{"id":14965837,"url":"https://github.com/splitgraph/yarn-plugin-pin-deps","last_synced_at":"2026-01-27T09:14:59.247Z","repository":{"id":114333912,"uuid":"499645107","full_name":"splitgraph/yarn-plugin-pin-deps","owner":"splitgraph","description":"Yarn plugin to pin dependencies to their currently resolved version. Available for Yarn v2 and Yarn v3","archived":false,"fork":false,"pushed_at":"2022-06-03T23:18:01.000Z","size":906,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-05T20:17:16.210Z","etag":null,"topics":["lockfile","monorepo","yarn","yarn-berry","yarn-plugin","yarn2","yarn3","yarnpkg"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/splitgraph.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-06-03T20:37:34.000Z","updated_at":"2023-07-29T08:17:15.000Z","dependencies_parsed_at":null,"dependency_job_id":"665309c2-b6fc-498d-b8b7-5d63d415cca1","html_url":"https://github.com/splitgraph/yarn-plugin-pin-deps","commit_stats":{"total_commits":5,"total_committers":1,"mean_commits":5.0,"dds":0.0,"last_synced_commit":"70004ed85decd1e97d8d453f87709b37cb2b3cec"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splitgraph%2Fyarn-plugin-pin-deps","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splitgraph%2Fyarn-plugin-pin-deps/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splitgraph%2Fyarn-plugin-pin-deps/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splitgraph%2Fyarn-plugin-pin-deps/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/splitgraph","download_url":"https://codeload.github.com/splitgraph/yarn-plugin-pin-deps/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248058964,"owners_count":21040866,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["lockfile","monorepo","yarn","yarn-berry","yarn-plugin","yarn2","yarn3","yarnpkg"],"created_at":"2024-09-24T13:35:27.299Z","updated_at":"2026-01-27T09:14:54.209Z","avatar_url":"https://github.com/splitgraph.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# `yarn pin-deps`: pin dependencies to their currently resolved exact versions\n\nThis plugin will find any dependencies referenced with a semver identifier, and\nwill update `package.json` to replace that identifier with the exact version of\nthe package currently resolved in the lockfile for that reference.\n\nYou may find it useful when migrating a repository to use pinned version\nidentifiers, or when fixing a mistake after acidentally installing without `-E`.\n\nIt will not modify the lockfile or install any packages. It will only edit\n`package.json`, and then you must run `yarn install` to update the lockfile.\n\n## Installation\n\nThis plugin is available for both Yarn v2 and Yarn v3, but only the Yarn v3\nversion will receive updates. The `main` branch is the latest stable release.\n\n### Yarn v3\n\n```bash\nyarn plugin import https://raw.githubusercontent.com/splitgraph/yarn-plugin-pin-deps/main/packages/plugin-pin-deps/bundles/%40yarnpkg/plugin-pin-deps.js\n```\n\n### Yarn v2\n\nThe version of this plugin for Yarn v2 is not expected to receive updates, but\nit is stable and running in production.\n\n```bash\nyarn plugin import https://raw.githubusercontent.com/splitgraph/yarn-plugin-pin-deps/main/packages/plugin-pin-deps/bundles/%40yarnpkg/plugin-pin-deps-v2.cjs\n```\n\n## Usage\n\nAdd `--dry` to execute normally, except without writing to any files.\n\n```bash\nyarn pin-deps --dry\n```\n\nPin the dependencies and write any changes to the relevant package.json files:\n\n```bash\nyarn pin-deps\n```\n\nAfter modifying the `package.json` files, you still need to run `yarn install`\nto update the lockfile:\n\n```bash\nyarn install\n```\n\nOptionally, for an extra sanity check, in some cases, you may find it helpful to\nrun `yarn dedupe`, followed by `yarn install --immutable` to be certain.\n\n```bash\nyarn dedupe\nyarn install\nyarn install --immutable\n```\n\nUltimately, the best sanity check is to run `git diff` after `yarn pin-deps`, to\nsee the `package.json` changes, and then again after `yarn install`, to see the\nlockfile changes. For this reason, it's a good idea to ensure you have a clean\nGit workspace (or at least no changes to `package.json` and `yarn.lock` files)\nbefore running `yarn pin-deps`.\n\n```bash\nyarn pin-deps\n\n# Update the lockfile (in theory this won't fetch any updates, only change local resolutions)\nyarn install\n\n# Optionally dedupe and install --immutable to make sure everything is okay\nyarn dedupe\nyarn install --immutable\n```\n\n## Stability\n\nWe originally developed this plugin for Yarn v2, while pinning the dependencies\nin our monorepo. It worked well, and we occasionally still use it when fixing an\naccidental install of a non-pinned package. We're still using Yarn v2 in some\nproduction projects, and this plugin is stable.\n\nPorting it to v3 required [minimal changes][v2 to v3], and also gave the\nopportunity to [add TypeScript annotations][v3 to typescript]. The underlying\nJavaScript implementation is almost identical to that of the v2 version, and it\nuses no v3 specific features. Early testing indicates it's stable, but we are\nnot yet running this version in production.\n\nWe use the `node-modules` linker, and so this plugin has not been tested with\nany other linker. In theory, the `nodeLinker` setting should not affect behavior\nof this plugin, as it looks only at manifest files and otherwise relies on the\nYarn plugin API for inspecting the project.\n\nThere are no tests, and it was written in a day, but it works. PRs welcome! :)\n\n## Documentation\n\nDocumentation is available with `yarn pin-deps --help`:\n\n```bash\n❯ yarn pin-deps --help\n\nPin-deps [--dry] [--include name:range]\n\n━━━ Usage ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n\n$ yarn pin-deps\n\n━━━ Options ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n\n  --dry             Print the changes to stdout but do not apply them to package.json files.\n  --only-dev        Only devDependencies\n  --ignore-dev      Ignore devDependencies (default is false, to pin dependencies and devDependencies).\n  --verbose         Print more information about skipped or already pinned packages\n  --only #0         To _only_ include a specific name:range package (or packages).\n  --also #0         To pin a specific name:range that would otherwise be skipped\n  --workspace #0    To _only_ include a specific workspace (or workspaces)\n\n━━━ Details ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n\nPin any unpinned dependencies to their currently resolved version.Pass `--dry`\nfor a dry-run. Otherwise, write changes to `package.json`files directly. You\nwill still need to `yarn install` for the changesto take effect.Search all\nworkspaces by default. Pass `--workspace` flag(s) to focuson one or multiple\nworkspace(s).Search all packages with semver range references by default. To\nincludeotherwise skipped packages, specify `--include name:range`. To focusonly\non specific package(s), specify `--only name:range`\n\n━━━ Examples ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n\nUpdate package.json in every workspace, to pin all packages with          semver range to their currently resolved version.\n  $ yarn pin-deps\n\nPerform a \"dry run\" – do not apply any changes to files, but otherwise          run command as normally.\n  $ yarn pin-deps --dry\n\nInclude (do not skip) any packages with reference next:canary\n  $ yarn pin-deps --include next:canary\n\nInclude any package with range `canary` (not a regex, only works for this syntax)\n  $ yarn pin-deps --include :canary\n\nInclude _only_ packages with reference next:canary or material-ui/core:latest\n  $ yarn pin-deps --only next:canary --only material-ui/core:latest\n\nInclude _only_ workspaces by matching one of workspace.name, workspace.cwd, or workspace.relativeCwd\n  $ yarn pin-deps --workspace acmeco/design --workspace acmeco/auth\n\nIgnore devDependencies (pin only regular dependencies)\n  $ yarn pin-deps --ignore-dev\n\nPin only devDependencies in acmeco/design or acmeco/components\n  $ yarn pin-deps --only-dev --workspace acmeco/design --workspace acmeco/components\n\nHacky: print a specific package resolution (`yarn why` or `yarn info` is likely better)\n  $ yarn pin-deps --dry --workspace @acmeco/design --only next:canary\n\nPrint verbose logs (including alerady pinned packages)\n```\n\n# Contributing\n\nThis monorepo uses Yarn 3, and the plugin is in `packages/plugin-pin-deps`,\nwhich was scaffolded with [`@yarnpkg/builder`][yarnpkg builder].\n\n## Install for development\n\nAfter cloning the repository:\n\n```bash\nyarn set version berry\nyarn install --immutable\n```\n\nTip: If you need to setup `nvm`, make sure that you install `yarn` after\ncreating a new version of node:\n\n```bash\nnvm install\nnvm use\nnpm install -g yarn\n```\n\nor try this, to [migrate global packages][nvm migrate global packages] while\ninstalling:\n\n```bash\nnvm install --reinstall-packages-from=current\n```\n\n## Typecheck\n\n```bash\nyarn typecheck\n```\n\n## Build\n\n```bash\nyarn workspace plugin-pin-deps build\n```\n\nMain CLI:\n\n```bash\nyarn run scripts --help\n```\n\n## Format with Prettier\n\nTry to format files, but exit 1 if any change is required:\n\n```bash\nyarn format.check\n```\n\nTry to format files, and write changes to any file that requires them:\n\n```\nyarn format\n```\n\nSee [`.github/workflows/build.yml`][ci build steps] for CI commands.\n\n## Upgrade everything at once, interactively\n\n```bash\nyarn up -E -i '*'\n```\n\n[v2 to v3]:\n  https://github.com/splitgraph/yarn-plugin-pin-deps/compare/b13f58f64b75a9345bbdecc0ffc73592a4891a4f...32c00aeb7d4566bf6f7ad71c4fe81c149f42da2a?w=1\n[v3 to typescript]:\n  https://github.com/splitgraph/yarn-plugin-pin-deps/compare/32c00aeb7d4566bf6f7ad71c4fe81c149f42da2a...219943345a611141925db1c6fb6ebf3f442f3a82?w=1\n[yarnpkg builder]:\n  https://github.com/yarnpkg/berry/tree/master/packages/yarnpkg-builder\n[nvm migrate global packages]:\n  https://github.com/nvm-sh/nvm#migrating-global-packages-while-installing\n[ci build steps]:\n  https://github.com/splitgraph/yarn-plugin-pin-deps/blob/main/.github/workflows/build.yml#L14-L17\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsplitgraph%2Fyarn-plugin-pin-deps","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsplitgraph%2Fyarn-plugin-pin-deps","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsplitgraph%2Fyarn-plugin-pin-deps/lists"}