Dependency Management

Managing NPM dependencies, security auditing, and version strategies.

Package Manager

Ever Gauzy uses Yarn Classic (v1) for dependency management. All lock files use yarn.lock.

Adding Dependencies

# Add to a specific package
yarn workspace @gauzy/core add lodash

# Add as dev dependency
yarn workspace @gauzy/core add -D @types/lodash

# Add to root (affects all packages)
yarn add -W some-global-tool

Version Strategies

Strategy	Notation	Description
Exact	`1.2.3`	Exact version only
Patch range	`~1.2.3`	Allows `1.2.x`
Minor range	`^1.2.3`	Allows `1.x.x`

Recommendation: Use exact versions (1.2.3) for critical dependencies, caret (^) for utilities.

Security Audit

# Run security audit
yarn audit

# Fix vulnerabilities
yarn audit fix

Dependency Updates

# Check for outdated packages
yarn outdated

# Interactive upgrade
npx npm-check-updates -i

Private Registry Packages

Internal packages from Verdaccio:

@ever-co/ui-core
@ever-co/common
@gauzy/contracts
@gauzy/plugin-*

See Private Registry for configuration.

Monorepo Navigation — repo structure
Private Registry — Verdaccio

Package Manager​

Adding Dependencies​

Version Strategies​

Security Audit​

Dependency Updates​

Private Registry Packages​

Related Pages​