feat(yarn-cling): support yarn berry lockfiles using @yarnpkg/parsers#1319
Merged
feat(yarn-cling): support yarn berry lockfiles using @yarnpkg/parsers#1319
Conversation
… yarn berry (v2+) YAML lockfiles by checking\nfor the __metadata header. Convert berry format keys (npm: prefix),\nchecksum, and resolution fields to the classic YarnLock interface\nso the rest of the shrinkwrap generation pipeline works unchanged.
…\n\nUse @yarnpkg/parsers for both v1 and berry lockfiles, removing the\n@yarnpkg/lockfile and @types/yarnpkg__lockfile dependencies entirely.\nRename parseBerryLockfile to convertBerryToClassicLock to reflect that\nit converts already-parsed data. Use Object.create(null) to prevent\nprototype pollution from untrusted lockfile keys.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1319 +/- ##
=======================================
Coverage 88.20% 88.20%
=======================================
Files 73 73
Lines 10386 10386
Branches 1409 1409
=======================================
Hits 9161 9161
Misses 1198 1198
Partials 27 27
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
mrgrain
commented
Apr 7, 2026
| @@ -1,3 +1,6 @@ | |||
| # THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. | |||
| # yarn lockfile v1 | |||
Contributor
Author
There was a problem hiding this comment.
the new library uses the header comment to detect v1 lockfiles. I think this is a safe change to make in favor of dropping another dependency. Yarn Classic generated lockfiles will have the header.
rix0rrr
approved these changes
Apr 7, 2026
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
yarn-cling previously only understood yarn classic (v1) lockfiles via the
@yarnpkg/lockfilepackage. Repos that are migrating to yarn berry (v2/v3/v4) use a different lockfile format, which caused shrinkwrap generation to silently produce incomplete output since none of the dependencies were resolved from the lockfile.This replaces
@yarnpkg/lockfilewith@yarnpkg/parsers, the official parser package from the yarn berry project.@yarnpkg/parsershandles both v1 and berry lockfile formats, so we no longer need two separate parser dependencies. For berry lockfiles, a conversion step maps the berry-specific fields (resolution→resolved,checksum→integrity) andnpm:prefixed descriptor keys to the classicYarnLockinterface used by the rest of the pipeline.Additionally replaces the deprecated
fs.existsusage with the existingfileExistshelper based onfs.stat.Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license