Automic VaultAutomic Vault

brew

yarn mit Homebrew, apk, chocolatey, MacPorts, Nix, pacman, zypper, scoop, winget, apt, dnf installieren

Prüfe Installationswege, Executables, Metadaten und Sicherheitshinweise für yarn in AI-Agent-Workflows.

Agent-Sicherheit

Antwort zur Agent-Sicherheit

yarn manages JavaScript dependencies and package scripts with registry access.

Credential-Zugriff

Reads npm/yarn registry tokens, environment variables, and package scripts.

Änderungen an Remote-Zustand

Can install packages and run scripts that modify remote systems.

Publish-/Artefakt-Risiko

Can publish packages and build release artifacts.

Empfohlene Kontrolle

Gate publish, install scripts, and credentialed registry operations.

Hinweise für Agent-Nutzung

Allow local test/build after scan; require approval for publish and lifecycle scripts.

Installation

Weitere Installationsbefehle

macOS

Homebrewverifiziert · 100%
brew install yarn

local Homebrew formula metadata

MacPortsverifiziert · 94%
sudo port install yarn

MacPorts ports tree · devel/yarn/Portfile · Quelle: api.github.com

Linux

Alpine Linux apkverifiziert · 92%
sudo apk add yarn

Alpine Linux edge package indexes · yarn · Quelle: dl-cdn.alpinelinux.org

Nixverifiziert · 92%
nix profile install nixpkgs#yarn

nixpkgs package indexes · pkgs/by-name/ya/yarn/package.nix · Quelle: api.github.com

Arch Linux pacmanverifiziert · 92%
sudo pacman -S yarn

Arch Linux sync databases · yarn · Quelle: geo.mirror.pkgbuild.com

openSUSE zypperverifiziert · 92%
sudo zypper install yarn

openSUSE Tumbleweed package metadata · yarn · Quelle: download.opensuse.org

Debian aptverifiziert · 92%
sudo apt install yarnpkg

Debian stable package indexes · yarnpkg · Quelle: deb.debian.org

Fedora dnfverifiziert · 92%
sudo dnf install yarnpkg

Fedora Rawhide package metadata · yarnpkg · Quelle: dl.fedoraproject.org

Windows

Chocolateyverifiziert · 92%
choco install yarn

Chocolatey community package catalog · yarn · Quelle: community.chocolatey.org

Scoopverifiziert · 92%
scoop install main/yarn

Scoop official bucket manifest trees · bucket/yarn.json · Quelle: api.github.com

Windows Package Managerverifiziert · 92%
winget install --id Yarn.Yarn -e

Windows Package Manager source index · Yarn.Yarn · Quelle: cdn.winget.microsoft.com

Überblick

Paketzusammenfassung

JavaScript package manager

Befehle und Aliase

  • yarn
  • yarnpkg

Verlauf

Projektgeschichte und Nutzung

Yarn is a JavaScript package manager created to make npm-registry installs faster, more reliable, and more reproducible. The Homebrew `yarn` package points at the classic 1.x line, but the project history continues through Yarn Berry and modern Yarn releases.

Projektgeschichte

Yarn was open-sourced on 2016-10-11 as a collaboration between Facebook, Exponent, Google, and Tilde. The launch post emphasized continued access to the npm registry while improving speed, consistency across machines, and secure offline operation.

The 1.x line established the features that made Yarn famous: a lockfile, deterministic installs, a global cache, offline mode, checksums, concurrency, and workspace-oriented workflows. The classic repository README now says the 1.x codebase is frozen except for historical upkeep and occasional hotfixes.

Modern Yarn moved to the yarnpkg/berry repository, created in 2018. Yarn 2.0 shipped on 2020-01-24 after a year of intensive development, bringing a TypeScript codebase, plugin architecture, Plug'n'Play, workspace-aware commands, a YAML lockfile/config model, and a different release and migration story from classic Yarn. Yarn 4.0 followed in 2023 after a long release-candidate cycle focused on reducing migration pain and improving user experience.

Adoptionsgeschichte

Yarn's adoption was fast because it solved immediate pain in large JavaScript dependency trees: slow installs, non-determinism, network fragility, and inconsistent environments. It did not replace the npm registry; it competed at the client and workflow layer while consuming the same package ecosystem.

Classic Yarn became common in CI systems, monorepos, front-end applications, and open-source JavaScript projects. Later Yarn adoption split into two cultures: projects staying on stable 1.22.x for node_modules compatibility and projects moving to Berry for Plug'n'Play, constraints, plugins, workspaces, and zero-install workflows.

Wie es verwendet wird

Typical classic workflows are `yarn install`, `yarn add`, `yarn remove`, `yarn upgrade`, and `yarn run`, with `yarn.lock` committed so dependency resolution is reproducible. Workspaces let monorepos manage multiple packages in a single install graph.

Modern Yarn expands that usage into project management: `yarn set version`, plugins, constraints, workspace foreach commands, patch protocols, portable script execution, and selectable install strategies including node_modules and Plug'n'Play.

Warum Paket-Nerds sich dafür interessieren

Yarn is one of the defining package-manager projects of the 2010s because it forced JavaScript tooling to treat reproducibility, lockfiles, cache behavior, and CI determinism as first-class package-manager features. Its competition with npm changed expectations for every JavaScript dependency client that followed.

For package nerds, Yarn is also a rare case where the package manager itself has two living historical identities: Yarn Classic as the widely packaged 1.x executable and Yarn Berry/Modern as the active architecture with plugins, PnP, and project-management features.

Zeitleiste

  • 2016-01-19: yarnpkg/yarn repository is created on GitHub.
  • 2016-10-11: Yarn is announced as a Facebook, Exponent, Google, and Tilde collaboration.
  • 2016-10-18: GitHub release v0.16.0 is published shortly after launch.
  • 2018-09-10: yarnpkg/berry repository is created for the modern Yarn line.
  • 2020-01-24: Yarn 2.0 is released after 365 days of development.
  • 2023-10-23: Yarn 4.0 is announced after 53 release candidates.
  • 2024-03-09: Yarn Classic v1.22.22 is published.

Related projects

  • npm is the registry and original package-manager client Yarn was designed to interoperate with and improve upon.
  • yarnpkg/berry is the active modern Yarn repository.
  • Bundler and Cargo are named by the classic README as prior art.

Quellen

Sicherheitslage

Risikostufe: orange

package manager and supply-chain mutator.

Risikoklassifikator

orange Risiko · hoch Konfidenz · infrastructure

Warum

  • package manager and supply-chain mutator

Signale

  • override:yarn

Installationsverhalten

  • In den Formelmetadaten ist kein Homebrew-Post-install-Hook erfasst.
  • Homebrew-Bottle-Metadaten sind für 1 Plattformziele verfügbar.

Empfohlene Prüfung

Prüfe vor unbeaufsichtigter Agent-Nutzung, ob das Tool Klartext-Credentials liest, Remote-Zustand schreibt, Artefakte veröffentlicht oder Plugins ausführt.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
.yarnrc

Executables

Installierte Executables

BefehlArtSichtbarkeitHinweis
yarncliglobales Executable
yarnpkgcliglobales Executable

Aktualität

Version und Aktualität

Diese Signale trennen das Alter der Seitengenerierung, Aktivität des Paketmanagers und Upstream-Release-Vergleich. Versionsrückstand wird nur gemeldet, wenn eine Evidenz-URL und vergleichbare Versionen vorhanden sind.

Seite generiert2026-07-10
Manager-Version1.22.22
Manager aktualisiert2026-07-04
lokale DatenOK
Upstreamnot checked
neueste erkannte Versionnicht erkannt

https://github.com/yarnpkg/yarn

Installationsmetadaten

Paketmetadaten

Paketschlüsselbrew:yarn
Version1.22.22
PaketmanagerHomebrew
Paketmanager-Seitehttps://formulae.brew.sh/formula/yarn
Homepagehttps://yarnpkg.com/
Repositoryhttps://github.com/yarnpkg/yarn
Upstream-Dokumentationhttps://classic.yarnpkg.com/en/docs
LizenzBSD-2-Clause
Quellarchivhttps://github.com/yarnpkg/yarn/releases/download/v1.22.22/yarn-v1.22.22.tar.gz
Zuletzt aktualisiert2026-07-04T13:13:45+09:00
Pulseupdated
Bottleverfügbar (auf all)
Homebrew post-installnicht definiert
Dienstkeiner deklariert
Einschränkungenyarn requires a Node installation to function. You can install one with: brew install node

Registry-Fakten

Details aus der Quelldatenbank

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nameyarn
Version Scheme0
Revision0
Conflicts With
  • corepack
  • hadoop
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

Source-Datenbank-Treffer

Andere Paketmanager-Einträge

Treffer stammen aus externen Paketmanager-Indizes und bleiben von lokalen Automic-Vault-Paketlinks getrennt.

Nix95%

yarn

nix profile install nixpkgs#yarn
  • normalized package name match
  • Abgeglichen nach: Yarn
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/ya/yarn/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
apk95%

yarn 1.22.22-r1

Fast, reliable, and secure dependency management for Node.js

https://classic.yarnpkg.com/

sudo apk add yarn
  • License: BSD-2-Clause
  • Architecture: x86_64
  • Source Package: yarn
  • 1 Abhängigkeiten
  • 1 stellt bereit
  • normalized package name match
  • Abgeglichen nach: Yarn
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: yarn from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
pacman95%

yarn 1.22.22-2

Fast, reliable, and secure dependency management

https://classic.yarnpkg.com/

sudo pacman -S yarn
  • License: BSD-2-Clause
  • Architecture: any
  • 1 Abhängigkeiten
  • normalized package name match
  • Abgeglichen nach: Yarn
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: yarn from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
zypper95%

yarn 1.22.22-1.4

📦🐈 Fast, reliable, and secure dependency management

https://github.com/yarnpkg/yarn/releases

sudo zypper install yarn
  • License: BSD-2-Clause
  • Category: Unspecified
  • Architecture: noarch
  • Source Package: yarn
  • 4 Abhängigkeiten
  • 1 stellt bereit
  • normalized package name match
  • Abgeglichen nach: Yarn
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: yarn from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
MacPorts95%

yarn

sudo port install yarn
  • normalized package name match
  • Abgeglichen nach: Yarn
MacPorts ports tree · api.github.com · MacPorts ports tree: devel/yarn/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
Chocolatey95%

yarn

choco install yarn
  • normalized package name match
  • Abgeglichen nach: Yarn
Chocolatey community package catalog · community.chocolatey.org · Chocolatey community package catalog: yarn from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='11','wiztree'
Scoop95%

main/yarn

scoop install main/yarn
  • normalized package name match
  • Abgeglichen nach: Yarn
Scoop official bucket manifest trees · api.github.com · Scoop official bucket manifest trees: bucket/yarn.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1
winget95%

Yarn.Yarn

winget install --id Yarn.Yarn -e
  • normalized package name match
  • Abgeglichen nach: Yarn
Windows Package Manager source index · cdn.winget.microsoft.com · Windows Package Manager source index: Yarn.Yarn from https://cdn.winget.microsoft.com/cache/source.msix
Debian apt92%

yarnpkg 4.1.0+dfsg-1

Fast, reliable, and secure dependency management

https://github.com/yarnpkg/berry

sudo apt install yarnpkg
  • Section: javascript
  • Architecture: all
  • Source Package: node-yarnpkg
  • 32 Abhängigkeiten
  • 32 stellt bereit
  • installed executable or alias match
  • Abgeglichen nach: Yarnpkg
Debian stable package indexes · deb.debian.org · Debian stable package indexes: yarnpkg from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Ubuntu apt92%

yarnpkg 1.22.19+~cs24.27.18-4

Fast, reliable and secure npm alternative

https://github.com/yarnpkg/yarn

sudo apt install yarnpkg
  • Section: universe/javascript
  • Architecture: all
  • Source Package: node-yarnpkg
  • 32 Abhängigkeiten
  • 1 stellt bereit
  • installed executable or alias match
  • Abgeglichen nach: Yarnpkg
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: yarnpkg from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
dnf92%

yarnpkg 1.22.22-18.fc45

Fast, reliable, and secure dependency management.

https://github.com/yarnpkg/yarn

sudo dnf install yarnpkg
  • License: BSD-2-Clause
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: yarnpkg
  • 4 Abhängigkeiten
  • 3 stellt bereit
  • installed executable or alias match
  • Abgeglichen nach: Yarnpkg
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: yarnpkg from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

Quellspur

Aus Repository-Daten generiert

Diese Seite wird von av-web aus dem privaten Paket-SQLite-Artefakt bereitgestellt, das scripts/generate-pkg-sqlite.py erstellt.

Verwendete Quellen

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated agent safety answer
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment