brin
brin

yarn

npm

Is yarn safe to use?

Based on the latest brin safety scan, no vulnerabilities or threats were detected for yarn v1.22.22. Trust score: 65/100. No known CVE vulnerabilities, no detected threat patterns, and no suspicious capabilities identified. This is an automated, point-in-time assessment.

Install (safety-checked)

yarn Passed Security Checks

No security concerns detected

clean
CVEs

0

Threats

0

Install Scripts

0

No Concerns Detected

No security concerns detected in the latest brin assessment. This is an automated, point-in-time evaluation — security posture may change.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

yarn Capabilities & Permissions

What yarn can access when installed. Review these capabilities before using with AI agents like Cursor, Claude Code, or Codex.

Filesystem Access

Reads and writes to the filesystem.

/usr/ (r).env (rw).env (rw)node_modules (rw)package.json (rw)

Environment Variables

Accesses the following environment variables.

DISABLE_V8_COMPILE_CACHEnpm_config_globalnpm_execpath

AGENTS.md for yarn

Good instructions lead to good results. brin adds yarn documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.

brin init

Vercel's research: 100% accuracy with AGENTS.md vs 53% without →

yarn Documentation & Source Code

For the full yarn README, API documentation, and source code, visit the official package registry.

View on npmView SourceHomepage

Frequently asked questions about yarn safety

Weekly Downloads

7.1M

Version

1.22.22

License

BSD-2-Clause

Last Scanned

Feb 1, 2026

Trust Score

65/100·Legitimacy signals, not safety

Capabilities

Filesystem

Reads & Writes files

Environment

Accesses: DISABLE_V8_COMPILE_CACHE, npm_config_global, npm_execpath

Is yarn Safe? | npm Safety Scan - brin