July 13, 2020
Written by Rhys Arkins
Let’s start by talking about how Yarn ensures that an installation that works in one development environment will work in the same manner in another environment.
How Yarn handles dependency versioning
Yarn writes all the dependencies of a project to a file called package.json, which is found at the root of the project’s working directory. It also saves the dependency files into the node_modules folder if using Yarn v1. Note that if you’re using Yarn v2, it’s not necessary to install node_modules.
In the package.json file, each dependency is versioned based on the semantic versioning (SemVer) scheme. This versioning system reflects the types of changes in every updated version of a dependency, like a bug fix or a new feature.
Before updating any Yarn dependencies, you can check their current version in the file.
Here is an example of a package.json file that specifies the name and version ranges of dependencies (notice that the version ranges are specified using operators):
“package-one”: “>=4.0.0 <7.1.4”,
Yarn also provides an autogenerated file called yarn.lock, which contains the entries of the exact versions of all dependencies (including transitive) that are used by the project — after determining semantic versioning constraints stipulated in the package.json file.
The purpose of the lock file is to “lock”, as its name suggests, the dependencies to their specific versions during installation. It ensures that each installation of a dependency leads to the exact similar file structure in node_modules across all environments.
Since new package versions are usually released frequently, your code can break if it is not compatible with the newest versions of certain dependencies. Therefore, the ability to lock dependencies to a fixed version is an exciting Yarn feature that means you can be assured of getting the exact same dependencies installed every time.
How to install Yarn
After installing Node.js, you can run the following command on the terminal to verify if it exists on your system:
or (shortened method):
Node.js is a prerequisite for installing Yarn because the package manager is written in Node.js and needs it as a runtime.
If you want to install Yarn using npm, you can simply run the following command on the terminal:
|npm install -g yarn|
The above command installs Yarn globally on your system — because of the g (global) flag.
Although Yarn is available as an npm package, the Yarn core team does not recommend the npm installation approach. Other system-specific methods for installing it are listed here.
For example, on macOS, you can use the Homebrew package manager to install it.
Here is the command to run:
|brew install yarn|
Each operating system comes with its own package manager that will make the process of installing Yarn fast and smooth.
Whichever the method you use, after a successful installation, the yarn command will be available on your system.
How to check your Yarn version
After installing Yarn, you can run the following command to check its version:
How to add Yarn dependencies
To include a new package into your project, Yarn lets you add it as a dependency.
Here is the command to use:
|yarn add [package-name]|
For example, if you want to add a package called lodash, you can run the following command:
|yarn add lodash|
The above command will also automatically update the package.json file and the yarn.lock file with details of the installed dependency. This way any developer working on this project when using yarn will get the same dependencies.
If you want to add a package globally, run the following command:
|yarn global add [package-name]|
If you want to use a specific version of a package, you can run this command:
|yarn add [package-name]@[version]|
On the other hand, if your package.json file already contains a list of dependencies, but the packages have not been added yet, you can run this command:
How to update Yarn dependencies
To update Yarn dependencies use any of the following commands:
|yarn upgrade [package-name]|
|yarn upgrade [package-name]@[version]|
If you do not specify a package name, all of the project’s dependencies will be upgraded to their latest patching versions based on the version range stipulated in the package.json file, and the yarn.lock file will also be recreated. Otherwise, if a package name is specified, Yarn will only update the stated packages.
If you want the stipulated version ranges in package.json to be ignored when updating packages, you can use the upgrade –latest command, instead of the upgrade command.
This way, the version indicated by the latest tag will be used, which allows updating of all of the packages even across major versions. As a result, the package.json file will be modified to be in sync with the latest version range.
Here are examples:
|yarn upgrade –latest|
|yarn upgrade lodash –latest|
If you want to display the outdated packages before choosing the ones to update, you can use the upgrade-interactive command.
With this command, you can select which packages to update rather than blindly updating all of them. Yarn will keep to the version ranges specified in package.json when settling on the dependency version to update to.
Here is how to run the command:
Updating Yarn Dependencies Automatically
While the above Yarn update dependencies methods allow you to upgrade to the latest package versions, which can greatly improve your development experience, they are time-consuming, tedious, and difficult to keep track of.
Instead of trying to perform Yarn upgrades manually, you can use the WhiteSource Renovate tool. WhiteSource Renovate helps you automate dependency updates using pull requests, so that you can stop worrying about outdated dependencies.
Renovate will help you to save time and reduce the risks of trying to upgrade your packages manually.
Click here to start using WhiteSource Renovate.