My journey with Flutter packages began when I had to build one from scratch. Today, I am excited to share my experiences and insights on this topic. I even discussed it at Google I/O'23, but here we are for those who truly want to understand the concepts and build their own packages.

Understanding Packages and Plugins

Package

A package is a collection of self contained dart code that consists of libraries, resources, apps, tests, images, fonts and examples. They are independent of any native platforms. For instance, they can be used for the implementation of UI components.

Plugin

A plugin contains platform specific and APIs written in Dart code. Plugins are essential for accessing device features such as device camera.

Dependency Management

Before diving into the anatomy of package creation, it is important to understand that dependency management allows developers to track and manage dependencies from their flutter projects which they might use to quickly implement features in the project. This includes tracking versions of packages that a project depends on and ensuring that those packages are compatible with each other.

When a package is added to a project, it becomes a dependency. There are three types of dependency configurations:

• dependencies
• dev dependencies
• dependency overrides

The difference between these configurations is simple:

• dependencies and dependency_overrides are packages available in the project after compilation.
• dev_dependencies are only available in the development environment.

Classification of Dependencies

Dependencies can be classified into:

• Intermediate dependencies: Directly associated with the project.
• Transitive dependencies: Packages that depend on other packages.

Versioning

When dependencies have been added along with constraints, the lock file generated by the app will use only specific versions that have been added.

Taking the image as example above, package_a and package_c has been added in dependencies, while package_b is in dev dependencies, and package c is in dependency override. The lock file will be using Package_c of version 2.1.0 instead of the one added in "dependencies".

Creating a Flutter Package

Now, let's get into the actual process of creating a Flutter package. Use the following command to create a package:

flutter packages pub publish

1. [packages] - manage packages in your flutter project
2. [pub] - validation used to check any issues or missing information in your package
3. [publish] - publish command will publish the package

Packages can be published publicly or privately, depending on your use case. Private packages cannot be published on pub.dev. Instead, they can be hosted on platforms like GitHub or other Dart repositories as a service, such as:

• OnePub
• Cloudsmith
• Ifrog repository
• Jetbrains Space

Leveraging onto OnePub

To connect with OnePub and publish your package, follow these steps:

flutter pub global active onepub 
cd <my package>
flutter pub publish

To host the package privately, use publish to in order to point to your repository:

Once published, you can host your package privately, ensuring it remains accessible only to those you authorize.

Security Considerations

• Use --obfuscate for making it difficult for attackers to reverse engineer codes.
• Audit code and dependencies often to ensure they do not introduce security vulnerabilities.
• Check for security or vulnerabilities if third-party dependency is used.
• Remove sensitive information so that attackers do not gain unauthorized access.
• Scan for vulnerabilities as it helps in identifying and addressing security issues.

And that’s it for creating Flutter packages. Please feel free to add to this in the comment if needed so we can all learn together.

References

Publishing packages

Learn how to publish a Dart package to pub.dev.

Dart

Developing packages & plugins

How to write packages and plugins for Flutter.

Flutter Logo

Package dependencies

Add other packages to your app. Specify package locations, version constraints, and more.

Dart

And huge thank you to Mr Abhi, my friend for helping me with proof reading and Sir Auwal and Jide for advices.

About Me

I am Zaahra, a Google Women Techmakers Ambassador who enjoy mentoring people and writing about technical contents that might help people in their developer journey. I also enjoy building stuffs to solve real life problems.

To reach me:

LinkedIn: https://www.linkedin.com/in/faatimah-iz-zaahra-m-0670881a1/

X (previously Twitter): _fz3hra

GitHub: https://github.com/fz3hra

Cheers,

Umme Faatimah-Iz-Zaahra Mujore | Google Women TechMakers Ambassador | Software Engineer