tessl/npm-yarn

Fast, reliable, and secure dependency management tool for JavaScript/Node.js projects

Overview

Eval results

Files

Package Management

Name: tessl/npm-yarn
Author: tessl

Core commands for installing, adding, removing, and upgrading dependencies in JavaScript/Node.js projects.

Capabilities

Install Dependencies

Install all dependencies listed in package.json according to the lockfile.

yarn install [options]

# Common options:
--production              # Install only production dependencies (no devDependencies)
--frozen-lockfile        # Don't generate a lockfile and fail if an update is needed
--pure-lockfile          # Don't generate a lockfile
--offline                # Use only cached packages, fail if not in cache
--ignore-scripts         # Don't run lifecycle scripts (preinstall, postinstall, etc.)
--ignore-platform        # Ignore platform compatibility checks
--ignore-engines         # Ignore engines field in package.json
--ignore-optional        # Don't install optional dependencies
--force                  # Force re-download of all packages
--har                    # Save HAR file with network request logs
--non-interactive        # Disable interactive prompts
--no-bin-links          # Don't create symlinks for package binaries
--flat                   # Install all dependencies in root node_modules (legacy)
--focus                  # Focus on workspace dependencies only
--verbose                # Show additional logging information

Usage Examples:

# Basic install
yarn install

# Production-only install for deployment
yarn install --production --frozen-lockfile

# Offline install using cache
yarn install --offline

# Force reinstall of all packages
yarn install --force

# Install without running scripts (for security)
yarn install --ignore-scripts

Add Dependencies

Add new dependencies to the project and install them.

yarn add <package>[@version] [options]

# Dependency type options:
--dev, -D                # Add to devDependencies
--peer, -P               # Add to peerDependencies  
--optional, -O           # Add to optionalDependencies

# Version options:
--exact, -E              # Install exact version (no range)
--tilde, -T              # Install with tilde range (~)

# Other options:
--ignore-workspace-root-check  # Allow install on workspace root
--audit                  # Run security audit after install

Usage Examples:

# Add production dependency
yarn add react
yarn add react@^18.0.0

# Add development dependency
yarn add --dev jest
yarn add -D @types/node

# Add exact version
yarn add --exact lodash@4.17.21

# Add multiple packages
yarn add react react-dom
yarn add --dev jest @testing-library/react eslint

# Add from different sources
yarn add lodash@npm:@4.17.21
yarn add react@https://github.com/facebook/react/tarball/main
yarn add my-package@file:../my-package

Remove Dependencies

Remove dependencies from the project and uninstall them.

yarn remove <package> [package2] [package3] [options]

# Options:
--ignore-workspace-root-check  # Allow removal from workspace root

Usage Examples:

# Remove single package
yarn remove lodash

# Remove multiple packages
yarn remove lodash underscore ramda

# Remove from all dependency types
yarn remove react  # Removes from dependencies, devDependencies, etc.

Upgrade Dependencies

Upgrade dependencies to their latest versions within semver constraints.

yarn upgrade [package] [options]

# Version options:
--latest                 # Upgrade to latest version (ignore semver)
--exact                  # Upgrade to exact version
--pattern <pattern>      # Upgrade packages matching pattern
--scope <scope>          # Upgrade packages in scope
--caret                  # Use caret range (^) for new versions
--tilde                  # Use tilde range (~) for new versions

# Other options:
--audit                  # Run security audit after upgrade

Usage Examples:

# Upgrade all dependencies within semver ranges
yarn upgrade

# Upgrade specific package
yarn upgrade react

# Upgrade to latest versions (ignoring semver)
yarn upgrade --latest

# Upgrade specific package to latest
yarn upgrade react --latest

# Upgrade packages matching pattern
yarn upgrade --pattern "babel-*"

# Upgrade scoped packages
yarn upgrade --scope @types

Interactive Upgrade

Interactively choose which dependencies to upgrade with a visual interface.

yarn upgrade-interactive [options]

--latest                 # Include major version upgrades in choices

Usage Examples:

# Interactive upgrade within semver constraints
yarn upgrade-interactive

# Interactive upgrade including major versions
yarn upgrade-interactive --latest

Package Sources

Yarn supports installing packages from various sources:

NPM Registry

# Default npm registry
yarn add package-name

# Specific version
yarn add package-name@1.2.3

# Version range
yarn add package-name@^1.2.0
yarn add package-name@~1.2.0
yarn add package-name@>=1.2.0

Git Repositories

# GitHub shorthand
yarn add user/repo
yarn add user/repo#branch
yarn add user/repo#commit-sha

# Full git URLs
yarn add https://github.com/user/repo.git
yarn add git+ssh://git@github.com:user/repo.git
yarn add git+https://github.com/user/repo.git#branch

Tarball URLs

# HTTP tarball
yarn add https://example.com/package.tar.gz

# File path
yarn add file:../my-package
yarn add file:./packages/my-package

Alternative Registries

# Specify different registry
yarn add package@npm:alternative-package
yarn add @scope/package --registry https://custom-registry.com

Dependency Types

Production Dependencies

# Add to "dependencies" in package.json
yarn add react express

Development Dependencies

# Add to "devDependencies" in package.json
yarn add --dev jest eslint @types/node
yarn add -D babel-core webpack

Peer Dependencies

# Add to "peerDependencies" in package.json
yarn add --peer react
yarn add -P @types/react

Optional Dependencies

# Add to "optionalDependencies" in package.json
yarn add --optional fsevents
yarn add -O node-sass

Lockfile Management

Yarn automatically manages the yarn.lock file to ensure deterministic installs:

yarn.lock is automatically generated and updated during install/add/remove operations
Contains exact versions and integrity hashes for all dependencies
Should be committed to version control
Use --frozen-lockfile in CI/production to prevent updates
Use --pure-lockfile to prevent lockfile generation