Yarn essentials
Hari Kotha
Posted on April 10, 2023
Yarn essentials
Intro
Yarn is a JavaScript package manager used to install/download libraries from npm repository
yarn install
yarn install is used to download libraries those are listed under dependencies object in your package.json
file.
How yarn installs the packages
When yarn install is executed, Yarn will fetch the package from the registry which is an npm public repository which contain all the JavaScript libraries contributed by various developers all over the world.
Yarn will download all the files related to that package and install it in your project's node_modules
folder. It will also update your package.json
file to include the new package as a dependency. yarn.lock file will also get updated with latest dependency tree. Yarn will make sure to install the package's dependencies if they are not already installed in node_modules.
yarn config get registry
// https://registry.yarnpkg.com
Any package installation will direct this 👆 registry url. This will again gets directed to npm’s registry registry.npmjs.org
.
Installing scoped private packages
So, Installing packages that are already present in the yarn/npm registry is straight forward. But many a times, while working on a big enterprise applications, we tend to have few libraries which are private to that organisation.
Such libraries are hosted and managed using GitHub package registry - https://npm.pkg.github.com
. So to install any private or scoped(@org-name) packages, we will have to point our yarn to this registry.
Also for security reasons, we will have to authenticate with GitHub to verify that we have read/install permissions. We will have to provide auth token (access token) with read/install packages scopes/permissions while installing these packages.
This can be done in 2 ways
1️⃣ Using —registry flag while installing a private library
// update github personal access token
yarn config set npmAuthToken YOUR_GITHUB_PAT --scope=@org-name
// provide github registry
yarn add @org-name/private-package --registry=https://npm.pkg.github.com
// eg: yarn add @twitter/twitter-ui -- registry=https://npm.pkg.github.com
As per example above, this will inform yarn to search and install the twitter-ui
package from twitter’s github registry.
2️⃣ Use .npmrc
file to add the additional configurations
.npmrc
//npm.pkg.github.com/:_authToken=YOUR_GITHUB_TOKEN_1
@org1:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=YOUR_GITHUB_TOKEN_2
@org2:registry=https://npm.pkg.github.com
Add this at the root of your project where package.json is present. When yarn install/yarn add is executed, yarn will point to those specific repos while installing private/scoped libraries.
//npm.pkg.github.com/org1/:_authToken=YOUR_GITHUB_TOKEN_1
We can also provide authToken specific to scoped repository like this 👆
Other Commands
yarn add
yarn add is used to install a specific library to your project
yarn add lodash
This will install latest version of lodash and add the files to your node_modules and create an entry under dependencies in package.json and updates yarn.lock file
yarn remove
yarn remove will deletes the files of a specific library from the node_modules folder and removes the entry in package.json and updates yarn.lock as well
yarn remove lodash
yarn cache clean
yarn caches the packages that we install into a .cache directory. we can find it in linux at .cache/yarn/v6
To fetch the latest files of the version that is being cached, we will have to clean the cache first.
Use ls | grep package-name
command to check for the cached version of any package or use yarn cache list --pattern "gulp|grunt"
Use yarn cache clean package-name to delete the cached version of any package or use yarn cache clean to delete entire global cache.
yarn config list
yarn config list displays the current configuration of yarn which contain details about registry, any auth tokens for scoped GitHub repos
yarn config set
yarn config set init-license MIT
This command sets the init-license key to ‘MIT’
Cheers!
Posted on April 10, 2023
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.