w3resource

The yarn.lock configuration file


In the previous tutorial we examined yarn's envvar and yarnrc configuration files. The tutorial you are about to read, will take a look at the yarn.lock configuration file. For Yarn to get consistent install across machines, yarn will need more information than just the dependencies you configure in your package.json. Yarn will need to store the exact version of each dependency that were installed.

For yarn to do this, it uses a yarn.lock file that is in the root of your project. The lockfiles are of the form:

"@babel/[email protected]", "@babel/[email protected]^7.0.0", "@babel/[email protected]^7.8.3":
  version "7.8.3"
  resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.8.3.tgz#33e25903d7481181534e12ec0a25f16b6fcf419e"
  integrity sha512-a9gxpmdXtZEInkCSHUJDLHZVBgb1QS0jhss4cPP93EW7s+uC5bikET2twEF3KV+7rDblJcmNvTR7VJejqd2C2g==
  dependencies:
    "@babel/highlight" "^7.8.3"

"@babel/[email protected]^7.8.4":
  version "7.8.5"
  resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.8.5.tgz#d28ce872778c23551cbb9432fc68d28495b613b9"
  integrity sha512-jWYUqQX/ObOhG1UiEkbH5SANsE/8oKXiQWjj7p7xgj9Zmnt//aUvyz4dBkK0HNsS8/cbyC5NmmH87VekW+mXFg==
  dependencies:
    browserslist "^4.8.5"
    invariant "^2.2.4"
    semver "^5.5.0"

"@babel/[email protected]", "@babel/[email protected]^7.1.0", "@babel/[email protected]^7.4.5":
  version "7.8.4"
  resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.8.4.tgz#d496799e5c12195b3602d0fddd77294e3e38e80e"
  integrity sha512-0LiLrB2PwrVI+a2/IEskBopDYSd8BCb3rOvH7D5tzoWd696TBEduBvuLVm4Nx6rltrLZqvI3MCalB2K2aVzQjA==
  dependencies:
    "@babel/code-frame" "^7.8.3"
    "@babel/generator" "^7.8.4"
    "@babel/helpers" "^7.8.4"
    "@babel/parser" "^7.8.4"
    "@babel/template" "^7.8.3"
    "@babel/traverse" "^7.8.4"
    "@babel/types" "^7.8.3"
    convert-source-map "^1.7.0"
    debug "^4.1.0"
    gensync "^1.0.0-beta.1"
    json5 "^2.1.0"
    lodash "^4.17.13"
    resolve "^1.3.2"
    semver "^5.4.1"
    source-map "^0.5.0"

"@babel/[email protected]^7.4.0", "@babel/[email protected]^7.8.4":
  version "7.8.4"
  resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.8.4.tgz#35bbc74486956fe4251829f9f6c48330e8d0985e"
  integrity sha512-PwhclGdRpNAf3IxZb0YVuITPZmmrXz9zf6fH8lT4XbrmfQKr6ryBzhv593P5C6poJRciFCL/eHGW2NuGrgEyxA==
  dependencies:
    "@babel/types" "^7.8.3"
    jsesc "^2.5.1"
    lodash "^4.17.13"
    source-map "^0.5.0"

"@babel/[email protected]^7.8.3":
  version "7.8.3"
  resolved "https://registry.yarnpkg.com/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.8.3.tgz#60bc0bc657f63a0924ff9a4b4a0b24a13cf4deee"
  integrity sha512-6o+mJrZBxOoEX77Ezv9zwW7WV8DdluouRKNY/IR5u/YTMuKHgugHOzYWlYvYLpLA9nPsQCAAASpCIbjI9Mv+Uw==
  dependencies:
    "@babel/types" "^7.8.3"

"@babel/[email protected]^7.8.3":
  version "7.8.3"
  resolved "https://registry.yarnpkg.com/@babel/helper-builder-binary-assignment-operator-visitor/-/helper-builder-binary-assignment-operator-visitor-7.8.3.tgz#c84097a427a061ac56a1c30ebf54b7b22d241503"
  integrity sha512-5eFOm2SyFPK4Rh3XMMRDjN7lBH0orh3ss0g3rTYZnBQ+r6YPj7lgDyCvPphynHvUrobJmeMignBr6Acw9mAPlw==
  dependencies:
    "@babel/helper-explode-assignable-expression" "^7.8.3"
    "@babel/types" "^7.8.3"

The yarn.lock file can be compared to the lock files in other package managers such as Bundler or Cargo. It is very similar to the npm-shrinkwrap.json of npm, but it is however not lossy and it can reproducible results.

Managed by Managed by Yarn

The yarn.lock file is an auto-generated file, it should be handled entirely by Yarn. The yarn.lock file will be updated once you add/upgrade/remove dependencies using the yarn cli. Hence, you should not edit the yarn.lcok file directly.

Current pacakage only

When you install yarn, it will use the top-level yarn.lcok file. it ignores any yarn.lock files that exists within dependencies.

Check into source control

Every yarn.lock file has to be checked into source control. This enables yarn to install the exact same dependencies across all machines. Be it a local PC or a CI server.

Previous: Yarn envvars and .yarnrc files
Next: Configuring an offline Mirror