Add yarn as option for package.json dependency manager detection
What does this MR do?
This MR adds yarn as option for the package.json
dependency manager detection. Currently, when viewing a package.json
this message will always be shown to the user, even if the repository uses yarn as dependency manager (like gitlab-org/gitlab does). It could lead to confusion when the project actually uses yarn
to manage node dependencies but GitLab shows that the project uses npm
.
This project manages its dependencies using npm. Learn more
Because there is no characteristic difference between yarn package.json
s and npm package.json
s, the dependency manager detection change in this MR checks whether the engine
property has a yarn
entry:
// Example package.json
{
"name": "module-name",
"version": "10.3.1",
"engines": {
"yarn": "^2.4.0"
}
}
The change should not introduce any false positives because projects which have a yarn
engine version configured are unlikely to use npm
or another package manager in parallel because yarn
discourages it (see the source of yarn):
warning package-lock.json found. Your project contains lock files generated by tools other than Yarn. It is advised not to mix package managers in order to avoid resolution inconsistencies caused by unsynchronized lock files. To clear this warning, remove package-lock.json.
Screenshots (strongly suggested)
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides - [-] Database guides
- [-] Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers - [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec
- [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team