Publish packages with Yarn
You can publish and install packages with Yarn 1 (Classic) and Yarn 2+.
To find the Yarn version used in the deployment container, run yarn --version
in the script
block of the CI/CD
script job block that is responsible for calling yarn publish
. The Yarn version is shown in the pipeline output.
Authenticating to the package registry
You need a token to interact with the package registry. Different tokens are available depending on what you’re trying to achieve. For more information, review the guidance on tokens.
- If your organization uses two-factor authentication (2FA), you must use a
personal access token with the scope set to
api
. - If you publish a package with CI/CD pipelines, you can use a CI/CD job token with private runners. You can also register a variable for instance runners.
Configure Yarn for publication
To configure Yarn to publish to the package registry, edit your .yarnrc.yml
file.
You can find this file in root directory of your project, in the same place as the package.json
file.
Edit
.yarnrc.yml
and add the following configuration:npmScopes: <my-org>: npmPublishRegistry: 'https://<domain>/api/v4/projects/<project_id>/packages/npm/' npmAlwaysAuth: true npmAuthToken: '<token>'
In this configuration:
- Replace
<my-org>
with your organization scope. Do not include the@
symbol. - Replace
<domain>
with your domain name. - Replace
<project_id>
with your project’s ID, which you can find on the project overview page. - Replace
<token>
with a deployment token, group access token, project access token, or personal access token.
- Replace
In Yarn Classic, scoped registries with publishConfig["@scope:registry"]
are not supported. See Yarn pull request 7829 for more information.
Instead, set publishConfig
to registry
in your package.json
file.
Publish a package
You can publish a package from the command line, or with GitLab CI/CD.
With the command line
To publish a package manually:
Run the following command:
# Yarn 1 (Classic) yarn publish # Yarn 2+ yarn npm publish
With CI/CD
You can publish a package automatically with instance runners (default) or private runners (advanced). You can use pipeline variables when you publish with CI/CD.
Create an authentication token for your project or group:
- On the left sidebar, select Search or go to and find your project or group.
- On the left sidebar, select Settings > Repository > Deploy Tokens.
- Create a deployment token with
read_package_registry
andwrite_package_registry
scopes and copy the generated token. - On the left sidebar, select Settings > CI/CD > Variables.
- Select
Add variable
and use the following settings:
Field Value key NPM_AUTH_TOKEN
value <DEPLOY-TOKEN>
type Variable Protected variable CHECKED
Mask variable CHECKED
Expand variable CHECKED
Optional. To use protected variables:
- Go to the repository that contains the Yarn package source code.
- On the left sidebar, select Settings > Repository.
- If you are building from branches with tags, select Protected Tags and add
v*
(wildcard) for semantic versioning. - If you are building from branches without tags, select Branch rules.
- If you are building from branches with tags, select Protected Tags and add
Add the
NPM_AUTH_TOKEN
you created to the.yarnrc.yml
configuration in your package project root directory wherepackage.json
is found:npmScopes: <my-org>: npmPublishRegistry: '${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/npm/' npmAlwaysAuth: true npmAuthToken: '${NPM_AUTH_TOKEN}'
In this configuration, replace
<my-org>
with your organization scope, excluding the@
symbol.
Add your
CI_JOB_TOKEN
to the.yarnrc.yml
configuration in the root directory of your package project, wherepackage.json
is located:npmScopes: <my-org>: npmPublishRegistry: '${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/npm/' npmAlwaysAuth: true npmAuthToken: '${CI_JOB_TOKEN}'
In this configuration, replace
<my-org>
with your organization scope, excluding the@
symbol.In the GitLab project with your
.yarnrc.yml
, edit or create a.gitlab-ci.yml
file. For example, to trigger only on any tag push:In Yarn 1:
image: node:lts stages: - deploy rules: - if: $CI_COMMIT_TAG deploy: stage: deploy script: - yarn publish
In Yarn 2 and higher:
image: node:lts stages: - deploy rules: - if: $CI_COMMIT_TAG deploy: stage: deploy before_script: - corepack enable - yarn set version stable script: - yarn npm publish
When the pipeline runs, your package is added to the package registry.
Install a package
You can install from an instance or project. If multiple packages have the same name and version, only the most recently published package is retrieved when you install a package.
Scoped package names
To install from an instance, a package must be named with a scope.
You can set up the scope for your package in the .yarnrc.yml
file and with the publishConfig
option in the package.json
.
You don’t need to follow package naming conventions if you install from a project or group.
A package scope begins with a @
and follows the format @owner/package-name
:
- The
@owner
is the top-level project that hosts the packages, not the root of the project with the package source code. - The package name can be anything.
For example:
Project URL | Package registry | Organization scope | Full package name |
---|---|---|---|
https://gitlab.com/<my-org>/<group-name>/<package-name-example> | Package Name Example | @my-org | @my-org/package-name |
https://gitlab.com/<example-org>/<group-name>/<project-name> | Project Name | @example-org | @example-org/project-name |
Install from the instance
If you’re working with many packages in the same organization scope, consider installing from the instance.
Configure your organization scope. In your
.yarnrc.yml
file, add the following:npmScopes: <my-org>: npmRegistryServer: 'https://<domain_name>/api/v4/packages/npm'
- Replace
<my-org>
with the root level group of the project you’re installing to the package from excluding the@
symbol. - Replace
<domain_name>
with your domain name, for example,gitlab.com
.
- Replace
Optional. If your package is private, you must configure access to the package registry:
npmRegistries: //<domain_name>/api/v4/packages/npm: npmAlwaysAuth: true npmAuthToken: '<token>'
- Replace
<domain_name>
with your domain name, for example,gitlab.com
. - Replace
<token>
with a deployment token (recommended), group access token, project access token, or personal access token.
- Replace
Install from a group or project
If you have a one-off package, you can install it from a group or project.
Configure the group scope. In your
.yarnrc.yml
file, add the following:npmScopes: <my-org>: npmRegistryServer: 'https://<domain_name>/api/v4/groups/<group_id>/-/packages/npm'
- Replace
<my-org>
with the top-level group that contains the group you want to install from. Exclude the@
symbol. - Replace
<domain_name>
with your domain name, for example,gitlab.com
. - Replace
<group_id>
with your group ID, found on the group overview page.
- Replace
Optional. If your package is private, you must set the registry:
npmRegistries: //<domain_name>/api/v4/groups/<group_id>/-/packages/npm: npmAlwaysAuth: true npmAuthToken: "<token>"
- Replace
<domain_name>
with your domain name, for example,gitlab.com
. - Replace
<token>
with a deployment token (recommended), group access token, project access token, or personal access token. - Replace
<group_id>
with your group ID, found on the group overview page.
- Replace
Configure the project scope. In your
.yarnrc.yml
file, add the following:npmScopes: <my-org>: npmRegistryServer: "https://<domain_name>/api/v4/projects/<project_id>/packages/npm"
- Replace
<my-org>
with the top-level group that contains the project you want to install from. Exclude the@
symbol. - Replace
<domain_name>
with your domain name, for example,gitlab.com
. - Replace
<project_id>
with your project ID, found on the project overview page.
- Replace
Optional. If your package is private, you must set the registry:
npmRegistries: //<domain_name>/api/v4/projects/<project_id>/packages/npm: npmAlwaysAuth: true npmAuthToken: "<token>"
- Replace
<domain_name>
with your domain name, for example,gitlab.com
. - Replace
<token>
with a deployment token (recommended), group access token, project access token, or personal access token. - Replace
<project_id>
with your project ID, found on the project overview page.
- Replace
Install with Yarn
- Run
yarn add
either from the command line, or from a CI/CD pipeline:
yarn add @scope/my-package
Yarn Classic requires both a .npmrc
and a .yarnrc
file.
See Yarn issue 4451 for more information.
Place your credentials in the
.npmrc
file, and the scoped registry in the.yarnrc
file:# .npmrc ## For the instance //<domain_name>/api/v4/packages/npm/:_authToken='<token>' ## For the group //<domain_name>/api/v4/groups/<group_id>/-/packages/npm/:_authToken='<token>' ## For the project //<domain_name>/api/v4/projects/<project_id>/packages/npm/:_authToken='<token>' # .yarnrc ## For the instance '@scope:registry' 'https://<domain_name>/api/v4/packages/npm/' ## For the group '@scope:registry' 'https://<domain_name>/api/v4/groups/<group_id>/-/packages/npm/' ## For the project '@scope:registry' 'https://<domain_name>/api/v4/projects/<project_id>/packages/npm/'
Run
yarn add
either from the command line, or from a CI/CD pipeline:yarn add @scope/my-package
Related topics
Troubleshooting
Error running Yarn with the package registry for the npm registry
If you are using Yarn with the npm registry, you may get an error message like:
yarn install v1.15.2
warning package.json: No license field
info No lockfile found.
warning XXX: No license field
[1/4] 🔍 Resolving packages...
[2/4] 🚚 Fetching packages...
error An unexpected error occurred: "https://gitlab.example.com/api/v4/projects/XXX/packages/npm/XXX/XXX/-/XXX/XXX-X.X.X.tgz: Request failed \"404 Not Found\"".
info If you think this is a bug, please open a bug report with the information provided in "/Users/XXX/gitlab-migration/module-util/yarn-error.log".
info Visit https://classic.yarnpkg.com/en/docs/cli/install for documentation about this command
In this case, the following commands create a file called .yarnrc
in the current directory. Make sure to be in either your user home directory for global configuration or your project root for per-project configuration:
yarn config set '//gitlab.example.com/api/v4/projects/<project_id>/packages/npm/:_authToken' '<token>'
yarn config set '//gitlab.example.com/api/v4/packages/npm/:_authToken' '<token>'
yarn install
fails to clone repository as a dependency
If you use yarn install
from a Dockerfile, when you build the Dockerfile you might get an error like this:
...
#6 8.621 fatal: unable to access 'https://gitlab.com/path/to/project/': Problem with the SSL CA cert (path? access rights?)
#6 8.621 info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
#6 ...
To resolve this issue, add an exclamation mark (!
) to every Yarn-related path in your .dockerignore file.
**
!./package.json
!./yarn.lock
...