Description

Yarn is a package manager for the npm and bower registries with a few specific focuses. **Determinism:** Based around a version lockfile which ensures that operations on the dependency graph can be easily transitioned. We check module directories and verify their integrity to ensure yarn install always produces the same file structure. **Security:** Strict guarantees are placed around package installation. You have control over whether lifecycle scripts are executed for packages and package hashes are stored in the lockfile to ensure you get the same package each time. **Performance:** We're always performing operations such as package resolving and fetching in parallel. This ensures little idle time and maximum resource utilization.

Vulnerabilities

No vulnerabilities detected

Did you Know?

DevAudit is a free open source tool that makes it easy to find vulnerabilities in Chocolatey components. You can use it to scan anytime, or include it as part of your CI/CD pipeline so you never miss a vulnerability.

Scan a Chocolatey project

The Nexus Vulnerability Scanner audits projects for OSS risk and gives you a full software bill of materials (SBOM) using premium data from the Nexus Platform, our enterprise suite of products.

Scan your application today

Sign up and see:

Detailed component information including:
  • Version history
  • Declared licenses
  • Vulnerability details
Sign Up