Skip to content

A build of yarn that provides access to its internals

Notifications You must be signed in to change notification settings

dependabot/yarn-lib

Repository files navigation

Yarn Lib

WARNING

Do not use this in your own projects. This repo is only needed for Dependabot to support Yarn v1... it's not needed for Yarn v2/v3. Wherever possible we prefer to use public APIs such as the yarn CLI rather than hacks like this. So whenever we drop support for Yarn v1, this will go away.

What is it?

As of v1.0, Yarn is distributed as a single bundled .js file, which means it can no longer be used as a library.

This repo automatically generates builds of yarn that may be used as libraries and pushes them to the @dependabot/yarn-lib package on npm.

Steps to Rotate the NPM Access Token

  1. Login to the npmjs registry with GitHub work email and password and go to the Access Tokens section.

    Note: If you do not see Dependabot org associated with your npmjs registry account then reach out to your team members in the slack channel #dependabot-updates-team to send you an invite to join the dependabot org.

  2. Click on Generate new Access Tokens button and copy the token. Screen Shot 2022-08-15 at 5 53 45 PM

  3. Update the NPM_TOKEN with the newly generated token in step 2. Screen Shot 2022-08-15 at 5 55 21 PM

  4. Follow the guide to update the secret dependabot_npmjs_org_token in the vault with the newly generated token in step 2.

About

A build of yarn that provides access to its internals

Resources

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published