0
# Utility Commands
1

2
Additional utility commands for package integrity, security, maintenance, and project information.
3

4
## Capabilities
5

6
### Package Integrity
7

8
Verify the integrity of installed packages and dependency tree.
9

10
```bash { .api }
11
yarn check [options]
12

13
# Options:
14
--integrity              # Verify package integrity against checksums
15
--verify-tree           # Verify dependency tree structure
16
--json                  # Output results in JSON format
17
```
18

19
**Usage Examples:**
20

21
```bash
22
# Basic integrity check
23
yarn check
24

25
# Check package integrity only
26
yarn check --integrity
27

28
# Verify dependency tree
29
yarn check --verify-tree
30

31
# Get JSON output for automation
32
yarn check --json
33

34
# Check specific aspects
35
yarn check --integrity --verify-tree
36
```
37

38
**Check Process:**
39
1. **Integrity Check**: Verifies checksums against yarn.lock
40
2. **Tree Verification**: Ensures installed packages match dependency requirements
41
3. **License Check**: Validates license compatibility (if configured)
42
4. **Report Issues**: Lists any inconsistencies or problems
43

44
### Security Audit
45

46
Run security audit to identify known vulnerabilities.
47

48
```bash { .api }
49
yarn audit [options]
50

51
# Options:
52
--level <severity>       # Minimum severity level (low, moderate, high, critical)
53
--json                  # Output in JSON format
54
--groups <groups>       # Audit specific dependency groups
55
```
56

57
**Usage Examples:**
58

59
```bash
60
# Run security audit
61
yarn audit
62

63
# Audit with minimum severity level
64
yarn audit --level moderate
65
yarn audit --level high
66
yarn audit --level critical
67

68
# Audit specific dependency groups
69
yarn audit --groups dependencies
70
yarn audit --groups devDependencies
71

72
# Get JSON output
73
yarn audit --json
74

75
# Audit production dependencies only
76
yarn audit --groups dependencies --level high
77
```
78

79
**Audit Output:**
80
```
81
┌───────────────┬──────────────────────────────────────────────────────────────┐
82
│ Severity      │ Package                                                      │
83
├───────────────┼──────────────────────────────────────────────────────────────┤
84
│ High          │ minimist                                                     │
85
├───────────────┼──────────────────────────────────────────────────────────────┤
86
│ Package       │ minimist                                                     │
87
├───────────────┼──────────────────────────────────────────────────────────────┤
88
│ Vulnerable    │ <1.2.2                                                       │
89
│ versions      │                                                              │
90
├───────────────┼──────────────────────────────────────────────────────────────┤
91
│ Patched in    │ >=1.2.2                                                      │
92
└───────────────┴──────────────────────────────────────────────────────────────┘
93
```
94

95
### Create Package Tarball
96

97
Create a compressed tarball of the package for distribution.
98

99
```bash { .api }
100
yarn pack [options]
101

102
# Options:
103
--filename <name>        # Specify output filename
104
--json                  # Output metadata in JSON format
105
```
106

107
**Usage Examples:**
108

109
```bash
110
# Create tarball with default name
111
yarn pack
112

113
# Specify custom filename
114
yarn pack --filename my-package-v1.0.0.tgz
115

116
# Get JSON metadata
117
yarn pack --json
118

119
# Pack specific version
120
yarn version --new-version 1.2.3
121
yarn pack
122
```
123

124
**Pack Process:**
125
1. Runs `prepack` script (if defined)
126
2. Creates tarball with files specified in `package.json#files`
127
3. Excludes files in `.npmignore` or `.gitignore`
128
4. Runs `postpack` script (if defined)
129
5. Outputs tarball filename and size
130

131
### Import Dependencies
132

133
Import dependencies from other package managers' lockfiles.
134

135
```bash { .api }
136
yarn import
137
```
138

139
**Usage Examples:**
140

141
```bash
142
# Import from package-lock.json
143
yarn import
144

145
# Workflow: npm to yarn migration
146
npm install              # Generates package-lock.json
147
yarn import             # Converts to yarn.lock
148
rm package-lock.json    # Clean up npm lockfile
149
```
150

151
**Import Process:**
152
1. Reads `package-lock.json` (npm) or `composer.lock` (Composer)
153
2. Converts dependency information to yarn.lock format
154
3. Preserves exact versions and resolved URLs
155
4. Maintains dependency tree structure
156

157
### Generate Lockfile Entry
158

159
Generate a lockfile entry for a specific package.
160

161
```bash { .api }
162
yarn generate-lock-entry [options]
163

164
# Options:
165
--use-manifest <path>    # Use specific package.json
166
--resolved <url>         # Use specific resolved URL
167
```
168

169
**Usage Examples:**
170

171
```bash
172
# Generate entry for package in current directory
173
yarn generate-lock-entry
174

175
# Generate entry with custom manifest
176
yarn generate-lock-entry --use-manifest /path/to/package.json
177

178
# Generate entry with specific resolved URL
179
yarn generate-lock-entry --resolved https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz
180
```
181

182
### Clean Unnecessary Files
183

184
Automatically remove unnecessary files from node_modules to save space.
185

186
```bash { .api }
187
yarn autoclean [options]
188

189
# Options:
190
--init                  # Initialize autoclean (creates .yarnclean)
191
--force                 # Clean without confirmation
192
```
193

194
**Usage Examples:**
195

196
```bash
197
# Initialize autoclean
198
yarn autoclean --init
199

200
# Run autoclean
201
yarn autoclean
202

203
# Clean without confirmation
204
yarn autoclean --force
205

206
# Clean as part of install
207
yarn install && yarn autoclean
208
```
209

210
**Autoclean Process:**
211
1. Reads `.yarnclean` file for patterns
212
2. Removes matching files from node_modules
213
3. Reports space saved
214
4. Can be automated to run after install
215

216
**Example .yarnclean:**
217
```
218
# Remove documentation
219
*.md
220
LICENSE*
221
CHANGELOG*
222

223
# Remove test files
224
__tests__
225
test
226
tests
227
*.test.js
228
*.spec.js
229

230
# Remove source maps
231
*.map
232

233
# Remove TypeScript files
234
*.ts
235
!*.d.ts
236
```
237

238
### Unplug Packages
239

240
Temporarily unplug Plug'n'Play packages for debugging purposes.
241

242
```bash { .api }
243
yarn unplug <package> [options]
244

245
# Options:
246
--clear                 # Delete the selected packages
247
--clear-all            # Delete all unplugged packages
248
```
249

250
**Usage Examples:**
251

252
```bash
253
# Unplug a package for debugging
254
yarn unplug react
255

256
# Unplug specific version
257
yarn unplug react@18.0.0
258

259
# Clear unplugged package
260
yarn unplug react --clear
261

262
# Clear all unplugged packages
263
yarn unplug --clear-all
264
```
265

266
**Unplug Process:**
267
1. Only works with Plug'n'Play enabled projects
268
2. Copies package from cache to unplugged directory
269
3. Allows direct file system access for debugging
270
4. Maintains package functionality while enabling inspection
271

272
### Release Policies
273

274
Manage yarn version policies and automatic updates.
275

276
```bash { .api }
277
yarn policies set-version <version>
278
```
279

280
**Usage Examples:**
281

282
```bash
283
# Set specific yarn version for project
284
yarn policies set-version 1.22.22
285

286
# Set latest version
287
yarn policies set-version latest
288

289
# Set canary/beta version
290
yarn policies set-version canary
291
yarn policies set-version berry
292
```
293

294
**Policy Management:**
295
- Downloads and installs specified yarn version locally
296
- Creates .yarn/releases directory with yarn binary
297
- Updates .yarnrc.yml to use local version
298
- Ensures consistent yarn version across team
299

300
### Help System
301

302
Display help information for yarn commands.
303

304
```bash { .api }
305
yarn help [command]
306
```
307

308
**Usage Examples:**
309

310
```bash
311
# General help
312
yarn help
313
yarn --help
314
yarn -h
315

316
# Help for specific command
317
yarn help install
318
yarn help add
319
yarn help workspace
320

321
# List all commands
322
yarn help --commands
323
```
324

325
### Version Management
326

327
Show or update package version information.
328

329
```bash { .api }
330
yarn version [options]
331

332
# Options:
333
--new-version <version>  # Set specific version
334
--major                 # Increment major version
335
--minor                 # Increment minor version
336
--patch                 # Increment patch version
337
--premajor             # Increment to prerelease major
338
--preminor             # Increment to prerelease minor
339
--prepatch             # Increment to prerelease patch
340
--prerelease           # Increment prerelease version
341
--preid <identifier>    # Prerelease identifier (alpha, beta, rc)
342
--message <message>     # Custom commit message
343
--no-git-tag-version   # Don't create git tag
344
--no-commit-hooks      # Skip git commit hooks
345
```
346

347
**Usage Examples:**
348

349
```bash
350
# Show current version
351
yarn version
352

353
# Increment versions
354
yarn version --patch     # 1.0.0 -> 1.0.1
355
yarn version --minor     # 1.0.0 -> 1.1.0
356
yarn version --major     # 1.0.0 -> 2.0.0
357

358
# Set specific version
359
yarn version --new-version 2.1.0
360

361
# Prerelease versions
362
yarn version --prerelease              # 1.0.0 -> 1.0.1-0
363
yarn version --prerelease --preid beta # 1.0.0 -> 1.0.1-beta.0
364
yarn version --premajor --preid alpha  # 1.0.0 -> 2.0.0-alpha.0
365

366
# Version without git tag
367
yarn version --patch --no-git-tag-version
368

369
# Version with custom commit message
370
yarn version --patch --message "Fix critical bug in authentication"
371
```
372

373
**Version Process:**
374
1. Runs `preversion` script
375
2. Updates version in package.json
376
3. Runs `version` script
377
4. Commits changes to git (if in git repo)
378
5. Creates git tag (unless `--no-git-tag-version`)
379
6. Runs `postversion` script
380

381
### Show Environment Versions
382

383
Display versions of yarn, Node.js, and system information.
384

385
```bash { .api }
386
yarn versions
387
```
388

389
**Usage Examples:**
390

391
```bash
392
# Show all versions
393
yarn versions
394

395
# Use in bug reports
396
yarn versions > versions.txt
397
```
398

399
**Output Example:**
400
```json
401
{
402
  "yarn": "1.22.22",
403
  "node": "18.17.0",
404
  "v8": "10.2.154.26-node.22",
405
  "uv": "1.44.2",
406
  "zlib": "1.2.13",
407
  "brotli": "1.0.9",
408
  "ares": "1.19.1",
409
  "modules": "108",
410
  "nghttp2": "1.57.0",
411
  "napi": "8",
412
  "llhttp": "8.1.1",
413
  "openssl": "3.0.9+quic",
414
  "cldr": "43.1",
415
  "icu": "73.2",
416
  "tz": "2023c",
417
  "unicode": "15.0",
418
  "os": "Linux 5.4.0-74-generic",
419
  "cpu": "x64"
420
}
421
```
422

423
## Advanced Utility Usage
424

425
### Automated Integrity Checks
426

427
```bash
428
# Pre-commit hook
429
#!/bin/sh
430
yarn check --integrity || {
431
  echo "Integrity check failed!"
432
  exit 1
433
}
434

435
# CI/CD pipeline check
436
yarn install --frozen-lockfile
437
yarn check --integrity --verify-tree
438
```
439

440
### Security Automation
441

442
```bash
443
# Security check script
444
#!/bin/bash
445
AUDIT_RESULT=$(yarn audit --json --level high)
446
if [ $? -ne 0 ]; then
447
  echo "High severity vulnerabilities found!"
448
  echo "$AUDIT_RESULT" | jq '.data.vulnerabilities'
449
  exit 1
450
fi
451

452
# Auto-fix security issues (where possible)
453
yarn audit --level moderate || yarn upgrade
454
```
455

456
### Package Distribution
457

458
```bash
459
# Build and pack workflow
460
yarn build
461
yarn test
462
yarn pack --filename "$(npm pkg get name | tr -d '\"')-$(npm pkg get version | tr -d '\"').tgz"
463

464
# Verify packed contents
465
tar -tzf *.tgz | head -20
466
```
467

468
### Development Workflow Integration
469

470
```bash
471
# Pre-install validation
472
yarn check --verify-tree 2>/dev/null || yarn install
473

474
# Post-install cleanup
475
yarn install && yarn autoclean && yarn check
476

477
# Version bump workflow
478
yarn test && yarn build && yarn version --patch && yarn publish
479
```
480

481
### Maintenance Scripts
482

483
```json
484
{
485
  "scripts": {
486
    "preinstall": "yarn check --verify-tree || true",
487
    "postinstall": "yarn autoclean && yarn audit --level high",
488
    "prebuild": "yarn check --integrity",
489
    "prepack": "yarn build && yarn test",
490
    "version": "yarn build && git add -A dist",
491
    "postversion": "git push && git push --tags",
492
    "security-check": "yarn audit --level moderate --json | jq '.data.vulnerabilities | length'",
493
    "clean-install": "rm -rf node_modules yarn.lock && yarn install"
494
  }
495
}
496
```
497

498
### Troubleshooting Utilities
499

500
```bash
501
# Debug dependency resolution
502
yarn install --verbose
503

504
# Check for conflicting versions
505
yarn list --pattern "*" | grep -E "├─|└─" | sort | uniq -c | sort -nr
506

507
# Verify lockfile consistency
508
yarn install --frozen-lockfile --check-files
509

510
# Generate detailed dependency report
511
yarn list --json > dependency-report.json
512

513
# Check package sizes
514
yarn list --json | jq -r '.data.trees[] | "\(.name)@\(.version)"' | \
515
  xargs -I {} sh -c 'echo -n "{}: "; npm view {} dist.unpackedSize 2>/dev/null || echo "unknown"'
516
```
517

518
### Integration with Other Tools
519

520
```bash
521
# Integration with npm-check-updates
522
npx npm-check-updates
523
yarn upgrade
524

525
# Integration with license-checker
526
npx license-checker --summary
527
yarn licenses list
528

529
# Integration with bundlephobia
530
yarn list --json | jq -r '.data.trees[].name' | \
531
  xargs -I {} curl -s "https://bundlephobia.com/api/size?package={}" | jq '.'
532

533
# Integration with snyk
534
npx snyk test
535
yarn audit
536
```