Yarn Workspaces does not Honor .npmrc Location Precedence - Implications and Possible Solutions
Yarn Workspaces has a bug that does not respect the location precedence of .npmrc / .yarnrc files to configure registry settings if you run a yarn command in a selected workspace. Consider the following situation:
- A .npmrc file located at home folder specifies a registry entry to use a private npm registry.
- A .npmrc file located at a project root specifies a registry entry to target a public npm registry like this
In my current project, I have such a situation. The default situation is that projects need a registry setup to use the internal Artifactory. One project requires a setup to target the public npm registry. The problem of this project is that adding a dependency to a specific yarn workspaces package with the following command uses the wrong registry setup (the setup of
~/.npmrc instead of
.npmrc file located at project root):
$ yarn workspace package-a add @rooks/use-previous
The problem is that wrong URLs are put into the
yarn.lock file (targeting the private registry).
However, if you add a dependency globally with the
-W flag, then the
.npmrc precedence is honored:
$ yarn add @rooks/use-previous -W
This bug seems to exist for a very long time.
The following workarounds are possible:
- Use the
$ yarn workspace package-a add @rooks/use-previous --registry 'https://registry.yarnpkg.com'
- Manually add the dependency to the
package.jsonof package-a and run
yarn installfrom the root folder of the project.
~/.npmrcto every project root folder that need this registry setup and delete
~/.npmrc. If you have private settings (e.g., your user credentials) in the file, pay attention that you do not push the file to VCS (dd it to
- Don’t use yarn workspaces. E.g., use Lerna with npm.