Everything You Wanted to Know About Yarn Package Manager
Yarn is new package manager for JavaScript which is a replacement for NPM. Let’s see why we need yarn in the first place and how it works.
Why do we need Yarn?
New tools are in abundance for JavaScript and we keep seeing new ones every week. We know the time when NPM was introduced to solve dependency management for JavaScript. Everyone are excited about it. Then NPM quickly become default package manager for Node.js.
NPM becomes part of developer’s life. Developers use it for both frontend and backend dependency management. Even though NPM is great, developers had lot of issues with it. Some of the problems are:
- As you know, all packages will be stored
node_modules
directory in npm. If you’ve deleted your node_modules folder for any reason and runnpm install
in the project console, npm will re-download each and every package along with their dependencies, which in itself is not required and takes up too much of your time. - NPM always installs each dependency one after the other which might end up using a lot of time. I used to take small walk after running
npm install
:). Why can’t npm client parallelize the downloads? - There is no offline installation from my local cache.
Introducing Yarn
Yarn is built to solve three main problems:
- Speed
- Security
- Reliability
2 to 7x faster than npm
Yarn’s good performance comes out because of a interesting cache implementation. Whenever yarn installs a package, it caches it. So any time yarn sees a request for an installation for a package, it will first try to install it from its cache which makes it much faster. Also yarn, being a tool that is of this new age of concurrent coding, executes downloads in parallel threads to make the best use of resource utilization.
Super secured
Anytime a package is installed and is about to be executed, it verifies the integrity of the package by using the package’s checksum. The same checksum method is used to also check if the caching process of the package was indeed successful or not. When it detects an incorrect checksum, the packages is again re-fetched from the original source.
Reliable
Using a detailed, but concise lockfile format, and a deterministic algorithm for installs, Yarn is able to guarantee that an install that worked on one system will work exactly the same way on any other system.
Lock file?
When you run yarn
(equivalent to running npm install
), it creates yarn.lock
. This file is equivalent to npm’s Shrinkwrap file. But Shrinkwrap aren’t generated by default and will fall out of sync if engineers forget to generate them. To solve it, even after every upgrade or removal, yarn updates a yarn.lock file. So yarn.lock
file always keeps track of the exact package version installed in node_modules directory. I would recommend you to add this file to version control since it gives the package version consistency across all environments.
Offline
Yarn creates a cached copy which facilitates offline package installs. Therefore you can install your npm packages without an internet connection with Yarn. This is especially useful for Continuous Integration(CI) systems; they no longer rely on an internet connection and the npm registry, and your tests will pass even when npm goes down.
Overall, yarn offers a better workflow than npm.
Getting started
You can install yarn through NPM
npm install -g yarn
You can update to the latest version of Yarn
yarn self-update
The yarn CLI replaces npm in your development workflow, either with a matching command or a new, similar command:
How to Yarn?
For most of the command, yarn works exactly the same way like npm. But there are some changes in few basic commands.
npm install → yarn
With no arguments, the yarn command will read your package.json, fetch packages from the npm registry, and populate your node_modules folder. Also it generates yarn.lock
file.
Yarn simplifies the npm’s install and update command:
npm install react --save → yarn add react
npm uninstall react --save → yarn remove react
npm install react --save-dev → yarn add react --dev
npm update --save → yarn upgrade
npm install react --global → yarn global add react
For following commands, if you know NPM, you’re already set!
npm init → yarn init
npm link → yarn link
npm outdated → yarn outdated
npm publish → yarn publish
npm run → yarn run
npm cache clean → yarn cache clean
npm login → yarn login
npm logout → yarn logout
npm test → yarn test
As always, use global flag with care.
More ever Yarn has some great features that NPM doesn’t have. You can check the licenses of your dependencies and you can also generate your license dependencies.
yarn licenses
yarn licenses generate
Oliver Combe added a great tool yarn why package-name
, this will identify why this package is installed and which other packages are dependent on it.
yarn why react
As far as I played with yarn, it looks amazing and I did not find any issues. Since the project is backed by companies like Google and Facebook, I am optimistic that it can become the official npm package manager soon.
Great work by the Yarn team for such a wonderful tool. I’m looking forward for much more improvement in the future.
If you are interested in monitoring performances of your Node.js apps, Try Atatus Node.js APM with free 14 day trial – no credit card required. If you have any questions, we’d love to hear from you.