New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

yarn-plugin-apt

Package Overview
Dependencies
Maintainers
1
Versions
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

yarn-plugin-apt

Yarn plugin to resolve dependencies from packages installed via apt

latest
npmnpm
Version
1.0.0
Version published
Maintainers
1
Created
Source

yarn-apt plugin

This yarn plugin allows apt-installed packages satisfy a Nodejs project's dependencies.

Getting started

Prerequisites

  • Install Yarn from apt
    apt install yarnpkg
  • Install nodepath
    apt install pkg-js-tools

Local plugin development

  • Clone the repository
    git clone https://salsa.debian.org/izzygala/yarn-plugin-apt.git
  • cd into plugin folder (All the remaining commands should be run in this folder)
  • Set Yarn version to berry
    yarnpkg set version berry
  • Install plugin dependencies
    yarnpkg install
  • Build plugin
    yarnpkg run build or yarnpkg builder build plugin

Adding plugin to your project

  • cd into your Nodejs project's folder (All the remaining commands should be run in this folder)
  • Initialise Yarn (Skip if package.json already exists)
    yarnpkg init
  • Set Yarn version to berry
    yarnpkg set version berry
  • Set Yarn version to latest upstream (You need to symlink yarn command to yarnpkg command using ln -s /path/to/bin/folder/yarnpkg /path/to/bin/folder/yarn and uninstall cmdtest for this command to work. You can destroy the symlink after this command using rm /path/to/bin/folder/yarn)
    yarnpkg set version from sources
  • Import plugin
    yarnpkg plugin import path/to/plugin/folder/bundles/@yarnpkg/plugin-apt.js

Usage

CommandUseOptionsExample
yarnpkg apt-add <package name>@<package version or package semver range>This will add the specified package from locally available apt packages-D: Adds as a dev dependency, -P: Adds as a peer dependencyyarnpkg apt-add enhanced-resolve@5.9.2, yarnpkg apt-add enhanced-resolve@^5.0.0, yarnpkg apt-add enhanced-resolve@~5.9.0
yarnpkg apt-installThis will add all dependencies listed in package.json from locally available apt packagesNilyarnpkg apt-install
yarnpkg apt-resetThis will remove all occurrences of apt in package.json and leave only dependency versions/rangesNilyarnpkg apt-reset

Note

Dependencies are gotten from npm when:

  • The dependency is not locally available through apt
  • The locally available apt package's version doesn't satisfy the requested version or range
  • The locally available apt package contains symlinks
  • The locally available apt package contains wrong dependency versions in its package.json

Acknowledgements

The Sponsors:
Debian js-team and Outreachy Internships

The Mentors:
Pirate Praveen
Akshay S Dinesh

Past Interns:
Sunday Nkwuda
Ajayi Olatunji

Every member of the Debian js-team

FAQs

Package last updated on 30 Nov 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026