How To Perform Yarn Upgrades To The Latest Version

Yarn is a popular package manager that lets you reliably install JavaScript packages with consistent results. Performing Yarn upgrades provides you with its most up-to-date dependency management capabilities and takes your development experience to the next level.

Let’s start by talking about how Yarn ensures that an installation that works in one development environment will work in the same manner in another environment.

How Yarn handles dependency versioning

Yarn writes all the dependencies of a project to a file called package.json, which is found at the root of the project’s working directory. It also saves the dependency files into the node_modules folder if using Yarn v1. Note that if you’re using Yarn v2, it’s not necessary to install node_modules. 

In the package.json file, each dependency is versioned based on the semantic versioning (SemVer) scheme. This versioning system reflects the types of changes in every updated version of a dependency, like a bug fix or a new feature.

Before updating any Yarn dependencies, you can check their current version in the file.

Here is an example of a package.json file that specifies the name and version ranges of dependencies (notice that the version ranges are specified using operators):

  “dependencies”: {
    “package-one”: “>=4.0.0 <7.1.4”,
    “package-two”: “^2.6.2”,
    “package-three”: “~5.4.3”


Yarn also provides an autogenerated file called yarn.lock, which contains the entries of the exact versions of all dependencies (including transitive) that are used by the project — after determining semantic versioning constraints stipulated in the package.json file.

The purpose of the lock file is to “lock”, as its name suggests, the dependencies to their specific versions during installation. It ensures that each installation of a dependency leads to the exact similar file structure in node_modules across all environments.

Since new package versions are usually released frequently, your code can break if it is not compatible with the newest versions of certain dependencies. Therefore, the ability to lock dependencies to a fixed version is an exciting Yarn feature that means you can be assured of getting the exact same dependencies installed every time.


How to install Yarn


Before installing Yarn, you need to ensure the Node.js JavaScript runtime environment is installed on your system. If you do not have it installed, you can download it from its official website

After installing Node.js, you can run the following command on the terminal to verify if it exists on your system:

   node –version


or (shortened method):

   node -v

Node.js is a prerequisite for installing Yarn because the package manager is written in Node.js and needs it as a runtime.



If you want to install Yarn using npm, you can simply run the following command on the terminal:

   npm install -g yarn

The above command installs Yarn globally on your system — because of the g (global) flag. 

Although Yarn is available as an npm package, the Yarn core team does not recommend the npm installation approach. Other system-specific methods for installing it are listed here

For example, on macOS, you can use the Homebrew package manager to install it.

Here is the command to run:

   brew install yarn

Each operating system comes with its own package manager that will make the process of installing Yarn fast and smooth. 

Whichever the method you use, after a successful installation, the yarn command will be available on your system.


How to check your Yarn version

After installing Yarn, you can run the following command to check its version:

   yarn –version


How to add Yarn dependencies

To include a new package into your project, Yarn lets you add it as a dependency. 

Here is the command to use:

   yarn add [package-name]


For example, if you want to add a package called lodash, you can run the following command:

   yarn add lodash


The above command will also automatically update the package.json file and the yarn.lock file with details of the installed dependency. This way any developer working on this project when using yarn will get the same dependencies. 

If you want to add a package globally, run the following command:

   yarn global add [package-name]


If you want to use a specific version of a package, you can run this command:

   yarn add [package-name]@[version]


On the other hand, if your package.json file already contains a list of dependencies, but the packages have not been added yet, you can run this command:



   yarn install


How to update Yarn dependencies

To update Yarn dependencies use any of the following commands:

yarn upgrade 


 yarn upgrade [package-name]


yarn upgrade [package-name]@[version]


If you do not specify a package name, all of the project’s dependencies will be upgraded to their latest patching versions based on the version range stipulated in the package.json file, and the yarn.lock file will also be recreated. Otherwise, if a package name is specified, Yarn will only update the stated packages.

If you want the stipulated version ranges in package.json to be ignored when updating packages, you can use the upgrade –latest command, instead of the upgrade command.

This way, the version indicated by the latest tag will be used, which allows updating of all of the packages even across major versions. As a result, the package.json file will be modified to be in sync with the latest version range. 

Here are examples:

 yarn upgrade –latest


 yarn upgrade lodash –latest


If you want to display the outdated packages before choosing the ones to update, you can use the upgrade-interactive command. 

With this command, you can select which packages to update rather than blindly updating all of them. Yarn will keep to the version ranges specified in package.json when settling on the dependency version to update to.

Here is how to run the command:

yarn upgrade-interactive


Updating Yarn Dependencies Automatically

While the above Yarn update dependencies methods allow you to upgrade to the latest package versions, which can greatly improve your development experience, they are time-consuming, tedious, and difficult to keep track of.

Instead of trying to perform Yarn upgrades manually, you can use the WhiteSource Renovate tool. WhiteSource Renovate helps you automate dependency updates using pull requests, so that you can stop worrying about outdated dependencies. 

Renovate will help you to save time and reduce the risks of trying to upgrade your packages manually.

Click here to start using WhiteSource Renovate. 

Guy Bar-Gil / About Author

Guy is a product manager at WhiteSource, where we enable software development teams to integrate open source fearlessly and without compromising agility. Before WhiteSource, Guy worked for the IDF’s intelligence division, where he spent time as a combat operator and project manager. Outside of work, you can find Guy reading (everything from fiction to physics), playing and watching sports, traveling the world, and spending time with friends and family.


Leave a Reply

Your email address will not be published. Required fields are marked *