Security News
npm Updates Search Experience with New Objective Sorting Options
npm has a revamped search experience with new, more transparent sorting options—Relevance, Downloads, Dependents, and Publish Date.
@yarnpkg/core
Advanced tools
@yarnpkg/core is a core library for the Yarn package manager, providing essential functionalities for managing dependencies, workspaces, and scripts in JavaScript projects. It allows developers to programmatically interact with Yarn's features, making it easier to automate and customize package management tasks.
Dependency Management
This code demonstrates how to programmatically install dependencies for a project using @yarnpkg/core. It initializes the configuration and project, then calls the install method to install the dependencies.
const { Configuration, Project } = require('@yarnpkg/core');
const { npath } = require('@yarnpkg/fslib');
(async () => {
const configuration = await Configuration.find(npath.toPortablePath(__dirname), null, {
useRc: false,
});
const { project } = await Project.find(configuration, npath.toPortablePath(__dirname));
await project.install();
})();
Workspace Management
This code demonstrates how to list all workspaces in a project using @yarnpkg/core. It initializes the configuration and project, then iterates over the workspaces to log their paths.
const { Configuration, Project } = require('@yarnpkg/core');
const { npath } = require('@yarnpkg/fslib');
(async () => {
const configuration = await Configuration.find(npath.toPortablePath(__dirname), null, {
useRc: false,
});
const { project } = await Project.find(configuration, npath.toPortablePath(__dirname));
const workspaces = project.workspaces;
workspaces.forEach(workspace => {
console.log(`Workspace: ${workspace.cwd}`);
});
})();
Script Execution
This code demonstrates how to execute a script in a workspace using @yarnpkg/core. It initializes the configuration and project, retrieves the workspace, and then executes the 'build' script.
const { Configuration, Project, scriptUtils } = require('@yarnpkg/core');
const { npath } = require('@yarnpkg/fslib');
(async () => {
const configuration = await Configuration.find(npath.toPortablePath(__dirname), null, {
useRc: false,
});
const { project } = await Project.find(configuration, npath.toPortablePath(__dirname));
const workspace = project.getWorkspaceByCwd(npath.toPortablePath(__dirname));
await scriptUtils.executeWorkspaceScript(workspace, 'build', []);
})();
npm is the default package manager for Node.js and provides functionalities for managing dependencies, scripts, and versioning. Unlike @yarnpkg/core, npm does not offer a core library for programmatic access, but it provides a CLI tool that covers similar functionalities.
pnpm is a fast, disk space-efficient package manager that also supports workspaces and dependency management. It offers a CLI tool similar to Yarn but does not provide a core library like @yarnpkg/core for programmatic access.
Lerna is a tool for managing JavaScript projects with multiple packages, providing functionalities for versioning, publishing, and dependency management. It is similar to Yarn Workspaces but focuses more on monorepo management and does not offer a core library for programmatic access.
FAQs
Unknown package
The npm package @yarnpkg/core receives a total of 277,124 weekly downloads. As such, @yarnpkg/core popularity was classified as popular.
We found that @yarnpkg/core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
npm has a revamped search experience with new, more transparent sorting options—Relevance, Downloads, Dependents, and Publish Date.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.