Skip to content
[ PIER ]

Use yarn 1.x with Pier

Yarn classic — yarn 1.22 — reads its registry config from .npmrc just like npm. There’s one critical quirk:

always-auth=true is mandatory for yarn 1. Without it, yarn 1 omits the bearer token on GET requests, and every install fails with 401 Unauthorized. npm/pnpm/bun send the bearer by default, so this is yarn-1-specific.

Configure

Section titled “Configure”
.npmrc
registry=https://YOUR-PIER-HOST/registry/npm/
//YOUR-PIER-HOST/registry/npm/:_authToken=pier_npm_…
always-auth=true

Yarn 1 also reads .yarnrc for some flags, but registry + auth come from .npmrc.

Install

Section titled “Install”
Terminal window
yarn install
yarn add left-pad
yarn add @your-org/internal-lib

Publish

Section titled “Publish”
Terminal window
yarn publish

Yarn 1 prompts for the version bump interactively. Pass --new-version 1.2.0 to skip the prompt in CI.

Login

Section titled “Login”

Yarn 1 doesn’t have its own login flow — use npm login against Pier and the token lands in .npmrc (which yarn 1 reads).

Terminal window
npm login --auth-type=web --registry=https://YOUR-PIER-HOST/registry/npm/

Why always-auth=true matters

Section titled “Why always-auth=true matters”

Yarn 1 has a hard-coded auth.optional = true behavior for GET requests (which include packument fetches and tarball downloads). When always-auth=true is set, yarn 1 promotes auth to required on every request, including GETs.

Pier requires auth on every authenticated route (including reads of private packages). Without always-auth=true, yarn 1 sends no bearer → Pier returns 401 → yarn fails.

This setting is harmless for every other client, so it’s safe to keep it on all the time.

Node version warning

Section titled “Node version warning”

Yarn 1.22.22 has a TLS handshake quirk on Node 20 that produces a confusing Request.emit stack trace when hitting an HTTPS upstream. Use Node 22+ (LTS 24 ideal) if you’re on yarn 1.

Terminal window
nvm install 24
nvm use 24
yarn --version   # → 1.22.22
yarn install     # works

Versions matrix

Section titled “Versions matrix”
yarn versionStatusNotes
1.22.xalways-auth=true mandatory; use Node 22+
2.x / 3.x / 4.xDifferent config — see yarn berry guide

Common errors

Section titled “Common errors”
  • Request "https://…/registry/npm/foo" finished with status code 401always-auth=true is missing.
  • Request.emit (events.js:223:5) stack trace — Node 20 TLS bug on yarn 1.22. Upgrade Node to 22+ or 24 LTS.
  • error An unexpected error occurred: "404 Not Found" — upstream proxy is off and the package isn’t privately published. Enable proxy or publish privately.
Section titled “Related”