Do not use this in your own projects. This repo is only needed for Dependabot to support Yarn v1... it's not needed for Yarn v2/v3. Wherever possible we prefer to use public APIs such as the yarn CLI rather than hacks like this. So whenever we drop support for Yarn v1, this will go away.
As of v1.0, Yarn is distributed as a single bundled .js file, which means it can no longer be used as a library.
This repo automatically generates builds of yarn that may be used as libraries and pushes them to the @dependabot/yarn-lib package on npm.
-
Login to the npmjs registry with GitHub work email and password and go to the Access Tokens section.
Note: If you do not see
Dependabot orgassociated with your npmjs registry account then reach out to your team members in the slack channel #dependabot-updates-team to send you an invite to join the dependabot org. -
Click on
Generate new Access Tokensbutton and copy the token.
-
Update the NPM_TOKEN with the newly generated token in step 2.
-
Follow the guide to update the secret
dependabot_npmjs_org_tokenin the vault with the newly generated token in step 2.