Fast, reliable, and secure dependency management.

Fast: Yarn caches every package it has downloaded, so it never needs to download the same package again. It also does almost everything concurrently to maximize resource utilization. This means even faster installs.

Reliable: Using a detailed but concise lockfile format and a deterministic algorithm for install operations, Yarn is able to guarantee that any installation that works on one system will work exactly the same on another system.

Secure: Yarn uses checksums to verify the integrity of every installed package before its code is executed.

Features

• Offline Mode. If you've installed a package before, then you can install it again without an internet connection.
• Deterministic. The same dependencies will be installed in the same exact way on any machine, regardless of installation order.
• Network Performance. Yarn efficiently queues requests and avoids request waterfalls in order to maximize network utilization.
• Network Resilience. A single request that fails will not cause the entire installation to fail. Requests are automatically retried upon failure.
• Flat Mode. Yarn resolves mismatched versions of dependencies to a single version to avoid creating duplicates.
• More emojis. 🐈

Installing Yarn

Read the Installation Guide on our website for detailed instructions on how to install Yarn.

Using Yarn

Read the Usage Guide on our website for detailed instructions on how to use Yarn.

Contributing to Yarn

Contributions are always welcome, no matter how large or small. Substantial feature requests should be proposed as an RFC. Before contributing, please read the code of conduct.

See Contributing.

Prior art

Yarn wouldn't exist if it wasn't for excellent prior art. Yarn has been inspired by the following projects:

• Bundler
• Cargo
• npm

Credits

Thanks to Sam Holmes for donating the npm package name!

Changelog

Please add one entry in this file for each change in Yarn's behavior. Use the same format for all entries, including the third-person verb. Make sure you don't add more than one line of text to keep it clean. Thanks!

Master

• Passes arguments following -- when running a workspace script (yarn workspace pkg run command -- arg)

  #7776 - Jeff Valore

• Prints workspace names with yarn workspaces (silence with -s)

  #7722 - Orta

• Implements yarn init --install <version>

  #7723 - Maël Nison

• Implements yarn init -2

  #7862 - Maël Nison

• Implements yarn set version <version> as an alias for policies set-version

  #7862 - Maël Nison

• Fixes an issue where the archive paths were incorrectly sanitized

  #7831 - Maël Nison

• Allows some dots in binary names again

  #7811 - Valery Bugakov

• Better error handling on yarn set version

  #7848 - Nick Olinger

1.19.2

• Folders like .cache won't be pruned from the node_modules after each install.

  #7699 - Maël Nison

• Correctly installs workspace child dependencies when workspace child not symlinked to root.

  #7289 - Daniel Tschinder

• Makes running scripts with Plug'n Play possible on node 13.

  #7650 - Sander Verweij

• Change run command to check cwd/node_modules/.bin for commands. Fixes run in workspaces.

  #7151 - Jeff Valore

1.19.1

Important: This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the Offline Mirror feature. After that everything will be back to normal.

• Computes the --modules-folder & friends paths based on the cwd.

  #7607 - mbpreble

• Stores the sha512 in the cache even when not provided by the server.

  #7591 - Maël Nison / #7595 - Michael

• Uses the right Node binary when using yarn-path.

  #7592 - Maël Nison

1.19.0

Important: This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the Offline Mirror feature. After that everything will be back to normal.

• Fixes a potential vulnerability regarding how the build artifacts are stored

  Reported by ChALkeR, fixed by Maël Nison

1.18.0

• Suggests using the Yarn 2 development trunk on PnP-enabled projects

  #7512 - Maël Nison

• Preserves linked packages when calling yarn create

  #7543 - Nick McCurdy

• Fixes the offline mirror filenames when using Verdaccio

  #7499 - xv2

• Fixes using link:. to refer to the package folder

  #7512 - Maël Nison

• Runs the prepare lifecycle of git dependencies even if NODE_ENV is set to production.

  #7398 - John Firebaugh

• Fixes the postversion lifecycle method not being called when using --no-git-tag-version.

  #7154 - Hampus Tågerud

• Ignores potentially large vscode keys in package.json to avoid E2BIG errors.

  #7419 - Eric Amodio

• Enforces https for the Yarn and npm registries.

  #7393 - Maël Nison

• Adds support for reading yarnPath from v2-produced .yarnrc.yml files.

  #7350 - Maël Nison

1.17.0

• Adds prereleases flags and prerelease identifier to yarn version.

  #7336 - Daniel Seijo

• Fixes audits when used with yarn add & yarn upgrade

  #7326 - David Sanders

• Adds support for the --offline flag to yarn global add

  #7330 - Francis Crick

• Yarn will tolerate Yaml at parse time. Full support isn't ready yet and will only come at the next major.

  #7300 - Maël Nison

• Fixes a bug when using the link: protocol with a folder that doesn't contain a package.json

  #7337 - Maël Nison

1.16.0

• Retries downloading a package on yarn install when we get a ETIMEDOUT error.

  #7163 - Vincent Bailly

• Implements yarn audit --level [severity] flag to filter the audit command's output.

  #6716 - Rogério Vicente

• Implements yarn audit --groups group_name [group_name ...].

  #6724 - Tom Milligan

• Exposes the script environment variables to yarn create spawned processes.

  #7127 - Eli Perelman

• Prevents EPIPE errors from being printed.

  #7194 - Abhishek Reddy

• Adds support for the npm enterprise URLs when computing the offline mirror filenames.

  #7200 - John Millikin

• Tweaks the lockfile parser logic to parse a few extra cases

  #7210 - Maël Nison

1.15.2

The 1.15.1 doesn't exist due to a release hiccup.

• Reverts a behavior causing boggus interactions between PowerShell and yarn global

  #6954 - briman0094

• Fixes a bug where non-zero exit codes were converted to a generic 1 when running yarn run

  #6926 - Kyle Fang

• Fixes production / development reporting when running yarn audit

  #6970 - Adam Richardson

1.15.0

• Removes --scripts-prepend-node-path as Yarn's default behavior makes this obsolete

  #7057 - Jason Grout

• Fixes the advisory link printed by yarn audit

  #7091 - Jakob Krigovsky

• Fixes npm_config_ environment variable parsing to support those prefixed with underscore (ex: _auth)

  #7070 - Nicholas Boll

• Fixes yarn upgrade --latest for dependencies using > or >= range specifier

  #7080 - Xukai Wu

• Fixes --modules-folder handling in several places (ex: yarn check now respects --modules-folder)

  #6850 - Jeff Valore

• Removes rootModuleFolders (internal variable which wasn't used anywhere)

  #6846 - Jeff Valore

• Adds support for setting global-folder from .yarnrc files

  #7056 - Hsiao-nan Cheung

• Makes yarn version cancellable via ctrl-c or empty string

  #7064 - Olle Lauri Boström

• Adds support for yarn policies set-version berry

  #7041 - Maël Nison

• Fixes yarn upgrade --scope when using exotic (github) dependencies

  #7017 - Jeff Valore

• Fixes occasionally mismatching upper/lowecases of drive letters in win32 pnp check

  #7007 - Christoph Werner

• Fixes the error reporting for non-HTTP network errors (such as invalid certificates)

  #6968 - Chih-Hsuan Yen

• Changes the location where the --require ./.pnp.js flag gets added into NODE_OPTIONS: now at the front (bis)

  #6951 - John-David Dalton

• Packages won't be auto-unplugged anymore if ignore-scripts is set in the yarnrc file

  #6983 - Micha Reiser

• Enables displaying Emojis on Terminus by default

  #7093 - David Refoua

• Run the engines check before executing run scripts.

  #7013 - Eloy Durán

1.14.0

• Improves PnP compatibility with Node 6

  #6871 - Robert Jackson

• Fixes PnP detection with workspaces (installConfig is now read at the top-level)

  #6878 - Maël Nison

• Fixes an interaction between yarn pack and bundled dependencies

  #6908 - Travis Hoover

• Adds support for GITHUB_TOKEN in yarn policies set-version

  #6912 - Billy Vong

• Fixes an issue where resolve would forward an incomplete basedir to the PnP hook

  #6882 - Zoran Regvart

• Fixes the command that yarn unlink recommends to run as a followup (now yarn install --force)

  #6931 - Justin Sacbibit

• Changes the location where the --require ./.pnp.js flag gets added into NODE_OPTIONS: now at the front

  #6942 - John-David Dalton

• Fixes a bug where os and platform requirements weren't properly checked when engines was missing

  #6976 - Micha Reiser

1.13.0

• Implements a new package.json field: peerDependenciesMeta

  #6671 - Maël Nison

• Adds an optional settings to peerDependenciesMeta to silence missing peer dependency warnings

  #6671 - Maël Nison

• Implements yarn policies set-version [range]. Check the documentation for usage & tips.

  #6673 - Maël Nison

• Fixes a resolution issue when a package had an invalid main entry

  #6682 - Maël Nison

• Decreases the size of the generated $PATH environment variable for a better Windows support

  #6683 - Rowan Lonsdale

• Fixes postinstall scripts for third-party packages when they were referencing a binary from their own dependencies

  #6712 - Maël Nison

• Fixes yarn audit exit code overflow

  #6748 - Andrey Vetlugin

• Stops automatically unplugging packages with postinstall script when running under --ignore-scripts

  #6820 - Maël Nison

• Adds transparent support for the resolve package when using Plug'n'Play

  #6816 - Maël Nison

• Properly reports the error codes when the npm registry throws 500's

  #6817 - Maël Nison

1.12.3

Important: This release contains a cache bump. It will cause the very first install following the upgrade to take slightly more time, especially if you don't use the Offline Mirror feature. After that everything will be back to normal.

• Fixes an issue with yarn audit when using workspaces

  #6625 - Jeff Valore

• Uses NODE_OPTIONS to instruct Node to load the PnP hook, instead of raw CLI arguments

  Caveat: This change might cause issues for PnP users having a space inside their cwd (cf nodejs/node#24065)

  #6479 - Maël Nison

• Fixes Gulp when used with Plug'n'Play

  #6623 - Maël Nison

• Fixes an issue with yarn audit when the root package was missing a name

  #6611 - Jack Zhao

• Fixes an issue with yarn audit when a package was depending on an empty range

  #6611 - Jack Zhao

• Fixes an issue with how symlinks are setup into the cache on Windows

  #6621 - Yoad Snapir

• Upgrades inquirer, fixing upgrade-interactive for users using both Node 10 and Windows

  #6635 - Philipp Feigl

• Exposes the path to the PnP file using require.resolve('pnpapi')

  #6643 - Maël Nison

1.12.2

This release doesn't actually exists and was caused by a quirk in our systems.

1.12.1

• Ensures the engine check is ran before showing the UI for upgrade-interactive

  #6536 - Orta Therox

• Restores Node v4 support by downgrading cli-table3

  #6535 - Mark Stacey

• Prevents infinite loop when parsing corrupted lockfiles with unterminated strings

  #4965 - Ryan Hendrickson

• Environment variables now have to start with YARN_ (instead of just contain it) to be considered

  #6518 - Michael Gmelin

• Fixes the extensions option when used by resolveRequest

  #6479 - Maël Nison

• Fixes handling of empty string entries for bin in package.json

  #6515 - Ryan Burrows

• Adds support for basic auth for registries with paths, such as artifactory

  #5322 - Karolis Narkevicius

• Adds 2FA (Two Factor Authentication) support to publish & alike

  #6555 - Krzysztof Zbudniewek

• Fixes how the files property is interpreted to bring it in line with npm

  #6562 - Bertrand Marron

• Fixes Yarn invocations on Darwin when the yarn binary was symlinked

  #6568 - Hidde Boomsma

• Fixes require.resolve when used together with the paths option

  #6565 - Maël Nison

1.12.0

• Adds initial support for PnP on Windows

  #6447 - John-David Dalton

• Adds yarn audit (and the --audit flag for all installs)

  #6409 - Jeff Valore

• Adds a special logic to PnP for ESLint compatibility (temporary, until eslint/eslint#10125 is fixed)

  #6449 - Maël Nison

• Makes the PnP hook inject a process.versions.pnp variable when setup (equals to VERSIONS.std)

  #6464 - Maël Nison

• Disables by default (configurable) the automatic migration of the integrity field. It will be re-enabled in 2.0.

  #6465 - Maël Nison

• Fixes the display name of the faulty package when the NPM registry returns corrupted data

  #6455 - Grey Baker

• Prevents crashes when running yarn outdated and the NPM registry forgets to return the latest tag

  #6454 - mad-mike

• Fixes yarn run when used together with workspaces and PnP

  #6444 - Maël Nison

• Fixes an edge case when peer dependencies were resolved multiple levels deep (webpack-dev-server)

  #6443 - Maël Nison