Is yarn 1.x still maintained?

[desmap]

Not that I want to use it for new projects @arcanis but I have a couple of legacy code bases where I face issues and the yarn upgrade path is not straight-forward (or I just don't want or have time to upgrade). So, if you stopped supporting 1.x it would be helpful to let people know.

[arcanis]

From the 2.0 release post:

Yarn 1.22 will be released next week. Once done, the 1.x branch will officially enter maintenance mode - meaning that it won't receive further releases from me except when absolutely required to patch vulnerabilities. New features will be developed exclusively against Yarn 2.

I'm also not sure why you'd expect anything different - I'm myself not aware of any project that kept developing features and releasing bugfixes on both their current and previous majors, especially when the later is a modernized codebase. In our case we at least commit to fix security issues if they arise, but we can't really afford more time on 1.x.

[desmap]

I'm also not sure why you'd expect anything different

I explained it. I have legacy code which faces issues (see my issue before about the cache).

I'm myself not aware of any project that kept developing features and releasing bugfixes on both their current and previous majors, especially when the later is a modernized codebase.

a bit apples to oranges. yarn 2 is even more than a breaking change to 1 (remember the heated discussions not too long ago?), it's basically a new piece of software barely related to yarn 1, that they have the same name is misleading (berry?) and not everyone wants/have time to migrate old projects to 2. Maybe because they just chose a new default package manager for new projects and there are not familiar with yarn 2. and at one point after people complained that you just can't deprecate 1 you said that yarn 1 is now called "classic" and they will coexit.

Look, the project I am talking about is a monorepo which uses heavily workspaces. Migrating this away to a different package manager such as yarn 2, npm 7 or pnpm is quite some work. I wrote there is no simple upgrade path to yarn 2 and I know, if I migrate to 2 and face issues in let's say 3 years, I will have the same discussion about an unmaintained yarn 2 with you again. Too risky if you ask me.

Whatever, in the end I guess I have to migrate away to pnpm or npm 7 and I learned my lesson.

[arcanis]

I explained it. I have legacy code which faces issues (see my issue before about the cache).

You have to understand we're a team of volunteers. It's too bad if you have legacy code and you're not willing to upgrade, but there's no reason why we should maintain a codebase we've already fully rewritten more than a year ago because of its numerous issues. Your problems are likely fixed already, why should we duplicate our (volunteer) work just for your project? I'd very much prefer to spend this time with my family.

yarn 2 is even more than a breaking change to 1 (remember the heated discussions not too long ago?)

I think you got misled. The breaking changes are fairly scoped if you follow the migration guide. You can listen to the doomsayers, but every project has them and at some point it might be worth evaluating solutions outside of "[ ] Has heated discussions". We're in tech, toxic opinions are everywhere.

In any case I think this question is answered; Yarn is very much maintained, and is in better shape than ever. This repository will only receive improvements when related to security or migration workflow.

[GlenTiki]

@arcanis I'm reading this in 2024, and Yarn is currently on version 4+. Is this still true? (That it will be patched for security issues, if they come up)

[arcanis]

Yes, that's still true.