Yarn: `yarn list --depth 0` list all installed dependencies in node_modules beside in package.json

Thanks for your request but it is not clear what you want could you provide an example?
I'll close for now but feel free to reopen with more info.

I believe they are looking for behavior like npm list --depth 0 where it only lists the explicit dependencies.

$ cat package.json
{
    "name": "shine",
    "private": true,
    "dependencies": {
        "@rails/webpacker": "^3.0.1",
        "bootstrap": "3"
    },
    "devDependencies": {
        "webpack-dev-server": "^2.7.1"
    }
}

$ npm list --depth 0
shine@ <current working directory>
+-- @rails/[email protected]
+-- [email protected]
`-- [email protected]

vs

$ yarn list --depth 0 | wc -l
745

I personally find it more useful when doing npm --global list since there is no package.json to cat to see all the global scripts.

@Soobrakay What you stated is exactly what I'm looking for. The OP may have not been super clear, but I think it would be quite useful to get a full list of _only_ the installed versions of packages explicitly listed in package.json.

The default behavior right now seems cluttered and confusing. Because nested dependencies are hoisted in most scenarios, the --depth=0 doesn't really provide any selective information and instead just lists pretty much all packages on the system. I think there should be a flag that filters the list to only what is explicitly shown in package.json. It might also be nice to have an option to format it in the same way the outdated command works, but show all packages listed in package.json instead of only those out of date.

Please reopen this, or provide an alternative way to list only the installed packages as @Soobrakay points out. The current behavior is useless in a flattened package manager.

any news about this?

​Oddly enough, npm ls --depth 0 works on ​a yarn managed repo!

node v8.9.3
npm 5.5.1
yarn 1.3.2

Another oddity: in my repo, this:ls node_modules/ava produces:

master: ls node_modules/ava
api.js      index.js.flow   node_modules    readme.md
cli.js      lib     package.json    types
index.js    license     profile.js

yet ls node_modules produces the flat list of directories.

Ok, let's reopen the issue, looks like enough people want it.
The command is quite easy to modify, so go ahead and send a PR, the code is here https://github.com/yarnpkg/yarn/blob/master/src/cli/commands/list.js

@bestander Can you maybe give some hints / pseudocode about the required modifications?

The command is quite easy to modify

I took a look at list.js and wasn't sure where to begin.

It all starts with the run function.

1. Put a few console.log statements
2. run yarn build
3. Run ./bin/yarn list

With version 1.7.0 I'm able to do yarn global list and it shows the packages similarly to npm's npm list -g --depth=0

@Ploppy3 This isn't about showing global packages. It's about showing only information for the packages explicitly listed within a particular project's package.json file (rather than ALL nested dependencies as well).

@dlong500 yarn global list used to show the complete list of dependencies, --depth was not working.

@Ploppy3 That may be true, but this issue is specifically about showing a local project's explicit dependencies. We need to make sure people don't think this issue isn't valid anymore. There is still no way to show the status of only the explicitly listed dependencies for a local project.

I may try to look at it myself if I can get some free time this summer and if no one else hasn't handled it yet.

@dlong500 Yes I understand.

I don't have the knowledge to work on this, so it's cool if you want to do it.

I've been thinking about the best way to handle the intent of this issue, and I wonder if it might not be better to create a new command called something like yarn show rather than trying to change the yarn list command. The list command has so much baggage and people may be using it for various other legitimate purposes in its current form (although I still think that hoisting makes the --depth option indeterminate).

I cloned the repo for testing and was able to produce essentially what I'm after with a one line change to the yarn outdated command that simply doesn't filter the results with the isDepOld check, so it displays all the explicit package dependencies instead of only those that can be updated. I wonder if the outdated code could be enhanced to also handle a yarn show command, and this could potentially be further enhanced by adding a few other flags to filter the show results by package type (dependency, devDependency, peerDependency, etc).

Using the outdated format also looks good in my opinion and allows a nice list for all dependencies that even includes the URL field of each package.

Any thoughts?

@dlong500
+1 for leaving the current list command as is, for the reasons you stated.
+1 for creating a new command, as long as it's not invoked as part of the existing outdated command. I think that's what you intended, while only sharing the underlying implementation of outdated, yes?

The proposed show command might have additional awesomeness if it fell back to the npm config setting for depth, if it exists, unless a specific depth setting in the yarn config exists.

Any ongoing work on same?

Too bad, I only recently tried yarn in a repo and just found that I get a HUGE list instead of just the packages I actually installed (directly).

There are TWO places where yarn does that, unlike npm which only shows what is actually important:

• After yarn upgrade I get a list of ALL packages, not just the upgraded ones (why???)
• The issue right here, yarn list --depth=0 vs npm ls --depth=0 — I mean, why even bother to support the --depth option if it is ignored and the whole dependency tree is shown?? That the parameter is interpreted as changing the display output to a flat list is a mad twist. Even standalone, but yarn should look at what npm does, given that the majority of users will know, and often use, both tools, and having the exact same thing have entirely different meaning is a bad design decision. Let's play nice together, this isn't Microsoft vs. Oracle or such, could open source tools not just get along even when they compete? In this context that means not confusing the users to "punish" the ones that used to use or still use the "competitor" (which in this case is the much older tool with a lot more users).

A someone who recently switched one repo to yarn to see how it works, both those behaviors are unexpected — and worse, don't make sense even on their own. Such an output might be useful if it is processed by another tool, for humans the huge list of everything hardly ever is what is useful, but only the relevant information.

Just bit by this! I expected yarn list --depth=0 to show only packages in my project's package.json.

There should be a simple and obvious command to list top-level packages via yarn, this is a poor new user experience.

Agreed: yarn list --depth=0 also seems to pipe unexpected stdout when I compare to npm list --depth=0

with bash and jq installed you can use this:

# show only requested dependencies from a shallow yarn list
yarndeps() {
    # preload installed dependencies, remove first and last lines
    roster="$(yarn list --depth 0 2>/dev/null | awk '{print $2}' | sed '1d;$d')"
    # match each dependency (from package.json) to the preloaded list
    while IFS= read -r dependency; do
        echo "${roster}" | GREP_OPTIONS='' grep --color=never "^${dependency}@"
    done <<< "$(jq -r '.dependencies,.devDependencies|keys[]' package.json)"
}

Just got hit by this. It's really counterintuitive. You would naturally expect yarn list --depth=0 to list the base dependencies.

Which ever api you choose to enable it via, there definitely needs to be a command so that we can verify, 'of the packages in package.json are they all installed or are some missing'.

I needed to do this as I had an error saying that some base dependency was missing. (in the end it turned out the error was also an error, but this confusing command really got in the way of things).

Is this something that is up for grabs?

I also need this feature: "list locked direct dependencies with their exact version",
i.e. use dependencies listed in package.json, show the exact version stored in "yarn.lock".

For now, I made a node script to this job: https://gist.github.com/bsdelf/d24465c089c6eaba7ddac0951ac5faf7.

As per @dlong500's suggestion, I have managed to implement this by removing the isDepOld check. I am working on getting out a PR for this.