonstrate exactly this with a huge pile of native modules here: https://github.com/mikehardy/rn-androidx-demo. You can clone that repo, run the script, and see it works. Please feel to make PRs to that repo, especially in App.js or in the dependencies included, if you would like to demonstrate success or failure for a specific module.
Inspiration: this jetify command was based on an idea from @janicduplessis - thank you Janic!
Unfortunately jetifier can't solve all your problems. Here are some reasons it could fail:
So far there has not been a case of npx jetify
failing that wasn't based in an error in a library, so if you have a problem please examine the error and the dependency very closely and help the libraries with fixes.
Jetify is a bash script so you need an updated WSL to make it work with bash, find and sed installed.
First install jetifier from a Windows command prompt:
npm i --save-dev jetifier
Then from WSL, you can run it using:
npx jetify
...or if that doesn't work
./bin/node_modules/jetify
In testing, it appeared that performance improved up to the number of virtual cores on a system, and then was flat but did not degrade after that no matter how many extra workers there were. So the default of 20 should result in maximum performance on even powerful systems, but smaller CI virtual machines should be fine as well. Your mileage may vary.
Please feel free to pull requests or log issues, especially to update versions if I somehow fail to notice an update. Thanks!
1.3.2
FAQs
jetifier from Android Studio, in npm package format
The npm package jetifier receives a total of 451,003 weekly downloads. As such, jetifier popularity was classified as popular.
We found that jetifier demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.