# Install yarn with Homebrew, apk, chocolatey, MacPorts, Nix, pacman, scoop, winget, zypper, apt, dnf

JavaScript package manager. Version 1.22.22 via Homebrew; verified 2026-07-04.

## Install

```sh
sudo av install brew:yarn
```

## Agent safety answer

yarn manages JavaScript dependencies and package scripts with registry access.

- **Credential access:** Reads npm/yarn registry tokens, environment variables, and package scripts.
- **Remote mutation:** Can install packages and run scripts that modify remote systems.
- **Publish/artifact risk:** Can publish packages and build release artifacts.
- **Recommended control:** Gate publish, install scripts, and credentialed registry operations.
- **Agent-use guidance:** Allow local test/build after scan; require approval for publish and lifecycle scripts.

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install yarn
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install yarn
```

  Evidence: MacPorts ports tree: devel/yarn/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- apk (92%):

```sh
sudo apk add yarn
```

  Evidence: Alpine Linux edge package indexes: yarn from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz

- Nix (92%):

```sh
nix profile install nixpkgs#yarn
```

  Evidence: nixpkgs package indexes: pkgs/by-name/ya/yarn/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- pacman (92%):

```sh
sudo pacman -S yarn
```

  Evidence: Arch Linux sync databases: yarn from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

- zypper (92%):

```sh
sudo zypper install yarn
```

  Evidence: openSUSE Tumbleweed package metadata: yarn from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

- Debian apt (92%):

```sh
sudo apt install yarnpkg
```

  Evidence: Debian stable package indexes: yarnpkg from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- dnf (92%):

```sh
sudo dnf install yarnpkg
```

  Evidence: Fedora Rawhide package metadata: yarnpkg from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

### Windows

- Chocolatey (92%):

```sh
choco install yarn
```

  Evidence: Chocolatey community package catalog: yarn from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='11','wiztree'

- Scoop (92%):

```sh
scoop install main/yarn
```

  Evidence: Scoop official bucket manifest trees: bucket/yarn.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

- winget (92%):

```sh
winget install --id Yarn.Yarn -e
```

  Evidence: Windows Package Manager source index: Yarn.Yarn from https://cdn.winget.microsoft.com/cache/source.msix

## Package facts

- **Package key:** brew:yarn
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/yarn>
- **Version:** 1.22.22
- **Source summary:** JavaScript package manager
- **Homepage:** <https://yarnpkg.com/>
- **Repository:** <https://github.com/yarnpkg/yarn>
- **Upstream docs:** <https://classic.yarnpkg.com/en/docs>
- **License:** BSD-2-Clause
- **Source archive:** <https://github.com/yarnpkg/yarn/releases/download/v1.22.22/yarn-v1.22.22.tar.gz>
- **Last updated:** 2026-07-04T13:13:45+09:00
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- yarn (cli)
- yarnpkg (cli)
- yarn (alias)
- yarnpkg (alias)

## Install behavior

- Post-install hook: not defined
- Caveats: yarn requires a Node installation to function. You can install one with: brew install node
- Bottle: available on all

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.22.22
- Package-manager updated: 2026-07-04
- Local data: ok
- Upstream repository: https://github.com/yarnpkg/yarn
- info: No cached GitHub release or tag data was available.
## Project history and usage

Yarn is a JavaScript package manager created to make npm-registry installs faster, more reliable, and more reproducible. The Homebrew `yarn` package points at the classic 1.x line, but the project history continues through Yarn Berry and modern Yarn releases.

### Project history

Yarn was open-sourced on 2016-10-11 as a collaboration between Facebook, Exponent, Google, and Tilde. The launch post emphasized continued access to the npm registry while improving speed, consistency across machines, and secure offline operation.

The 1.x line established the features that made Yarn famous: a lockfile, deterministic installs, a global cache, offline mode, checksums, concurrency, and workspace-oriented workflows. The classic repository README now says the 1.x codebase is frozen except for historical upkeep and occasional hotfixes.

Modern Yarn moved to the yarnpkg/berry repository, created in 2018. Yarn 2.0 shipped on 2020-01-24 after a year of intensive development, bringing a TypeScript codebase, plugin architecture, Plug'n'Play, workspace-aware commands, a YAML lockfile/config model, and a different release and migration story from classic Yarn. Yarn 4.0 followed in 2023 after a long release-candidate cycle focused on reducing migration pain and improving user experience.

### Adoption history

Yarn's adoption was fast because it solved immediate pain in large JavaScript dependency trees: slow installs, non-determinism, network fragility, and inconsistent environments. It did not replace the npm registry; it competed at the client and workflow layer while consuming the same package ecosystem.

Classic Yarn became common in CI systems, monorepos, front-end applications, and open-source JavaScript projects. Later Yarn adoption split into two cultures: projects staying on stable 1.22.x for node_modules compatibility and projects moving to Berry for Plug'n'Play, constraints, plugins, workspaces, and zero-install workflows.

### How it is used

Typical classic workflows are `yarn install`, `yarn add`, `yarn remove`, `yarn upgrade`, and `yarn run`, with `yarn.lock` committed so dependency resolution is reproducible. Workspaces let monorepos manage multiple packages in a single install graph.

Modern Yarn expands that usage into project management: `yarn set version`, plugins, constraints, workspace foreach commands, patch protocols, portable script execution, and selectable install strategies including node_modules and Plug'n'Play.

### Why package nerds care

Yarn is one of the defining package-manager projects of the 2010s because it forced JavaScript tooling to treat reproducibility, lockfiles, cache behavior, and CI determinism as first-class package-manager features. Its competition with npm changed expectations for every JavaScript dependency client that followed.

For package nerds, Yarn is also a rare case where the package manager itself has two living historical identities: Yarn Classic as the widely packaged 1.x executable and Yarn Berry/Modern as the active architecture with plugins, PnP, and project-management features.

### Timeline

- 2016-01-19: yarnpkg/yarn repository is created on GitHub.
- 2016-10-11: Yarn is announced as a Facebook, Exponent, Google, and Tilde collaboration.
- 2016-10-18: GitHub release v0.16.0 is published shortly after launch.
- 2018-09-10: yarnpkg/berry repository is created for the modern Yarn line.
- 2020-01-24: Yarn 2.0 is released after 365 days of development.
- 2023-10-23: Yarn 4.0 is announced after 53 release candidates.
- 2024-03-09: Yarn Classic v1.22.22 is published.

### Related projects

- npm is the registry and original package-manager client Yarn was designed to interoperate with and improve upon.
- yarnpkg/berry is the active modern Yarn repository.
- Bundler and Cargo are named by the classic README as prior art.

### Sources

- <https://api.github.com/repos/yarnpkg/berry>
- <https://api.github.com/repos/yarnpkg/yarn>
- <https://api.github.com/repos/yarnpkg/yarn/releases?per_page=100>
- <https://classic.yarnpkg.com/blog/2016/10/11/introducing-yarn/>
- <https://github.com/yarnpkg/berry>
- <https://github.com/yarnpkg/yarn>
- <https://raw.githubusercontent.com/yarnpkg/berry/master/README.md>
- <https://raw.githubusercontent.com/yarnpkg/yarn/master/README.md>
- <https://yarnpkg.com/blog/release/2.0>
- <https://yarnpkg.com/blog/release/4.0>
- <https://yarnpkg.com/migration/overview>


## Security Notes

package manager and supply-chain mutator.

- **Geiger risk:** orange / high
- package manager and supply-chain mutator


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: .yarnrc
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** yarn
- **Version Scheme:** 0
- **Revision:** 0
- **Conflicts With:** corepack, hadoop
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## Other Package-Manager Records

- Nix - yarn: normalized package name match | nixpkgs package indexes: pkgs/by-name/ya/yarn/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- apk - yarn - 1.22.22-r1: normalized package name match | Alpine Linux edge package indexes: yarn from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz | Fast, reliable, and secure dependency management for Node.js | https://classic.yarnpkg.com/
- pacman - yarn - 1.22.22-2: normalized package name match | Arch Linux sync databases: yarn from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | Fast, reliable, and secure dependency management | https://classic.yarnpkg.com/
- zypper - yarn - 1.22.22-1.4: normalized package name match | openSUSE Tumbleweed package metadata: yarn from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | 📦🐈 Fast, reliable, and secure dependency management | https://github.com/yarnpkg/yarn/releases
- MacPorts - yarn: normalized package name match | MacPorts ports tree: devel/yarn/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
- Chocolatey - yarn: normalized package name match | Chocolatey community package catalog: yarn from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='11','wiztree'
- Scoop - main/yarn: normalized package name match | Scoop official bucket manifest trees: bucket/yarn.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1
- winget - Yarn.Yarn: normalized package name match | Windows Package Manager source index: Yarn.Yarn from https://cdn.winget.microsoft.com/cache/source.msix
- Debian apt - yarnpkg - 4.1.0+dfsg-1: installed executable or alias match | Debian stable package indexes: yarnpkg from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Fast, reliable, and secure dependency management | https://github.com/yarnpkg/berry
- Ubuntu apt - yarnpkg - 1.22.19+~cs24.27.18-4: installed executable or alias match | Ubuntu 24.04 LTS package indexes: yarnpkg from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | Fast, reliable and secure npm alternative | https://github.com/yarnpkg/yarn
- dnf - yarnpkg - 1.22.22-18.fc45: installed executable or alias match | Fedora Rawhide package metadata: yarnpkg from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | Fast, reliable, and secure dependency management. | https://github.com/yarnpkg/yarn


## Related links

- [Package publisher tools](https://www.automicvault.com/pkg/package-publishers/) - Belongs to a package publishing or registry command family.
- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Text processing packages](https://www.automicvault.com/pkg/text-processing-tools/) - Matched text, document, or structured-data processing metadata.
- [pnpm](https://www.automicvault.com/pkg/brew/pnpm/) - Shares av.db curated category or tags: cli, dependencies, developer-tools, javascript, nodejs.
- [fpm](https://www.automicvault.com/pkg/brew/fpm/) - Shares av.db curated category or tags: cli, developer-tools, package-manager, package-managers.
- [opam](https://www.automicvault.com/pkg/brew/opam/) - Shares av.db curated category or tags: cli, developer-tools, package-manager, package-managers.
- [bower](https://www.automicvault.com/pkg/brew/bower/) - Shares av.db curated category or tags: cli, developer-tools, javascript, package-manager.
- [chalk-cli](https://www.automicvault.com/pkg/brew/chalk-cli/) - Shares av.db curated category or tags: cli, developer-tools, javascript, nodejs.
- [corepack](https://www.automicvault.com/pkg/brew/corepack/) - Shares av.db curated category or tags: cli, developer-tools, javascript, nodejs, package-manager.
- [fnm](https://www.automicvault.com/pkg/brew/fnm/) - Shares av.db curated category or tags: cli, developer-tools, javascript, nodejs.
- [grunt-cli](https://www.automicvault.com/pkg/brew/grunt-cli/) - Shares av.db curated category or tags: cli, developer-tools, javascript, nodejs.
- [yarn](https://www.automicvault.com/pkg/npm/yarn/) - Same normalized package name appears in another local ecosystem. Shared terms: cli, dependencies, developer, developer-tools, manager.
- [corepack](https://www.automicvault.com/pkg/npm/corepack/) - Executable or command metadata overlaps with this package. Shared terms: cli, developer, developer-tools, managers, package-managers.
- [yarn](https://www.automicvault.com/pkg/npm/yarn/) - Same normalized package name in another local ecosystem.

## Combined YAML source

View the package source record on GitHub. [combined/yarn.yml](https://github.com/automic-vault/db/blob/main/combined/yarn.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
- curated agent safety answer
