Accès aux identifiants
Reads npm/yarn registry tokens, environment variables, and package scripts.
brew
Consultez les chemins d'installation, exécutables, métadonnées et notes de sécurité de yarn pour les workflows d'agents IA.
sécurité des agents
yarn manages JavaScript dependencies and package scripts with registry access.
Reads npm/yarn registry tokens, environment variables, and package scripts.
Can install packages and run scripts that modify remote systems.
Can publish packages and build release artifacts.
Gate publish, install scripts, and credentialed registry operations.
Allow local test/build after scan; require approval for publish and lifecycle scripts.
installation
brew install yarnlocal Homebrew formula metadata
sudo port install yarnMacPorts ports tree · devel/yarn/Portfile · Source: api.github.com
sudo apk add yarnAlpine Linux edge package indexes · yarn · Source: dl-cdn.alpinelinux.org
nix profile install nixpkgs#yarnnixpkgs package indexes · pkgs/by-name/ya/yarn/package.nix · Source: api.github.com
sudo pacman -S yarnArch Linux sync databases · yarn · Source: geo.mirror.pkgbuild.com
sudo zypper install yarnopenSUSE Tumbleweed package metadata · yarn · Source: download.opensuse.org
sudo apt install yarnpkgDebian stable package indexes · yarnpkg · Source: deb.debian.org
sudo dnf install yarnpkgFedora Rawhide package metadata · yarnpkg · Source: dl.fedoraproject.org
choco install yarnChocolatey community package catalog · yarn · Source: community.chocolatey.org
scoop install main/yarnScoop official bucket manifest trees · bucket/yarn.json · Source: api.github.com
winget install --id Yarn.Yarn -eWindows Package Manager source index · Yarn.Yarn · Source: cdn.winget.microsoft.com
aperçu
JavaScript package manager
historique
Yarn is a JavaScript package manager created to make npm-registry installs faster, more reliable, and more reproducible. The Homebrew `yarn` package points at the classic 1.x line, but the project history continues through Yarn Berry and modern Yarn releases.
Yarn was open-sourced on 2016-10-11 as a collaboration between Facebook, Exponent, Google, and Tilde. The launch post emphasized continued access to the npm registry while improving speed, consistency across machines, and secure offline operation.
The 1.x line established the features that made Yarn famous: a lockfile, deterministic installs, a global cache, offline mode, checksums, concurrency, and workspace-oriented workflows. The classic repository README now says the 1.x codebase is frozen except for historical upkeep and occasional hotfixes.
Modern Yarn moved to the yarnpkg/berry repository, created in 2018. Yarn 2.0 shipped on 2020-01-24 after a year of intensive development, bringing a TypeScript codebase, plugin architecture, Plug'n'Play, workspace-aware commands, a YAML lockfile/config model, and a different release and migration story from classic Yarn. Yarn 4.0 followed in 2023 after a long release-candidate cycle focused on reducing migration pain and improving user experience.
Yarn's adoption was fast because it solved immediate pain in large JavaScript dependency trees: slow installs, non-determinism, network fragility, and inconsistent environments. It did not replace the npm registry; it competed at the client and workflow layer while consuming the same package ecosystem.
Classic Yarn became common in CI systems, monorepos, front-end applications, and open-source JavaScript projects. Later Yarn adoption split into two cultures: projects staying on stable 1.22.x for node_modules compatibility and projects moving to Berry for Plug'n'Play, constraints, plugins, workspaces, and zero-install workflows.
Typical classic workflows are `yarn install`, `yarn add`, `yarn remove`, `yarn upgrade`, and `yarn run`, with `yarn.lock` committed so dependency resolution is reproducible. Workspaces let monorepos manage multiple packages in a single install graph.
Modern Yarn expands that usage into project management: `yarn set version`, plugins, constraints, workspace foreach commands, patch protocols, portable script execution, and selectable install strategies including node_modules and Plug'n'Play.
Yarn is one of the defining package-manager projects of the 2010s because it forced JavaScript tooling to treat reproducibility, lockfiles, cache behavior, and CI determinism as first-class package-manager features. Its competition with npm changed expectations for every JavaScript dependency client that followed.
For package nerds, Yarn is also a rare case where the package manager itself has two living historical identities: Yarn Classic as the widely packaged 1.x executable and Yarn Berry/Modern as the active architecture with plugins, PnP, and project-management features.
posture de sécurité
package manager and supply-chain mutator.
risque orange · confiance élevé · infrastructure
Avant une utilisation sans surveillance par un agent, vérifiez si l'outil lit des identifiants en clair, écrit un état distant, publie des artefacts ou lance des plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
.yarnrcexécutables
| Commande | Type | Exposition | Note |
|---|---|---|---|
yarn | cli | exécutable global | |
yarnpkg | cli | exécutable global |
fraîcheur
Ces signaux séparent l'âge de génération de la page, l'activité du gestionnaire de paquets et la comparaison avec les versions amont. Un retard de version n'est signalé que lorsqu'une URL de preuve et des versions comparables sont présentes.
https://github.com/yarnpkg/yarn
métadonnées d'installation
| Clé du paquet | brew:yarn |
|---|---|
| Version | 1.22.22 |
| Gestionnaire de paquets | Homebrew |
| Page du gestionnaire de paquets | https://formulae.brew.sh/formula/yarn |
| Page d'accueil | https://yarnpkg.com/ |
| Dépôt | https://github.com/yarnpkg/yarn |
| Docs amont | https://classic.yarnpkg.com/en/docs |
| Licence | BSD-2-Clause |
| Archive source | https://github.com/yarnpkg/yarn/releases/download/v1.22.22/yarn-v1.22.22.tar.gz |
| Dernière mise à jour | 2026-07-04T13:13:45+09:00 |
| Pulse | updated |
| Bouteille | disponible (sur all) |
| post-install Homebrew | non défini |
| Service | aucun déclaré |
| Précautions | yarn requires a Node installation to function. You can install one with: brew install node |
faits du registre
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | yarn |
| Version Scheme | 0 |
| Revision | 0 |
| Conflicts With |
|
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
correspondances dans les bases sources
Les correspondances proviennent d’index externes de gestionnaires de paquets et restent séparées des liens de paquets Automic Vault locaux.
yarn
nix profile install nixpkgs#yarnyarn 1.22.22-r1
Fast, reliable, and secure dependency management for Node.js
sudo apk add yarnyarn 1.22.22-2
Fast, reliable, and secure dependency management
sudo pacman -S yarnyarn 1.22.22-1.4
📦🐈 Fast, reliable, and secure dependency management
https://github.com/yarnpkg/yarn/releases
sudo zypper install yarnyarn
sudo port install yarnyarn
choco install yarnmain/yarn
scoop install main/yarnYarn.Yarn
winget install --id Yarn.Yarn -eyarnpkg 4.1.0+dfsg-1
Fast, reliable, and secure dependency management
https://github.com/yarnpkg/berry
sudo apt install yarnpkgyarnpkg 1.22.19+~cs24.27.18-4
Fast, reliable and secure npm alternative
https://github.com/yarnpkg/yarn
sudo apt install yarnpkgyarnpkg 1.22.22-18.fc45
Fast, reliable, and secure dependency management.
https://github.com/yarnpkg/yarn
sudo dnf install yarnpkgpiste source
Cette page est servie par av-web depuis l'artéfact SQLite privé des paquets généré par scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.