0
# Package Management
1

2
Core commands for installing, adding, removing, and upgrading dependencies in JavaScript/Node.js projects.
3

4
## Capabilities
5

6
### Install Dependencies
7

8
Install all dependencies listed in package.json according to the lockfile.
9

10
```bash { .api }
11
yarn install [options]
12

13
# Common options:
14
--production              # Install only production dependencies (no devDependencies)
15
--frozen-lockfile        # Don't generate a lockfile and fail if an update is needed
16
--pure-lockfile          # Don't generate a lockfile
17
--offline                # Use only cached packages, fail if not in cache
18
--ignore-scripts         # Don't run lifecycle scripts (preinstall, postinstall, etc.)
19
--ignore-platform        # Ignore platform compatibility checks
20
--ignore-engines         # Ignore engines field in package.json
21
--ignore-optional        # Don't install optional dependencies
22
--force                  # Force re-download of all packages
23
--har                    # Save HAR file with network request logs
24
--non-interactive        # Disable interactive prompts
25
--no-bin-links          # Don't create symlinks for package binaries
26
--flat                   # Install all dependencies in root node_modules (legacy)
27
--focus                  # Focus on workspace dependencies only
28
--verbose                # Show additional logging information
29
```
30

31
**Usage Examples:**
32

33
```bash
34
# Basic install
35
yarn install
36

37
# Production-only install for deployment
38
yarn install --production --frozen-lockfile
39

40
# Offline install using cache
41
yarn install --offline
42

43
# Force reinstall of all packages
44
yarn install --force
45

46
# Install without running scripts (for security)
47
yarn install --ignore-scripts
48
```
49

50
### Add Dependencies
51

52
Add new dependencies to the project and install them.
53

54
```bash { .api }
55
yarn add <package>[@version] [options]
56

57
# Dependency type options:
58
--dev, -D                # Add to devDependencies
59
--peer, -P               # Add to peerDependencies  
60
--optional, -O           # Add to optionalDependencies
61

62
# Version options:
63
--exact, -E              # Install exact version (no range)
64
--tilde, -T              # Install with tilde range (~)
65

66
# Other options:
67
--ignore-workspace-root-check  # Allow install on workspace root
68
--audit                  # Run security audit after install
69
```
70

71
**Usage Examples:**
72

73
```bash
74
# Add production dependency
75
yarn add react
76
yarn add react@^18.0.0
77

78
# Add development dependency
79
yarn add --dev jest
80
yarn add -D @types/node
81

82
# Add exact version
83
yarn add --exact lodash@4.17.21
84

85
# Add multiple packages
86
yarn add react react-dom
87
yarn add --dev jest @testing-library/react eslint
88

89
# Add from different sources
90
yarn add lodash@npm:@4.17.21
91
yarn add react@https://github.com/facebook/react/tarball/main
92
yarn add my-package@file:../my-package
93
```
94

95
### Remove Dependencies
96

97
Remove dependencies from the project and uninstall them.
98

99
```bash { .api }
100
yarn remove <package> [package2] [package3] [options]
101

102
# Options:
103
--ignore-workspace-root-check  # Allow removal from workspace root
104
```
105

106
**Usage Examples:**
107

108
```bash
109
# Remove single package
110
yarn remove lodash
111

112
# Remove multiple packages
113
yarn remove lodash underscore ramda
114

115
# Remove from all dependency types
116
yarn remove react  # Removes from dependencies, devDependencies, etc.
117
```
118

119
### Upgrade Dependencies
120

121
Upgrade dependencies to their latest versions within semver constraints.
122

123
```bash { .api }
124
yarn upgrade [package] [options]
125

126
# Version options:
127
--latest                 # Upgrade to latest version (ignore semver)
128
--exact                  # Upgrade to exact version
129
--pattern <pattern>      # Upgrade packages matching pattern
130
--scope <scope>          # Upgrade packages in scope
131
--caret                  # Use caret range (^) for new versions
132
--tilde                  # Use tilde range (~) for new versions
133

134
# Other options:
135
--audit                  # Run security audit after upgrade
136
```
137

138
**Usage Examples:**
139

140
```bash
141
# Upgrade all dependencies within semver ranges
142
yarn upgrade
143

144
# Upgrade specific package
145
yarn upgrade react
146

147
# Upgrade to latest versions (ignoring semver)
148
yarn upgrade --latest
149

150
# Upgrade specific package to latest
151
yarn upgrade react --latest
152

153
# Upgrade packages matching pattern
154
yarn upgrade --pattern "babel-*"
155

156
# Upgrade scoped packages
157
yarn upgrade --scope @types
158
```
159

160
### Interactive Upgrade
161

162
Interactively choose which dependencies to upgrade with a visual interface.
163

164
```bash { .api }
165
yarn upgrade-interactive [options]
166

167
--latest                 # Include major version upgrades in choices
168
```
169

170
**Usage Examples:**
171

172
```bash
173
# Interactive upgrade within semver constraints
174
yarn upgrade-interactive
175

176
# Interactive upgrade including major versions
177
yarn upgrade-interactive --latest
178
```
179

180
## Package Sources
181

182
Yarn supports installing packages from various sources:
183

184
### NPM Registry
185

186
```bash
187
# Default npm registry
188
yarn add package-name
189

190
# Specific version
191
yarn add package-name@1.2.3
192

193
# Version range
194
yarn add package-name@^1.2.0
195
yarn add package-name@~1.2.0
196
yarn add package-name@>=1.2.0
197
```
198

199
### Git Repositories
200

201
```bash
202
# GitHub shorthand
203
yarn add user/repo
204
yarn add user/repo#branch
205
yarn add user/repo#commit-sha
206

207
# Full git URLs
208
yarn add https://github.com/user/repo.git
209
yarn add git+ssh://git@github.com:user/repo.git
210
yarn add git+https://github.com/user/repo.git#branch
211
```
212

213
### Tarball URLs
214

215
```bash
216
# HTTP tarball
217
yarn add https://example.com/package.tar.gz
218

219
# File path
220
yarn add file:../my-package
221
yarn add file:./packages/my-package
222
```
223

224
### Alternative Registries
225

226
```bash
227
# Specify different registry
228
yarn add package@npm:alternative-package
229
yarn add @scope/package --registry https://custom-registry.com
230
```
231

232
## Dependency Types
233

234
### Production Dependencies
235

236
```bash
237
# Add to "dependencies" in package.json
238
yarn add react express
239
```
240

241
### Development Dependencies
242

243
```bash
244
# Add to "devDependencies" in package.json
245
yarn add --dev jest eslint @types/node
246
yarn add -D babel-core webpack
247
```
248

249
### Peer Dependencies
250

251
```bash
252
# Add to "peerDependencies" in package.json
253
yarn add --peer react
254
yarn add -P @types/react
255
```
256

257
### Optional Dependencies
258

259
```bash
260
# Add to "optionalDependencies" in package.json
261
yarn add --optional fsevents
262
yarn add -O node-sass
263
```
264

265
## Lockfile Management
266

267
Yarn automatically manages the `yarn.lock` file to ensure deterministic installs:
268

269
- **yarn.lock** is automatically generated and updated during install/add/remove operations
270
- Contains exact versions and integrity hashes for all dependencies
271
- Should be committed to version control
272
- Use `--frozen-lockfile` in CI/production to prevent updates
273
- Use `--pure-lockfile` to prevent lockfile generation
274

275
## Integrity and Security
276

277
Yarn verifies package integrity using checksums stored in the lockfile:
278

279
- All packages are verified against their checksums before installation
280
- Corrupted or tampered packages will cause installation to fail
281
- Use `yarn check --integrity` to verify installed packages
282
- Use `yarn audit` to check for known security vulnerabilities