{"id":13452207,"url":"https://github.com/yarnpkg/yarn","last_synced_at":"2025-11-12T21:48:47.479Z","repository":{"id":37276230,"uuid":"49970642","full_name":"yarnpkg/yarn","owner":"yarnpkg","description":"The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry","archived":false,"fork":false,"pushed_at":"2025-11-12T20:32:00.000Z","size":119768,"stargazers_count":41540,"open_issues_count":2067,"forks_count":2736,"subscribers_count":538,"default_branch":"master","last_synced_at":"2025-11-12T21:48:15.199Z","etag":null,"topics":["javascript","npm","package-manager","yarn"],"latest_commit_sha":null,"homepage":"https://classic.yarnpkg.com","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yarnpkg.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2016-01-19T17:39:16.000Z","updated_at":"2025-11-12T17:44:47.000Z","dependencies_parsed_at":"2024-01-13T03:27:26.999Z","dependency_job_id":"8ad9d968-a682-4642-9c8e-f915cfab4ab5","html_url":"https://github.com/yarnpkg/yarn","commit_stats":{"total_commits":2256,"total_committers":542,"mean_commits":4.162361623616236,"dds":0.849290780141844,"last_synced_commit":"7cafa512a777048ce0b666080a24e80aae3d66a9"},"previous_names":[],"tags_count":175,"template":false,"template_full_name":null,"purl":"pkg:github/yarnpkg/yarn","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yarnpkg%2Fyarn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yarnpkg%2Fyarn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yarnpkg%2Fyarn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yarnpkg%2Fyarn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yarnpkg","download_url":"https://codeload.github.com/yarnpkg/yarn/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yarnpkg%2Fyarn/sbom","scorecard":{"id":1237616,"data":{"date":"2025-07-07","repo":{"name":"github.com/yarnpkg/yarn","commit":"7cafa512a777048ce0b666080a24e80aae3d66a9"},"scorecard":{"version":"v5.2.1-18-gbb9c347d","commit":"bb9c347dff6349d986baab6578a46d68a5524c62"},"score":3.6,"checks":[{"name":"Code-Review","score":1,"reason":"Found 3/30 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/signing.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":9,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#dangerous-workflow"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":4,"reason":"3 out of the last 5 releases have a total of 3 signed artifacts.","details":["Info: signed release artifact: yarn-1.22.22-1.noarch.rpm.asc: https://github.com/yarnpkg/yarn/releases/tag/v1.22.22","Warn: release artifact v1.22.21 not signed: https://api.github.com/repos/yarnpkg/yarn/releases/129420972","Warn: release artifact v1.22.20 not signed: https://api.github.com/repos/yarnpkg/yarn/releases/129317157","Info: signed release artifact: yarn-1.22.19.js.asc: https://github.com/yarnpkg/yarn/releases/tag/v1.22.19","Info: signed release artifact: yarn-1.22.18.js.asc: https://github.com/yarnpkg/yarn/releases/tag/v1.22.18","Warn: release artifact v1.22.22 does not have provenance: https://api.github.com/repos/yarnpkg/yarn/releases/145660714","Warn: release artifact v1.22.21 does not have provenance: https://api.github.com/repos/yarnpkg/yarn/releases/129420972","Warn: release artifact v1.22.20 does not have provenance: https://api.github.com/repos/yarnpkg/yarn/releases/129317157","Warn: release artifact v1.22.19 does not have provenance: https://api.github.com/repos/yarnpkg/yarn/releases/66514022","Warn: release artifact v1.22.18 does not have provenance: https://api.github.com/repos/yarnpkg/yarn/releases/61935478"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 5 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#sast"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#fuzzing"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/signing.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/yarnpkg/yarn/signing.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile.dev:4: pin your Docker image by updating node:10 to node:10@sha256:59531d2835edd5161c8f9512f9e095b1836f7a1fcb0ab73e005ec46047384911","Warn: downloadThenRun not pinned by hash: scripts/install-latest.sh:8","Info:   0 out of   1 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":0,"reason":"184 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-pp7h-53gx-mx7r","Warn: Project is vulnerable to: GHSA-832h-xg76-4gv6","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx","Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-p28h-cc7q-c4fg","Warn: Project is vulnerable to: GHSA-9vvw-cc9w-f27h","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-qgfr-5hqp-vrw9","Warn: Project is vulnerable to: GHSA-hr2v-3952-633q","Warn: Project is vulnerable to: GHSA-h6ch-v84p-w6p9","Warn: Project is vulnerable to: GHSA-3w5v-p54c-f74x","Warn: Project is vulnerable to: GHSA-6x77-rpqf-j6mw","Warn: Project is vulnerable to: GHSA-hwcf-pp87-7x6p","Warn: Project is vulnerable to: GHSA-phwq-j96m-2c2q","Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6","Warn: Project is vulnerable to: GHSA-qrmc-fj45-qfc2","Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97","Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj","Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37","Warn: Project is vulnerable to: GHSA-p9w8-2mpq-49h9","Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695","Warn: Project is vulnerable to: GHSA-fvqr-27wr-82fm","Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574","Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm","Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-wrvr-8mpx-r7pp","Warn: Project is vulnerable to: GHSA-hxm2-r34f-qmc5","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-w9mr-4mfr-499f","Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr","Warn: Project is vulnerable to: GHSA-6g33-f262-xjp4","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6","Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj","Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v","Warn: Project is vulnerable to: GHSA-xc7v-wxcw-j472","Warn: Project is vulnerable to: GHSA-v2p6-4mp7-3r9v","Warn: Project is vulnerable to: GHSA-jp4x-w63m-7wgm","Warn: Project is vulnerable to: GHSA-c429-5p7v-vgjp","Warn: Project is vulnerable to: MAL-2025-3962","Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw","Warn: Project is vulnerable to: GHSA-whgm-jr23-g3j9","Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-wxhq-pm8v-cw75","Warn: Project is vulnerable to: GHSA-257v-vj4p-3w2h","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h","Warn: Project is vulnerable to: GHSA-6h5x-7c5m-7cr7","Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc","Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx","Warn: Project is vulnerable to: GHSA-mpcf-4gmh-23w8","Warn: Project is vulnerable to: GHSA-9qj9-36jm-prpv","Warn: Project is vulnerable to: GHSA-8r6j-v8pm-fqw3","Warn: Project is vulnerable to: MAL-2023-462","Warn: Project is vulnerable to: GHSA-xf7w-r453-m56c","Warn: Project is vulnerable to: GHSA-q42p-pg8m-cqh6","Warn: Project is vulnerable to: GHSA-w457-6q6x-cgp9","Warn: Project is vulnerable to: GHSA-62gr-4qp9-h98f","Warn: Project is vulnerable to: GHSA-f52g-6jhx-586p","Warn: Project is vulnerable to: GHSA-2cf5-4w76-r9qv","Warn: Project is vulnerable to: GHSA-3cqr-58rm-57f8","Warn: Project is vulnerable to: GHSA-g9r4-xpmj-mj65","Warn: Project is vulnerable to: GHSA-q2c6-c6pm-g3gh","Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44","Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988","Warn: Project is vulnerable to: GHSA-44pw-h2cw-w3vq","Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m","Warn: Project is vulnerable to: GHSA-6x33-pw7p-hmpq","Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27","Warn: Project is vulnerable to: GHSA-4hpf-3wq7-5rpr","Warn: Project is vulnerable to: GHSA-f522-ffg8-j8r6","Warn: Project is vulnerable to: GHSA-7r28-3m3f-r2pr","Warn: Project is vulnerable to: GHSA-r8j5-h5cx-65gg","Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546","Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx","Warn: Project is vulnerable to: GHSA-896r-f27r-55mw","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-282f-qqgm-c34q","Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq","Warn: Project is vulnerable to: GHSA-pp57-mqmh-44h7","Warn: Project is vulnerable to: GHSA-7px7-7xjx-hxm8","Warn: Project is vulnerable to: GHSA-x5pg-88wf-qq4p","Warn: Project is vulnerable to: GHSA-p9wx-2529-fp83","Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj","Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf","Warn: Project is vulnerable to: GHSA-f9cm-qmx5-m98h","Warn: Project is vulnerable to: GHSA-7wpw-2hjm-89gp","Warn: Project is vulnerable to: GHSA-ff6r-5jwm-8292","Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p","Warn: Project is vulnerable to: GHSA-6394-6h9h-cfjg","Warn: Project is vulnerable to: GHSA-28xh-wpgr-7fm8","Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w","Warn: Project is vulnerable to: GHSA-566m-qj78-rww5","Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-hxcm-v35h-mg2x","Warn: Project is vulnerable to: GHSA-5q6m-3h65-w53x","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p","Warn: Project is vulnerable to: GHSA-c9g6-9335-x697","Warn: Project is vulnerable to: GHSA-2m39-62fm-q8r3","Warn: Project is vulnerable to: GHSA-mf6x-7mm4-x2g7","Warn: Project is vulnerable to: GHSA-j44m-qm6p-hp7m","Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9","Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v","Warn: Project is vulnerable to: GHSA-g7q5-pjjr-gqvp","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-pv4c-p2j5-38j4","Warn: Project is vulnerable to: GHSA-46c4-8wrp-j99v","Warn: Project is vulnerable to: GHSA-9m6j-fcg5-2442","Warn: Project is vulnerable to: GHSA-hh27-ffr2-f2jc","Warn: Project is vulnerable to: GHSA-rqff-837h-mm52","Warn: Project is vulnerable to: GHSA-8v38-pw62-9cw2","Warn: Project is vulnerable to: GHSA-hgjh-723h-mx2j","Warn: Project is vulnerable to: GHSA-jf5r-8hm2-f872","Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6","Warn: Project is vulnerable to: GHSA-cf66-xwfp-gvc4","Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v","Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h","Warn: Project is vulnerable to: GHSA-g78m-2chm-r7qv","Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh","Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp","Warn: Project is vulnerable to: GHSA-gqgv-6jq5-jjj9","Warn: Project is vulnerable to: MAL-2022-2424","Warn: Project is vulnerable to: GHSA-cwx2-736x-mf6w","Warn: Project is vulnerable to: GHSA-v39p-96qg-c8rf","Warn: Project is vulnerable to: GHSA-8v63-cqqc-6r2c","Warn: Project is vulnerable to: GHSA-wqfc-cr59-h64p","Warn: Project is vulnerable to: GHSA-hjxc-462x-x77j","Warn: Project is vulnerable to: GHSA-5xf4-f2fq-f69j","Warn: Project is vulnerable to: GHSA-8mfc-v7wv-p62g","Warn: Project is vulnerable to: GHSA-mpwj-fcr6-x34c","Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw","Warn: Project is vulnerable to: GHSA-vh7m-p724-62c2","Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w","Warn: Project is vulnerable to: GHSA-434g-2637-qmqr","Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m","Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw","Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p","Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747","Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh","Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59","Warn: Project is vulnerable to: MAL-2022-2642","Warn: Project is vulnerable to: GHSA-c75v-2vq8-878f","Warn: Project is vulnerable to: GHSA-c6rq-rjc2-86v2","Warn: Project is vulnerable to: GHSA-x2mc-8fgj-3wmr","Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx","Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-rq8g-5pc5-wrhr","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp","Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3","Warn: Project is vulnerable to: GHSA-fhjf-83wg-r2j9","Warn: Project is vulnerable to: GHSA-4g88-fppr-53pp","Warn: Project is vulnerable to: GHSA-4jqc-8m5r-9rpr","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q","Warn: Project is vulnerable to: GHSA-6chw-6frg-f759","Warn: Project is vulnerable to: GHSA-897m-rjf5-jp39","Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488","Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g","Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g","Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6","Warn: Project is vulnerable to: GHSA-vx3p-948g-6vhq","Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw","Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc","Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p","Warn: Project is vulnerable to: GHSA-29xr-v42j-r956","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7","Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/bb9c347dff6349d986baab6578a46d68a5524c62/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-09-14T02:29:32.457Z","repository_id":37276230,"created_at":"2025-09-14T02:29:32.457Z","updated_at":"2025-09-14T02:29:32.457Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":284115869,"owners_count":26949957,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-11-12T02:00:06.336Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["javascript","npm","package-manager","yarn"],"created_at":"2024-07-31T07:01:16.898Z","updated_at":"2025-11-12T21:48:47.461Z","avatar_url":"https://github.com/yarnpkg.png","language":"JavaScript","readme":"\u003e ## ℹ️ Important note\n\u003e \n\u003e This repository holds the sources for Yarn 1.x (latest version at the time of this writing being 1.22). New releases (at this time the 3.2.3, although we're currently working on our next major) are tracked on the [yarnpkg/berry](https://github.com/yarnpkg/berry) repository, this one here being mostly kept for historical purposes and the occasional hotfix we publish to make the migration from 1.x to later releases easier.\n\u003e \n\u003e If you hit bugs or issues with Yarn 1.x, we strongly suggest you [migrate](https://yarnpkg.com/getting-started/migration) to the latest release - at this point they have been maintained longer than 1.x, and many classes of problems have already been addressed there. By using the [`nodeLinker` setting](https://yarnpkg.com/configuration/yarnrc#nodeLinker) you'll also have the choice of how you want to install your packages: node_modules like npm, symlinks like pnpm, or manifest files via [Yarn PnP](https://yarnpkg.com/features/pnp).\n\n---\n\n\u003cp align=\"center\"\u003e\n  Fast, reliable, and secure dependency management.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://circleci.com/gh/yarnpkg/yarn\"\u003e\u003cimg alt=\"Circle Status\" src=\"https://circleci.com/gh/yarnpkg/yarn.svg?style=shield\u0026circle-token=5f0a78473b0f440afb218bf2b82323cc6b3cb43f\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://ci.appveyor.com/project/kittens/yarn/branch/master\"\u003e\u003cimg alt=\"Appveyor Status\" src=\"https://ci.appveyor.com/api/projects/status/0xdv8chwe2kmk463?svg=true\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://dev.azure.com/yarnpkg/yarn/_build\"\u003e\u003cimg alt=\"Azure Pipelines status\" src=\"https://dev.azure.com/yarnpkg/yarn/_apis/build/status/Yarn%20Acceptance%20Tests\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://discord.gg/yarnpkg\"\u003e\u003cimg alt=\"Discord Chat\" src=\"https://img.shields.io/discord/226791405589233664.svg\"\u003e\u003c/a\u003e\n  \u003ca href=\"http://commitizen.github.io/cz-cli/\"\u003e\u003cimg alt=\"Commitizen friendly\" src=\"https://img.shields.io/badge/commitizen-friendly-brightgreen.svg\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n**Fast:** Yarn caches every package it has downloaded, so it never needs to download the same package again. It also does almost everything concurrently to maximize resource utilization. This means even faster installs.\n\n**Reliable:** Using a detailed but concise lockfile format and a deterministic algorithm for install operations, Yarn is able to guarantee that any installation that works on one system will work exactly the same on another system.\n\n**Secure:** Yarn uses checksums to verify the integrity of every installed package before its code is executed.\n\n## Features\n\n* **Offline Mode.** If you've installed a package before, then you can install it again without an internet connection.\n* **Deterministic.** The same dependencies will be installed in the same exact way on any machine, regardless of installation order.\n* **Network Performance.** Yarn efficiently queues requests and avoids request waterfalls in order to maximize network utilization.\n* **Network Resilience.** A single request that fails will not cause the entire installation to fail. Requests are automatically retried upon failure.\n* **Flat Mode.** Yarn resolves mismatched versions of dependencies to a single version to avoid creating duplicates.\n* **More emojis.** 🐈\n\n## Our supports\n\n### [Gold sponsors](https://opencollective.com/yarnpkg)\n\n\u003ctable width=\"100%\"\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\n      \u003ca href=\"https://www.doppler.com/?utm_campaign=github_repo\u0026utm_medium=referral\u0026utm_content=yarn\u0026utm_source=github#gh-light-mode-only\"\u003e\n        \u003cimg src=\"https://assets.website-files.com/5de9972f49103c5df3964004/5f0c1146992a5e9e4fa553e6_logo.svg\" width=\"140\"/\u003e\n      \u003c/a\u003e\n      \u003ca href=\"https://www.doppler.com/?utm_campaign=github_repo\u0026utm_medium=referral\u0026utm_content=yarn\u0026utm_source=github#gh-dark-mode-only\"\u003e\n        \u003cimg src=\"https://user-images.githubusercontent.com/1037931/151548177-308f0a41-fb0e-4311-9969-4a2455b08686.svg\" width=\"140\"/\u003e\n      \u003c/a\u003e\n    \u003c/td\u003e\n    \u003ctd\u003e\n      \u003cb\u003eAll your environment variables, in one place\u003c/b\u003e. Stop struggling with scattered API keys, hacking together home-brewed tools, and avoiding access controls. Keep your team and servers in sync with \u003cb\u003e\u003ca href=\"https://www.doppler.com/?utm_campaign=github_repo\u0026utm_medium=referral\u0026utm_content=yarn\u0026utm_source=github\"\u003eDoppler\u003c/a\u003e\u003c/b\u003e.\n    \u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\n      \u003ca href=\"https://workos.com/?utm_campaign=github_repo\u0026utm_medium=referral\u0026utm_content=berry\u0026utm_source=github#gh-light-mode-only\"\u003e\n        \u003cimg src=\"https://user-images.githubusercontent.com/1037931/151547094-7aa4a5cb-07e4-4b8a-ab8f-0a15fd63ab7d.svg\" width=\"140\"/\u003e\n      \u003c/a\u003e\n      \u003ca href=\"https://workos.com/?utm_campaign=github_repo\u0026utm_medium=referral\u0026utm_content=berry\u0026utm_source=github#gh-dark-mode-only\"\u003e\n        \u003cimg src=\"https://user-images.githubusercontent.com/1037931/151547899-3655e0d3-3bdb-4351-bd75-af2bebd3ce92.svg\" width=\"140\"/\u003e\n      \u003c/a\u003e\n    \u003c/td\u003e\n    \u003ctd\u003e\n      \u003cb\u003eYour app, enterprise-ready\u003c/b\u003e. Start selling to enterprise customers with just a few lines of code. Add Single Sign-On (and more) in minutes instead of months with \u003cb\u003e\u003ca href=\"https://workos.com/?utm_campaign=github_repo\u0026utm_medium=referral\u0026utm_content=berry\u0026utm_source=github\"\u003eWorkOS\u003c/a\u003e\u003c/b\u003e.\n    \u003c/td\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n\n## Installing Yarn\n\nRead the [Installation Guide](https://yarnpkg.com/en/docs/install) on our website for detailed instructions on how to install Yarn.\n\n## Using Yarn\n\nRead the [Usage Guide](https://yarnpkg.com/en/docs/usage) on our website for detailed instructions on how to use Yarn.\n\n## Contributing to Yarn\n\nThe 1.x codebase is fairly old and will only accept security fixes. For new features or bugfixes, please see our new [repository](https://github.com/yarnpkg/berry) and its [contribution guide](https://yarnpkg.com/advanced/contributing).\n\n## Prior art\n\nYarn wouldn't exist if it wasn't for excellent prior art. Yarn has been inspired by the following projects:\n\n - [Bundler](https://github.com/bundler/bundler)\n - [Cargo](https://github.com/rust-lang/cargo)\n - [npm](https://github.com/npm/cli)\n\n## Credits\n\nThanks to [Sam Holmes](https://github.com/samholmes) for donating the npm package name!\n","funding_links":["https://opencollective.com/yarnpkg"],"categories":["JavaScript","Clients","Javascript","包管理","CLI","Tools","package-manager","npm"],"sub_categories":["Other","Miscs","非 JavaScript 编译工具","Misc","React Components"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyarnpkg%2Fyarn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyarnpkg%2Fyarn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyarnpkg%2Fyarn/lists"}