As part of the Artifact Registry project, Product Security and Secure Flow conducted an audit of package managers used in Red Hat builds. You are receiving this message because your product has been identified as currently using Yarn Classic (v1) for Node.js content installation.

Migration from Yarn Classic to Yarn v4 or NPM is required by end of Q1 2026

Why is this migration necessary?

Close to End of Life: Yarn Classic entered maintenance mode in January 2020. It currently receives only critical and security fixes, with no new feature development.

Konflux Hermetic Support: Supporting Yarn Classic in Konflux Hermetic generates significant maintenance overhead and technical friction.

Supply Chain Security: phasing out Yarn Classic will allow Red Hat to accelerate improvements to our overall company supply chain security.