Giter VIP home page Giter VIP logo

yarn's Introduction

ℹ️ Important note

This repository holds the sources for Yarn 1.x (latest version at the time of this writing being 1.22). New releases (at this time the 3.2.3, although we're currently working on our next major) are tracked on the yarnpkg/berry repository, this one here being mostly kept for historical purposes and the occasional hotfix we publish to make the migration from 1.x to later releases easier.

If you hit bugs or issues with Yarn 1.x, we strongly suggest you migrate to the latest release - at this point they have been maintained longer than 1.x, and many classes of problems have already been addressed there. By using the nodeLinker setting you'll also have the choice of how you want to install your packages: node_modules like npm, symlinks like pnpm, or manifest files via Yarn PnP.


Fast, reliable, and secure dependency management.

Circle Status Appveyor Status Azure Pipelines status Discord Chat Commitizen friendly


Fast: Yarn caches every package it has downloaded, so it never needs to download the same package again. It also does almost everything concurrently to maximize resource utilization. This means even faster installs.

Reliable: Using a detailed but concise lockfile format and a deterministic algorithm for install operations, Yarn is able to guarantee that any installation that works on one system will work exactly the same on another system.

Secure: Yarn uses checksums to verify the integrity of every installed package before its code is executed.

Features

  • Offline Mode. If you've installed a package before, then you can install it again without an internet connection.
  • Deterministic. The same dependencies will be installed in the same exact way on any machine, regardless of installation order.
  • Network Performance. Yarn efficiently queues requests and avoids request waterfalls in order to maximize network utilization.
  • Network Resilience. A single request that fails will not cause the entire installation to fail. Requests are automatically retried upon failure.
  • Flat Mode. Yarn resolves mismatched versions of dependencies to a single version to avoid creating duplicates.
  • More emojis. 🐈

Our supports

All your environment variables, in one place. Stop struggling with scattered API keys, hacking together home-brewed tools, and avoiding access controls. Keep your team and servers in sync with Doppler.
Your app, enterprise-ready. Start selling to enterprise customers with just a few lines of code. Add Single Sign-On (and more) in minutes instead of months with WorkOS.

Installing Yarn

Read the Installation Guide on our website for detailed instructions on how to install Yarn.

Using Yarn

Read the Usage Guide on our website for detailed instructions on how to use Yarn.

Contributing to Yarn

The 1.x codebase is fairly old and will only accept security fixes. For new features or bugfixes, please see our new repository and its contribution guide.

Prior art

Yarn wouldn't exist if it wasn't for excellent prior art. Yarn has been inspired by the following projects:

Credits

Thanks to Sam Holmes for donating the npm package name!

yarn's People

Contributors

arcanis avatar bestander avatar byk avatar cpojer avatar daniel15 avatar gudahtt avatar hpurmann avatar iansu avatar imsnif avatar iredchuk avatar jamiebuilds avatar kentaromiura avatar kidkarolis avatar ldabiralai avatar neonowy avatar olingern avatar paulirish avatar rally25rs avatar renovate[bot] avatar samccone avatar sebmck avatar shayne avatar sth avatar torifat avatar volune avatar voxsim avatar wtgtybhertgeghgtwtg avatar wycats avatar wyze avatar zertosh avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

yarn's Issues

Reduce memory usage

When installing react-native we hit peak memory usage of 259.90MB. This should be minimised as much as possible. We could have a disk cache but then we're just reimplementing virtual memory which is silly.

New name

kpm is silly. Doesn't really mean anything. [a-z]pm is overdone.

Update command

Would be nice if I could say kpm update <lib-name> <other-lib> which would only update those, and it's unique deps, if this can't be satisfied some helpful error is provided.

This would allow for very controlled an granular updates, without fear of wider side affects.

Now in other cases, without arguments maybe, it should update all dependencies.

Error when running kpm install: "invalid tar file"

I just tried kpm for fun on a side project (react-dnd).
When I run kpm install I get:

kpm i
kpm install v0.0.0
info No lockfile found.
[1/4] 🚚  Resolving and fetching packages...
⠈ webpack-dev-server@^1.8.2Error: http://registry.npmjs.org/disposables/-/disposables-1.0.1.tgz: invalid tar file
    at Extract.Parse._startEntry (/Users/dan/p/kpm/node_modules/tar/lib/parse.js:149:13)
    at Extract.Parse._process (/Users/dan/p/kpm/node_modules/tar/lib/parse.js:131:12)
    at BlockStream.<anonymous> (/Users/dan/p/kpm/node_modules/tar/lib/parse.js:47:8)
    at emitOne (events.js:77:13)
    at BlockStream.emit (events.js:169:7)
    at BlockStream._emitChunk (/Users/dan/p/kpm/node_modules/block-stream/block-stream.js:145:10)
    at BlockStream.write (/Users/dan/p/kpm/node_modules/block-stream/block-stream.js:45:10)
    at Extract.Parse.write (/Users/dan/p/kpm/node_modules/tar/lib/parse.js:81:23)
    at Unzip.ondata (_stream_readable.js:528:20)
    at emitOne (events.js:77:13)

Curious whether this is a bug, or if I misunderstand something and can’t use kpm there.

Safe publish command

I think it would be nice to explore a way of publishing other than npm publish.

Right now I stay logged out of npm on my machine and I run npm login npm publish npm logout every time I want to publish a package. Maybe this could just be an alias of that.

Other npm commands

I guess the decision is still to be made if this is going to be a complete replacement for npm. In the meantime here is a semi-organized list of commands (and aliases) on npm today.

Display local information:

  • bin - Display npm bin folder
  • bugs (issues) - Bugs for a package in a web browser maybe
  • docs (home) - Docs for a package in a web browser maybe
  • faq - Frequently Asked Questions
  • help (apihelp) - Get help on npm
  • help-search - Search npm help documentation
  • ls (la, list, ll) - List installed packages
  • prefix - Display prefix
  • repo - Open package repository page in the browser
  • root - Display npm root

Display remote information:

  • dist-tag (dist-tags) - Modify package distribution tags
  • outdated - Check for outdated packages
  • search (find, se, s) - Search for packages

Run local scripts:

  • restart - Restart a package
  • run-script (run) - Run arbitrary package scripts
  • start - Start a package
  • stop - Stop a package
  • test (t, tst) - Test a package

Modify local package:

  • version (verison) - Bump a package version

Modify remote package:

  • access - Set access level on published packages
  • deprecate - Deprecate a version of a package
  • owner (author) - Manage package owners
  • publish - Publish a package
  • tag - Tag a published version
  • team - Manage organization teams and team memberships
  • unpublish - Remove a package from the registry
  • view (info, show, v) - View registry info

Staring:

  • star - Mark your favorite packages
  • stars - View packages marked as favorites
  • unstar - Mark your favorite packages

Authentication:

  • adduser (add-user, login) - Add a registry user account
  • logout - Log out of the registry
  • whoami - Display npm username

Dependency managment:

  • build - Build a package
  • dedupe (ddp, find-dupes) - Reduce duplication
  • edit - Edit an installed package
  • explore - Browse an installed package
  • install (i) - Install a package
  • link (ln) - Symlink a package folder
  • prune - Remove extraneous packages
  • rebuild (rb) - Rebuild a package
  • rm (r, remove, un, uninstall, unlink) - Remove a package
  • shrinkwrap - Lock down dependency versions
  • update (up, upgrade) - Update a package

Misc:

  • cache - Manipulates packages cache
  • completion - Tab Completion for npm
  • config (c) - Manage the npm configuration files
  • init - Interactively create a package.json file
  • pack - Create a tarball from a package
  • ping - Ping npm registry

Won't be able to use kpm on react-native/at fb yet

So, as I suspected, you are using symlinks for generating all those node_modules. Unfortunately, watchman doesn't support symlinks. This has been a longstanding issue (can't use npm link) and we need to figure out a solution with the watchman team.

Better dependency error messages

When we're outputting an error from a dependency show it's relationship to one of the dependencies a user actually knows about.

Call out slow package installs

If an install take 10 seconds.. but some packages take up the majority of the time... we should let the user know and give them a way to file an upstream bug with the package to speed things up.

Timing is going to be sort of tricky as a lot of stuff is parallel which could delay package resolution.

[wip] Integration feedback

This issue is a wip outlining a number of ideas that were discussed with @kittens 2/5/2016. Storing my thoughts and will expand with comments/reasoning.

  • Distributed cache kpm install
  • Hooks to allow calls to external auditing tools
  • First-class support for private modules
  • Dangling module dependency detection
  • Dynamic/runtime module installation (w/ Nuclide/IDE integration)

How should we handle network failures?

Firing off N number of concurrent requests can blow up some peps routers and or computers.

We should make sure kpm has very smart backoff and retry logic

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.