Socket
Socket
Sign inDemoInstall

yarn

Package Overview
Dependencies
0
Maintainers
6
Versions
120
Alerts
File Explorer

Advanced tools

npm Scripts

Install Socket

Detect and block malicious and high-risk dependencies

Install

yarn

📦🐈 Fast, reliable, and secure dependency management.

Version published
Maintainers
6
Weekly downloads
5,519,454
increased by2.11%
Install size
5.09 MB

Weekly downloads

Package description

What is yarn?

Yarn is a fast, reliable, and secure dependency management tool that is used to manage project dependencies in JavaScript and Node.js environments. It caches every package it downloads, so it never needs to download the same package again. It also parallelizes operations to maximize resource utilization, and it uses checksums to verify the integrity of every installed package before its code is executed.

What are yarn's main functionalities?

Adding a dependency

This command adds the lodash package to the project's dependencies.

yarn add lodash

Upgrading a dependency

This command upgrades the react package to its latest version according to the version range specified in the package.json file.

yarn upgrade react

Removing a dependency

This command removes the moment package from the project's dependencies.

yarn remove moment

Installing all dependencies

This command installs all the dependencies listed in the project's package.json file.

yarn install

Locking down dependency versions

This command installs dependencies based on the yarn.lock file without generating a new lock file, ensuring reproducibility across installations.

yarn install --frozen-lockfile

Other packages similar to yarn

    npm

    npm is the default package manager for Node.js and is bundled with it. It serves a similar purpose to Yarn, allowing users to install, share, and manage dependencies in their projects. Compared to Yarn, npm has a different CLI syntax and handles package installations and lock files differently. npm has improved its performance in recent versions, but Yarn is often cited for its faster and more reliable installations due to its caching and parallelization features.

    pnpm

    pnpm is another alternative to Yarn that focuses on performance and disk space efficiency. It uses a content-addressable filesystem to store packages, which means that a package version is saved only once on a disk and then hard-linked into the node_modules directories of projects that use it. This results in faster installations and less disk space usage. pnpm also has a strictness that prevents implicit dependencies, which can lead to more predictable and secure projects.

Readme

Source

Yarn

Fast, reliable, and secure dependency management.

Circle Status Appveyor Status Azure Pipelines status Discord Chat Commitizen friendly

Fast: Yarn caches every package it has downloaded, so it never needs to download the same package again. It also does almost everything concurrently to maximize resource utilization. This means even faster installs.

Reliable: Using a detailed but concise lockfile format and a deterministic algorithm for install operations, Yarn is able to guarantee that any installation that works on one system will work exactly the same on another system.

Secure: Yarn uses checksums to verify the integrity of every installed package before its code is executed.

Features

  • Offline Mode. If you've installed a package before, then you can install it again without an internet connection.
  • Deterministic. The same dependencies will be installed in the same exact way on any machine, regardless of installation order.
  • Network Performance. Yarn efficiently queues requests and avoids request waterfalls in order to maximize network utilization.
  • Network Resilience. A single request that fails will not cause the entire installation to fail. Requests are automatically retried upon failure.
  • Flat Mode. Yarn resolves mismatched versions of dependencies to a single version to avoid creating duplicates.
  • More emojis. 🐈

Installing Yarn

Read the Installation Guide on our website for detailed instructions on how to install Yarn.

Using Yarn

Read the Usage Guide on our website for detailed instructions on how to use Yarn.

Contributing to Yarn

Contributions are always welcome, no matter how large or small. Substantial feature requests should be proposed as an RFC. Before contributing, please read the code of conduct.

See Contributing.

Prior art

Yarn wouldn't exist if it wasn't for excellent prior art. Yarn has been inspired by the following projects:

Credits

Thanks to Sam Holmes for donating the npm package name!

FAQs

Last updated on 09 Mar 2024

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

npm Package for ReExt React Components Library Exfiltrates Git Credentials

Research

Security News

npm Package for ReExt React Components Library Exfiltrates Git Credentials

The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.

By Sarah Gooding, Socket Research Team  -  Apr 18, 2024
Connect with Socket at RSA and BSidesSF 2024

Company News

Connect with Socket at RSA and BSidesSF 2024

Come meet the Socket team at BSidesSF and RSA! We're sponsoring several fun networking events and we would love to see you there.

By Sarah Gooding  -  Apr 15, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc