Once upon a time, NPM …
When talking about package manager for Node.js, the first thing that comes to mind is of course NPM. Appearing in January 2010, NPM is delivered by default in Node.js since its version 0.6.1 released in November 2011. Since then, it has remained the preferred CLI tool for managing packets and dependencies for Node.js . And de facto, the universal packet repository: the NPM registry.
And arrived … Yarn !
Yarn was announced in October 2016 and presents itself as an alternative to the CLI NPM client. Faster, safer and more predictable in fine-tuning versions of installed packages: On paper, Yarn would only have advantages over NPM.
Is it true ?
Use and first impressions
Yarn works very similar to NPM as a CLI tool. It uses the
package.json file as well as NPM, and retrieve the packages from the NPM registry. Dependencies are installed in
node_modules just like NPM. Switching from one tool to another is always possible, even with an already started project.
The installation of Yarn can be done via NPM with npm install –global yarn, but is not recommended, for the same reasons of security and non-determinism of the installed versions which have made it necessary to develop Yarn. You will therefore have to use one of the methods described on the dedicated page, depending on your operating system (no kidding … ;).
First use, let’s init a project !
Once installed, the usage is very similar to that of NPM. To initialize a project and add expressJS to it for example, the following commands must be executed:
$ yarn init $ yarn add express
No obvious ‘–save’ needed, because that’s of course what we WANT to do !
Let’s say it right away : yarn is amazingly fast !
Where NPM installs packets and their dependencies sequentially, Yarn performs these tasks in parallel, greatly increasing performance. Its cache system also allows it to run even faster or offline, for packages already installed on the system. A very good point for me who works in the train once a week ;)
Safety and robustness
From a safety point of view, Yarn is also a step forward compared to NPM. Each installed package is verified by its checksum, and the execution of scripts by the installed packages is prohibited. The robustness and consistency of the installed packages is also one of the major evolution of Yarn. With a new yarn.lock file at the root of the project, it allows you to keep an accurate trace of the installed packages, with their exact version. By publishing this file on your repository, you can be sure to maintain the right conditions of an application between different environments, which can potentially save you from horrible debugging sessions! Other advantages are also to be noted, such as better management of the display in the console, with feedback less intrusive than for NPM.
After a few weeks of use, I can say that I’m really enthusiastic about Yarn! Its commands are intuitive, and to help you also take the step, here is a CheatSheet listing the differences with NPM for each command! Yarn was originally released under the influence of Facebook, but several major players such as Google are now involved in its evolution. Its future looks bright, because despite a lot of issues pointed on the Github project, their rate of resolution is good enough to maintain quality, and to make the tool evolve as much as possible !