Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@yarnpkg/core

Package Overview
Dependencies
Maintainers
6
Versions
158
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@yarnpkg/core - npm Package Versions

1
16

3.0.0-rc.5

Diff

yarnbot
published 3.0.0-rc.4 •

yarnbot
published 3.0.0-rc.3 •

arcanis
published 3.0.0-rc.2 •

arcanis
published 3.0.0-rc.1 •

arcanis
published 2.4.0 •

Changelog

Source

2.4.0

yarn set version 2.4.0

Installs

  • The resolution pipeline got reimplemented. We previously used a multi-pass approach where we performed SAT optimization between each pass, but after investigating it turned out the SAT optims had little impact and added performance bottlenecks. We now run the resolution using a much simpler and more efficient algorithm.

  • Linkers can now define custom data to cache between Yarn invocations. The builtin linkers new use those new capabilities to cache package information that can't change between runs. In practice, this translates into much faster recurrent installs (when running an install that adds few new packages, if any).

  • Warnings are now reported when packageExtensions rules are either unused or redundant with the original package definition.

  • Potentially breaking, but it was intended this way from the start: the packageExtensions field cannot be used to replace dependencies anymore (only to add missing ones). Prefer using the resolutions field to replace existing ones.

  • Progress bars are rendered less often, which should help performances on some terminals.

  • Aliased packages no longer include themselves in node_modules installs

CLI

  • The upgrade-interactive command will now only show upgrade suggestions for packages that have available upgrades (rather than all of them).

  • The upgrade-interactive command has received UI improvements that should make it easier to look at.

  • The yarn workspaces focus command will now only run the postinstall scripts for the focused workspaces.

  • A new yarn npm audit command lets you query audit information from the npm registry.

  • The yarn workspaces foreach command has a new flag, -R,--recursive, which will run a command on the current workspace and all others it depends on.

  • A new --skip-builds option on yarn install will let you skip the build scripts without impacting the generated Yarn artifacts (contrary to enableScripts, which would also stop unplugging the packages that would otherwise be unplugged due to containing build scripts).

Binaries

  • It's now possible to run dependency binaries when using the node-modules linker even if one of your other dependencies is reported as incompatible with your system.

  • By default Windows automatically requests for administrator rights before spawning any binary whose filename contains "install", "setup", "update", or "patch" (it thinks they are installers). We now explicitly opt-out of this behavior in the binary jumpers we use on Windows.

  • By default, arguments passed to MinGW-compiled programs are automatically expanded by a basic glob pattern engine. We now explicitly opt-out of this behavior in the binary jumpers we use on Windows.

  • The Windows binary jumpers will now report the right exit code.

Settings

  • Using empty fallbacks in Yarnrc environment variables (${VAR:-}) will now work.

  • You can now use the new logFilters setting to turn warnings into either errors or info, or to hide them entirely. Note that we plan to significantly improve the peer dependency warnings in the next release, so perhaps don't silence them just now even if you have a bunch of them.

Shell

  • Some shell errors (No matches found, Bad file descriptor, Unbound variable, Unbound argument) will now be recoverable errors that make the shell continue on to the next command in the chain instead of hard crashes. Fixes cases such as rm -rf ./inexistentFolder/* || true.

VSCode ZipFS Extension

  • The extension will now activate even if the workspace doesn't contain zip files (usually because you excluded them).

Compatibility

  • Some patches went missing for TypeScript <4. This is now fixed.

  • Calling fs.exists(undefined) won't crash anymore.

  • TypeScript import suggestions should now be correct even when the imported module is deep within a workspace.

  • TypeScript in watch mode (both using -w and within VSCode) will now detect new dependencies as you add them.

  • Some particular multi-dependency-trees setups will be better supported on Plug'n'Play installs.

  • Using ctrl+click on imports in VSCode won't take you to virtual packages anymore (require an SDK update).

arcanis
published 2.3.1 •

Changelog

Source

2.3.1

yarn set version 2.3.1

CLI

  • Take into account peer dependency defaults when inheriting workspace peer dependencies in the node_modules linker
arcanis
published 2.3.0 •

Changelog

Source

2.3.0

yarn set version 2.3.0

CLI

  • The yarn tag set of commands has been ported over from Yarn Classic as yarn npm tag.
  • Running yarn info will now print many information about your dependencies. Various options are available to tweak the output, including --json. Plugin authors can provide their own information sections via the fetchPackageInfo hook.
  • Running yarn stage with the -r,--reset flag will now unstage all changes that seem related to Yarn.
  • All commands now document each of their options (run yarn add -h to see an example).
  • Publish registry errors will now be reported as is rather than being collapsed into a generic error message.
  • A native binary jumper will now be used on Windows to avoid the Terminate batch job (Y/N)? prompts when invoking dependency binaries.

Installs

PnP API

The following changes only apply to the pnp linker (which is the default install strategy):

  • The pnpapi module now exposes a new function called getAllLocators allow you to access the list of all locators in the map without having to traverse the dependency tree. This method is considered a Yarn extension, so you should check for its existence if you plan to use it in your code.
  • When using a portal to a package that had peer dependencies, Yarn would loose the information required to resolve those peer dependencies. It will now properly resolve them the same way as all other packages in the dependency tree.

The following changes only apply to the node-modules linker:

  • The bin symlinks will now be properly removed from the node_modules/.bin folder as their corresponding dependencies are removed.
  • A new setting called nmHoistingLimits has appeared. It replaces what was previously known as nohoist in Yarn 1.
  • We are now more forgiving for packages that make incorrect assumptions about the hoisting layout by first trying to maximize package exposure at the top-level. Only after the top-level has been populated will we deduplicate the remaining packages.
  • Fixed some pathological cases around peer dependencies. In particular, workspaces' peer dependencies will now be resolved against their closest workspace ancestor (according to the directory hierarchy) rather than be ignored. Note that peer dependencies are inherently problematic with workspaces when using the node-modules linker, and that the strictly correct behavior can only be obtained by using the default Plug'n'Play linker.
  • Running install after an interrupted install is supported now and will result in a consistent install state

Shell

  • Added support for $$ and $PPID
  • Fixes some pathological globbing problems.

Bugfixes

  • The yarn constraints --fix command will now properly persist the changes on disk.
  • The yarn unplug command will now work when used on packages with peer dependencies.
  • The yarn stage command will now allow to stage files when called without the -c,--commit flag.
  • Fixes a performance regression when using FSEvents.

Miscellaneous

  • Removes extraneous subprocesses when using the yarnPath setting.

Third-party integrations

  • Updated the VSCode SDK to take into account changes in the TypeScript server protocol.
  • Added a few builtin extensions to improve compatibility with packages that weren't correctly listing their dependencies.
  • Updated the TypeScript patch to cover TypeScript 4.1.
arcanis
published 2.2.2 •

arcanis
published 2.2.1 •

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc