tessl/npm-yarn
Fast, reliable, and secure dependency management tool for JavaScript/Node.js projects
registry-operations.mddocs/
Registry Operations
Commands for interacting with npm registries, managing authentication, and publishing packages.
Capabilities
Authentication
Manage authentication credentials for package registries.
yarn login # Login to registry (interactive)
yarn logout # Logout from current registryUsage Examples:
# Login to default registry (npmjs.org)
yarn login
# Login to scoped registry
npm login --registry=https://npm.company.com --scope=@company
# Logout from current registry
yarn logoutLogin Process:
- Prompts for username
- Prompts for password
- Prompts for email
- Optionally prompts for 2FA token
- Stores authentication token in
.yarnrcor global config
Package Publishing
Publish packages to the registry.
yarn publish [tarball] [options]
# Options:
--tag <tag> # Publish with specific tag (default: "latest")
--access <public|restricted> # Set package access level
--registry <url> # Publish to specific registry
--new-version <version> # Set version before publishing
--major # Increment major version before publishing
--minor # Increment minor version before publishing
--patch # Increment patch version before publishing
--no-git-tag-version # Don't create git tag for version
--no-commit-hooks # Don't run git commit hooksUsage Examples:
# Basic publish (uses version from package.json)
yarn publish
# Publish with tag
yarn publish --tag beta
yarn publish --tag next
# Publish as public package (for scoped packages)
yarn publish --access public
# Publish to specific registry
yarn publish --registry https://npm.company.com
# Increment version and publish
yarn publish --patch # 1.0.0 -> 1.0.1
yarn publish --minor # 1.0.0 -> 1.1.0
yarn publish --major # 1.0.0 -> 2.0.0
# Publish specific version
yarn publish --new-version 1.2.3
# Publish tarball
yarn pack
yarn publish package.tgzPublishing Process:
- Runs
prepublishOnlyscript - Creates package tarball
- Uploads to registry
- Runs
postpublishscript - Optionally creates git tag
Package Access Management
Manage who can access and modify packages.
yarn access public <package> # Make package public
yarn access restricted <package> # Make package restricted (private)
yarn access grant <permissions> <scope:team> <package> # Grant access
yarn access revoke <permissions> <scope:team> <package> # Revoke access
yarn access list packages [scope] # List packages user can access
yarn access list collaborators <package> # List package collaborators
yarn access edit <package> # Edit package access (opens editor)
# Permissions:
# read-only - Can download and install
# read-write - Can download, install, and publishUsage Examples:
# Make scoped package public
yarn access public @mycompany/my-package
# Make package private
yarn access restricted my-package
# Grant read-only access to team
yarn access grant read-only @mycompany:developers @mycompany/my-package
# Grant read-write access to team
yarn access grant read-write @mycompany:maintainers @mycompany/my-package
# Revoke access from team
yarn access revoke read-write @mycompany:developers @mycompany/my-package
# List packages I can access
yarn access list packages
# List packages for specific scope
yarn access list packages @mycompany
# List who has access to package
yarn access list collaborators @mycompany/my-packagePackage Ownership
Manage package ownership and maintainers.
yarn owner add <user> <package> # Add user as owner
yarn owner remove <user> <package> # Remove user as owner
yarn owner list <package> # List package ownersUsage Examples:
# Add owner to package
yarn owner add john-doe my-package
yarn owner add jane-smith @mycompany/my-package
# Remove owner from package
yarn owner remove former-employee my-package
# List current owners
yarn owner list my-package
yarn owner list @mycompany/my-packageOwner Permissions:
- Publish new versions
- Add/remove other owners
- Manage package access
- Deprecate package versions
- Transfer package ownership
Package Tags
Manage package version tags for different release channels.
yarn tag add <package>@<version> <tag> # Add tag to version
yarn tag remove <package> <tag> # Remove tag
yarn tag list <package> # List all tags for packageUsage Examples:
# Add tag to specific version
yarn tag add my-package@1.2.0 beta
yarn tag add my-package@2.0.0-rc.1 next
# Remove tag
yarn tag remove my-package beta
yarn tag remove my-package next
# List all tags
yarn tag list my-package
# Common tag patterns
yarn tag add my-package@1.0.1 latest # Stable release
yarn tag add my-package@1.1.0-beta.1 beta # Beta release
yarn tag add my-package@2.0.0-alpha.1 alpha # Alpha release
yarn tag add my-package@1.0.2 lts # Long-term supportInstalling Tagged Versions:
# Install specific tag
yarn add my-package@beta
yarn add my-package@next
yarn add my-package@lts
# Default tag is "latest"
yarn add my-package # Same as my-package@latestTeam Management
Manage organization teams and permissions (npm Organizations feature).
yarn team create <scope:team> # Create team
yarn team destroy <scope:team> # Delete team
yarn team add <scope:team> <user> # Add user to team
yarn team remove <scope:team> <user> # Remove user from team
yarn team list <scope> # List teams in scope
yarn team list <scope:team> # List users in teamUsage Examples:
# Create team
yarn team create @mycompany:developers
yarn team create @mycompany:admins
# Add users to team
yarn team add @mycompany:developers john-doe
yarn team add @mycompany:developers jane-smith
# Remove user from team
yarn team remove @mycompany:developers former-employee
# List all teams in organization
yarn team list @mycompany
# List users in specific team
yarn team list @mycompany:developers
# Delete team
yarn team destroy @mycompany:old-teamTeam Integration with Access Control:
# Grant access to team
yarn access grant read-only @mycompany:developers @mycompany/my-package
yarn access grant read-write @mycompany:maintainers @mycompany/my-package
# Revoke access from team
yarn access revoke read-write @mycompany:developers @mycompany/my-packageRegistry Configuration
Default Registry
# Set default registry
yarn config set registry https://registry.npmjs.org
# Use company registry
yarn config set registry https://npm.company.com
# Check current registry
yarn config get registryScoped Registries
# Set registry for specific scope
yarn config set @mycompany:registry https://npm.company.com
# Set authentication for scoped registry
yarn config set //npm.company.com/:_authToken ${NPM_TOKEN}
# Install from scoped registry
yarn add @mycompany/internal-packageAuthentication Tokens
# Set authentication token
yarn config set //registry.npmjs.org/:_authToken ${NPM_TOKEN}
# Set token for specific registry
yarn config set //npm.company.com/:_authToken ${COMPANY_NPM_TOKEN}
# Use .npmrc file for project-specific config
echo "//npm.company.com/:_authToken=${NPM_TOKEN}" >> .npmrcPublishing Workflows
Pre-publish Preparation
{
"scripts": {
"prepublishOnly": "yarn test && yarn build",
"postpublish": "echo 'Published successfully!'"
},
"files": [
"dist/",
"lib/",
"README.md",
"package.json"
]
}Version Management
# Semantic versioning workflow
yarn version --patch # Bug fixes: 1.0.0 -> 1.0.1
yarn version --minor # New features: 1.0.0 -> 1.1.0
yarn version --major # Breaking changes: 1.0.0 -> 2.0.0
# Pre-release versions
yarn version --prerelease # 1.0.0 -> 1.0.1-0
yarn version --prerelease --preid=alpha # 1.0.0 -> 1.0.1-alpha.0
yarn version --prerelease --preid=beta # 1.0.0 -> 1.0.1-beta.0
yarn version --prerelease --preid=rc # 1.0.0 -> 1.0.1-rc.0
# Specific version
yarn version --new-version 2.1.0CI/CD Publishing
# Automated publishing in CI
if [ "$BRANCH" = "main" ]; then
yarn publish --tag latest
elif [ "$BRANCH" = "develop" ]; then
yarn publish --tag beta
fi
# Publishing with 2FA in CI (using npm)
echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc
npm publish --tag latest
# Security: Clean up token after publishing
rm .npmrcMonorepo Publishing
# Publish all workspace packages
yarn workspaces foreach --no-private publish
# Publish specific workspace
yarn workspace @company/package-a publish --tag latest
# Version and publish all packages
yarn workspaces foreach version patch
yarn workspaces foreach --no-private publishInstall with Tessl CLI
npx tessl i tessl/npm-yarn