The yarn source will detect dependencies when package.json and yarn.lock are found at an app's source_path.
It uses the yarn CLI commands to enumerate dependencies and gather metadata on each package.
Note Yarn versions < 1.3.0 will always include non-production dependencies due to a bug in those versions of yarn. Note Yarn versions > 2.0 will always include non-production dependencies due to lack of filtering of production vs non-production dependencies in the yarn CLI.
For yarn versions between 1.3.0 and 2.0, the yarn source excludes non-production dependencies by default. To include development and test dependencies in these versions, set production_only: false in .licensed.yml.
yarn:
production_only: false