Automic VaultAutomic Vault

brew

Install lerna with Homebrew, Nix

Tool for managing JavaScript projects with multiple packages. Version 9.0.7 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install lerna

local Homebrew formula metadata

overview

Package summary

Tool for managing JavaScript projects with multiple packages

Commands and aliases

  • lerna

history

Project history and usage

Lerna is the original JavaScript and TypeScript monorepo tool, best known for coordinating package versioning and publishing across repositories containing many npm packages.

Project history

The Lerna documentation says the tool was created in the 2015/2016 era, before npm, Yarn, and pnpm had mature built-in workspace support. Early Lerna commands such as bootstrap, add, and link filled a gap by installing external dependencies and linking local packages inside a multi-package repository.

As package managers added first-class workspace support, Lerna's role narrowed. The project documentation explains that v7.0.0 removed bootstrap, add, and link by default in June 2023, and v9.0.0 fully removed those commands in September 2025 after more than two years of deprecation.

Adoption history

Lerna's own introduction describes it as used by tens of thousands of projects, including React and Jest. Its adoption grew with the npm-package monorepo pattern, where maintainers needed to publish multiple related packages with coordinated or independent versions.

In May 2022, Nrwl, the company behind Nx, announced that it was taking over stewardship of Lerna. That transition tied Lerna's later development to Nx's task-running and project-graph machinery while keeping Lerna's familiar versioning and publishing workflow.

How it is used

Typical use starts with a repository-level lerna.json and package.json workspace configuration. Lerna can run tasks across packages, detect changed packages, bump versions, create git tags, and publish selected packages to npm.

Modern Lerna expects package managers to handle dependency installation and local linking. Lerna's maintained value is concentrated in monorepo orchestration, project graph integration, versioning, and publishing.

Why package nerds care

Lerna is historically important because it made npm monorepos practical before workspaces became boring. Package maintainers cared because it encoded the release problem: many packages, linked locally, published separately, with changelogs and git tags that had to stay coherent.

Timeline

  • 2015/2016: Lerna was created for JavaScript monorepos before package-manager workspaces were built in.
  • 2022: Nrwl announced it was taking over stewardship of Lerna.
  • 2023: Lerna v7.0.0 removed bootstrap, add, and link by default.
  • 2025: Lerna v9.0.0 fully removed the legacy package-management commands.

Related projects

  • Nx is the stewardship and build-system project closely associated with modern Lerna.
  • npm, Yarn, and pnpm workspaces replaced Lerna's legacy package-linking commands.
  • React and Jest are examples named by Lerna as projects that used it.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 1 runtime dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
lerna.jsonnx.jsonpackage.json

executables

Installed executables

CommandKindExposureNote
lernacliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version9.0.7
manager updated
local dataok
upstreamnot checked
latest detectednot detected

https://lerna.js.org

  • infoNo package-manager update timestamp was available.low confidence
  • infoRelease/tag comparison is only available for GitHub repositories.https://lerna.js.orgnone confidence

install metadata

Package metadata

Package keybrew:lerna
Version9.0.7
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/lerna
Homepagehttps://lerna.js.org
Repositoryhttps://github.com/lerna/lerna
Upstream docshttps://lerna.js.org/docs/features
LicenseMIT
Source archivehttps://registry.npmjs.org/lerna/-/lerna-9.0.7.tgz
Dependenciesnode
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namelerna
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

lerna

nix profile install nixpkgs#lerna
  • normalized package name match
  • Matched by: Lerna
nixpkgs package indexes · raw.githubusercontent.com · nixpkgs package indexes: lerna from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment