Yarn 4.0: A Major Milestone in Package Management
Upgrading from Yarn 3.x
If you are currently using Yarn 3.x in your projects, there are a few important things to know before upgrading to Yarn 4.0. One significant change is the way Yarn is installed on a per-project basis. Previously, it was recommended to use the yarnPath setting to point to a checked-in binary. However, this approach caused friction for many developers who were hesitant to add a binary to their repository. To address this issue, Yarn collaborated with Node.js to develop Corepack, a tool that automatically selects the right package manager version based on the project you’re working on. With the introduction of Corepack in Node.js 16+ and 20, Yarn no longer relies on yarnPath, and the installation guide has been updated accordingly.
Another noteworthy change is the introduction of Hardened Mode, which provides additional security checks to protect against attacks. When operating in this mode, Yarn performs extra validations to prevent any unauthorized modifications to lockfiles. Hardened Mode is automatically enabled when Yarn detects that it is running within a GitHub pull request on a public repository. However, it can be disabled by toggling off the enableHardenedMode setting in the yarnrc file.
To enable constraints checks during the installation process, you can use the new enableConstraintsChecks setting. This feature allows you to catch errors early and ensure that your project adheres to the defined rules, without significantly impacting the installation time.
Improved User Experience
Yarn 4.0 brings several enhancements to improve the overall user experience. Previously, some features were shipped as sideloaded plugins, which required separate management and caused confusion for users. In this release, all features and commands are now available as part of the main distribution, eliminating the need for managing plugins separately. Additionally, various parts of the UI have been revamped to provide clearer information and reduce unnecessary warnings.
One notable improvement is the new yarn install command, which now displays the packages that have been added and their total weight. The command also provides more targeted warnings for actionable situations, minimizing unnecessary noise. The yarn config command has also been enhanced with a new tree display and improved flexibility in selecting the settings to be displayed.
With the release of Yarn 4.0, the team has achieved a major milestone in package management. The focus of this release was to improve the user experience and decrease the learning curve associated with Yarn, while ensuring a smooth migration process for existing projects. Looking ahead, the team is considering native Yarn builds to explore potential performance gains. However, they are committed to building upon the existing foundations and addressing various improvements, such as CLI completion, reducing the learning curve, and general upkeep.