Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
@yarnpkg/fslib
Advanced tools
@yarnpkg/fslib is a library that provides a set of utilities for working with the filesystem in a more abstract and high-level way. It is part of the Yarn package manager's ecosystem and is designed to facilitate file system operations, especially in the context of Yarn's plugin architecture.
Path manipulation
This feature allows you to convert native paths to portable paths and vice versa. This is useful for ensuring that paths are consistent across different operating systems.
const { npath } = require('@yarnpkg/fslib');
const nativePath = npath.toPortablePath('/some/native/path');
console.log(nativePath); // Outputs: /some/native/path
File reading and writing
This feature provides asynchronous methods for reading and writing files. It simplifies file operations by providing promise-based APIs.
const { xfs } = require('@yarnpkg/fslib');
(async () => {
const filePath = '/path/to/file.txt';
await xfs.writeFilePromise(filePath, 'Hello, world!');
const content = await xfs.readFilePromise(filePath, 'utf8');
console.log(content); // Outputs: Hello, world!
})();
Directory operations
This feature allows you to perform directory operations such as creating directories and reading their contents. It supports recursive directory creation.
const { xfs } = require('@yarnpkg/fslib');
(async () => {
const dirPath = '/path/to/directory';
await xfs.mkdirPromise(dirPath, { recursive: true });
const files = await xfs.readdirPromise(dirPath);
console.log(files); // Outputs: list of files in the directory
})();
fs-extra is a popular library that extends the native Node.js fs module with additional methods and promises. It provides similar functionalities to @yarnpkg/fslib, such as file and directory operations, but it is more general-purpose and not specifically tied to the Yarn ecosystem.
node-fs is another library that extends the native fs module with additional features like recursive directory creation and symbolic link support. It offers similar capabilities to @yarnpkg/fslib but is less focused on path manipulation and more on enhancing the core fs module.
graceful-fs is a drop-in replacement for the native fs module that improves its reliability, especially under heavy load. While it doesn't offer as many high-level utilities as @yarnpkg/fslib, it ensures more robust file system operations.
@yarnpkg/fslib
A TypeScript library abstracting the Node filesystem APIs. We use it for three main reasons:
Our library has two path types, NativePath
and PortablePath
. Most interfaces only accept the later, and instances of the former need to be transformed back and forth using our type-safe utilities before being usable.
The FSLib implements various transparent filesystem layers for a variety of purposes. For instance we use it in Yarn in order to abstract away the zip archive manipulation logic, which is implemented in ZipFS
and exposed through a Node-like interface (called FakeFS
).
All FakeFS
implementations can be transparently layered on top of the builtin Node fs
module, and that's for instance how we can add support for in-zip package loading without you having to care about the exact package format.
All methods from the FakeFS
interface are promisified by default (and suffixed for greater clarity, for instance we offer both readFileSync
and readFilePromise
).
3.0.0
yup
anymore (we migrated to Typanion as part of Clipanion v3).
workspace-tools
, remove it from your .yarnrc.yml
, upgrade, then import it back.enableImmutableInstalls
will now default to true
on CI (we still recommend to explicitly use --immutable
on the CLI).
YARN_ENABLE_IMMUTABLE_INSTALLS=false
in your environment variables.initVersion
and initLicense
configuration options have been removed. initFields
should be used instead..pnp.cjs
files (instead of .pnp.js
) when using PnP, regardless of what the type
field inside the manifest is set to.$$virtual
into __virtual__
.-a
alias flag of yarn workspaces foreach
got removed; use -A,--all
instead, which is strictly the same..vscode/pnpify
) won't be cleaned up anymore.--skip-builds
flag from yarn install
got renamed into --mode=skip-build
.bstatePath
configuration option has been removed. The build state (.yarn/build-state.yml
) has been moved into the install state (.yarn/install-state.gz
)@yarnpkg/pnpify
has been refactored into 3 packages:
@yarnpkg/sdks
now contains the Editor SDKs@yarnpkg/pnpify
now contains the PnPify CLI compatibility tool that creates in-memory node_modules
@yarnpkg/nm
now contains the node_modules
tree builder and hoister@yarnpkg/plugin-node-modules
has been renamed to @yarnpkg/plugin-nm
--clipanion=definitions
commands supported by our CLIs will now expose the definitions on the entry point (rather than on .command
)structUtils.requirableIdent
got removed; use structUtils.stringifyIdent
instead, which is strictly the same.configuration.format
got removed; use formatUtils.pretty
instead, which is strictly the same, but type-safe.httpUtils.Options['json']
got removed; use httpUtils.Options['jsonResponse']
instead, which is strictly the same.PackageExtension['description']
got removed, use formatUtils.json(packageExtension, formatUtils.Type.PACKAGE_EXTENSION)
instead, which is strictly the same.Project.generateBuildStateFile
has been removed, the build state is now in Project.storedBuildState
.Project.tryWorkspaceByDescriptor
and Project.getWorkspaceByDescriptor
now match on virtual descriptors.Workspaces now get self-references even when under the node-modules
linker (just like how it already worked with the pnp
linker). This means that a workspace called foo
can now safely assume that calls to require('foo/package.json')
will always work, removing the need for absolute aliases in the majority of cases.
The node-modules linker now does its best to support the portal:
protocol. This support comes with two important limitations:
--preserve-symlinks
Node option if they wish to access their dependencies.portal:
must be hoisted outside of the portal. Failing that (for example if the portal package depends on something incompatible with the version hoisted via another package), the linker will produce an error and abandon the install.The node-modules linker can now utilize hardlinks. The new setting nmMode: classic | hardlinks-local | hardlinks-global
specifies which node_modules
strategy should be used:
classic
- standard node_modules
layout, without hardlinkshardlinks-local
- standard node_modules
layout with hardlinks inside the project onlyhardlinks-global
- standard node_modules
layout with hardlinks pointing to global content storage across all the projects using this optionnode-modules
linker will now ensure that the generated install layouts are terminal, by doing several rounds when needed.node-modules
linker will no longer print warnings about postinstall scripts when a workspace depends on another workspace listing install scripts.${ENV_VAR}
syntax.preinstall
, install
, postinstall
fail, the remaining scripts will be skipped.git:
protocol will now default to fetching HEAD
(rather than the hardcoded master
).SIGTERM
signal will now be propagated to child processes.yarn config unset
will now correctly unset non-nested propertiesinitFields
edge cases have been fixed.preferAggregateCacheInfo
flag will now also aggregate cleanup reports.enableMessageNames
flag can be set to false
to exclude the YNxxxx
from the output.yarn init
can now be run even from within existing projects (will create missing files).yarn init
and yarn set version
will set the packageManager
field.yarn set version
now downloads binaries from the official Yarn website (rather than GitHub).yarn set version from sources
will now upgrade the builtin plugins as well unless --skip-plugins
is set.yarn version apply
now supports a new --prerelease
flag which replaces how prereleases were previously handled.yarn run
should be significantly faster to boot on large projects.yarn workspaces foreach --verbose
will now print when processes start and end, even if they don't have an output.yarn workspaces foreach
now supports a --from <glob>
flag, which when combined with -R
will target workspaces reachable from the 'from' glob.yarn patch-commit
can now be used as many times as you want on the same patch folder.yarn patch-commit
now supports a new -s,--save
flag which will save the patch instead of just printing it.yarn up
now supports a new -R,--recursive
flag which will upgrade the specified package, regardless where it is.yarn config unset
is a new command that will remove a setting from the local configuration (or home if -H
is set).yarn exec
got support for running shell scripts using Yarn's portable shell.yarn plugin import
can now install specific versions of the official plugins.yarn plugin import
will now download plugins compatible with the current CLI by default.yarn unlink
has been added which removes resolutions previously set by yarn link
.yarn install
inside a Yarn v1 project will now automatically enable the node-modules
linker. This should solve most of the problems people have had in their migrations. We still recommend to keep the default PnP for new projects, but the choice is yours.bigint
, and fstat
.@yarnpkg/esbuild-plugin-pnp
. We use it to bundle Yarn itself!exports
field - regardless of the Node version.node:
protocol (new in Node 16)plugins
configuration property.FAQs
Unknown package
The npm package @yarnpkg/fslib receives a total of 3,434,460 weekly downloads. As such, @yarnpkg/fslib popularity was classified as popular.
We found that @yarnpkg/fslib demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.