brin
brin

@yarnpkg/core

npm

Is @yarnpkg/core safe to use?

The latest brin safety scan flagged @yarnpkg/core v4.5.0 with risk indicators that warrant review. No known CVE vulnerabilities. Trust score: 70/100. Review the findings below before use. This is an automated assessment and may contain errors.

Install (safety-checked)

@yarnpkg/core Has Warnings

Warnings detected due to potential concerns

warning
CVEs

0

Threats

0

Install Scripts

0

Risk Indicators

  • Can spawn child processes

brin Recommendations

  • This package has warnings detected. Evaluate the specific concerns before proceeding.

Install with brin add @yarnpkg/core to automatically apply these checks before installation.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

@yarnpkg/core Capabilities & Permissions

What @yarnpkg/core can access when installed. Review these capabilities before using with AI agents like Cursor, Claude Code, or Codex.

Network Access

This package makes network requests.

browser-http-intake.logs.datadoghq.euclassic.yarnpkg.comdeveloper.mozilla.orggist.github.comgithub.comhadoop.apache.orgsemver.orgyarnpkg.com
Protocols: https

Filesystem Access

Reads and writes to the filesystem.

.env (w).env (rw)node_modules (rw)package.json (rw).env (rw)package.json (rw).env (rw)node_modules (rw)+13 more

Process Spawning

This package can spawn child processes.

Environment Variables

Accesses the following environment variables.

COREPACK_ROOTGITHUB_EVENT_PATHKONSOLE_VERSIONLOCALAPPDATATERM_PROGRAMWT_SESSIONXDG_DATA_HOMEYARN_CACHE_CHECKPOINT_OVERRIDEYARN_CACHE_VERSION_OVERRIDEYARN_CPU_OVERRIDE+4 more

AGENTS.md for @yarnpkg/core

Good instructions lead to good results. brin adds @yarnpkg/core documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.

brin init

Vercel's research: 100% accuracy with AGENTS.md vs 53% without →

@yarnpkg/core Documentation & Source Code

For the full @yarnpkg/core README, API documentation, and source code, visit the official package registry.

View on npmView Source

Frequently asked questions about @yarnpkg/core safety

Weekly Downloads

737.8K

Version

4.5.0

License

BSD-2-Clause

Last Scanned

Feb 1, 2026

Trust Score

70/100·Legitimacy signals, not safety

Capabilities

Network

Connects to: browser-http-intake.logs.datadoghq.eu, classic.yarnpkg.com, developer.mozilla.org...

Filesystem

Reads & Writes files

Process

Spawns child processes

Environment

Accesses: COREPACK_ROOT, GITHUB_EVENT_PATH, KONSOLE_VERSION...