Home / yarnpkg / yarn
Repository Analysis

yarnpkg/yarn

The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry

0.7 Likely human-written View on GitHub
0.7
Adjusted Score
0.7
Raw Score
100%
Time Factor
2026-05-12
Last Push
41,509
Stars
JavaScript
Language
53,032
Lines of Code
428
Files
30
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 0HIGH 0MEDIUM 2LOW 28

Pattern Findings

30 matches across 5 categories. Click a row to expand file-level details.

Hyper-Verbose Identifiers17 hits · 17 pts
SeverityFileLineSnippet
LOW__tests__/index.js86function expectHelpOutputAsSubcommand(stdout) {
LOW__tests__/index.js101function expectAnInfoMessageAfterError(command: Promise<Array<?string>>, expectedInfo: string): Promise<void> {
LOW…ckages/pkg-tests/pkg-tests-core/sources/utils/tests.js136exports.getPackageHttpArchivePath = async function getPackageHttpArchivePath(
LOWsrc/constants.js47function getPreferredCacheDirectories(): Array<string> {
LOWsrc/util/package-name-utils.js3export function getPlatformSpecificPackageFilename(pkg: {name: string, version: string}): string {
LOWsrc/util/generate-pnp-map.js78function generateFindPackageLocator(packageInformationStores: PackageInformationStores): string {
LOWsrc/util/generate-pnp-map.js129async function getPackageInformationStores(
LOWsrc/util/get-transitive-dev-dependencies.js6function dependenciesObjectToPatterns(dependencies: ?Object): Array<string> {
LOWsrc/util/get-transitive-dev-dependencies.js14function getTransitiveDependencies(lockfile: Lockfile, roots: Array<string>): Set<string> {
LOWsrc/util/get-transitive-dev-dependencies.js64export function getTransitiveDevDependencies(
LOWsrc/util/generate-pnp-map-api.tpl.js113function getPackageInformationSafe(packageLocator) {
LOWsrc/util/generate-pnp-map-api.tpl.js130function applyNodeExtensionResolution(unqualifiedPath, {extensions}) {
LOWsrc/util/portable-script.js15async function makePortableProxyScriptUnix(
LOWsrc/util/child.js48export function forwardSignalToSpawnedProcesses(signal: string) {
LOWsrc/util/filter.js154export function filterOverridenGitignores(files: WalkFiles): WalkFiles {
LOWsrc/cli/commands/upgrade.js22function setUserRequestedPackageVersions(
LOWsrc/resolvers/index.js55export function hostedGitFragmentToGitUrl(fragment: string, reporter: Reporter): string {
Over-Commented Block8 hits · 8 pts
SeverityFileLineSnippet
LOW__tests__/commands/install/integration-hoisting.js21 // /hello
LOW__tests__/commands/install/integration-deduping.js21 // A@2.0.1 -> B@2.0.0
LOW__tests__/commands/install/integration-deduping.js141 // D@2
LOWpackages/pkg-tests/pkg-tests-specs/sources/dragon.js21 [`dragon-test-1-e`]: `1.0.0`,
LOWpackages/pkg-tests/pkg-tests-specs/sources/dragon.js41 // (so we merge their hoistedFrom fields), then B cannot be hoisted
LOWpackages/pkg-tests/pkg-tests-specs/sources/dragon.js81 // Because the workspace B is also a dependency of the workspace A, it will be
LOWsrc/util/generate-pnp-map-api.tpl.js141 if (stat && !stat.isDirectory()) {
LOWsrc/cli/commands/audit.js321 this.auditData.actions.forEach(action => {
Slop Phrases2 hits · 4 pts
SeverityFileLineSnippet
MEDIUMscripts/clean-mirror.sh5# If you only have a single project in your mirror, you can use the purge configuration to automatically remove packages
LOWsrc/cli/index.js363 // Don't forget to kill the sockets if we're being killed via signals
Self-Referential Comments1 hit · 3 pts
SeverityFileLineSnippet
MEDIUMend_to_end_tests/data/run-yarn-test.sh20# Create the cache directory and remove it
Redundant / Tautological Comments2 hits · 3 pts
SeverityFileLineSnippet
LOWend_to_end_tests/data/run-ubuntu.sh16# Check if this is an old Ubuntu version that needs the NodeSource repo
LOWscripts/update-npm.sh15# Check if this version is already published to npm.