Web Development

Yarn Package Manager – The Next Evolution Of Package Managers (npm, Bower)

Shortcomings Of Today’s Package Managers (bower / npm)

For most web developers package manager are an integral part of their development workflow. Package managers like bower and npm are very popular today. Npm is the default package of the Node.js platform and recently it became a defacto standard for package management in the JavaScript world.

However there are shortcoming of npm which arises when dealing with projects with a lot of dependencies. The installation of packages in the node_modules folder is done in a non-deterministically way, so the exact order and patch levels of packages can differ from one person to another which is a source of potential problems.

Furthermore the installation process of npm requires an internet connection because every package is loaded at installation time, no caching mechanism is available. There is no possibility to use the package manager in an offline scenario and the installation process is time-consuming.

Introducing Yarn Package Manager

The yarn package manager has been initiated by Facebook and is supported by companies like Google. It has been developed to address the previously mentioned shortcomings and provide a more advanced package management tool for an overall easier development workflow.

The main features of yarn are listed in the following:

  • Caching mode: If a package has already been installed before, Yarn is able to deploy that package without an internet connection because it is available in an internal cache. This feature contributes to a faster installation process.
  • Improved network performance and resilience: To maximize network utilization, Yarn queues up requests and avoids request waterfalls. Installation failures caused by failed requests are mitigated by continuously retrying failed requests.
  • Registry compatibility: Yarn is compatible with both registries: npm and bower.
  • Deterministic install algorithm: Yarn is using lock files to make sure that the node_modules directory has the exact same structure on all development environments.
  • Secure installs: Package integrity is checked after each install to avoid corrupt packages.

Installing Yarn

Yarn comes as a NPM package, so installation can be done by using the following command:

$ npm install -g yarn

This installs yarn globally on your system. Having completed the installation successfully the yarn becomes available on your system. In the following you’ll find a brief overview of how to use the yarn command.

Yarn Workflow

Initializing a Project

A new project is initialized by using the init option:

$ yarn init

This command is executed in the project directory and as a result you’ll receive various questions on the command line:

Yarn Package Manager

Having completed the initialization process the package.json file becomes available.

Adding and Removing Dependencies

Adding a new dependency is done by using the add option:

$ yarn add [package-name]

If you want to choose a specific version of a package use the following syntax:

$ yarn add [package-name]@[version]

This automatically adds the packages to your package.json file. It corresponds to the command npm install [package-name] --save.

Adding development, peer or optional dependencies can be done by using one of the following flags:

  • --dev
  • --peer
  • --optional

E.g. if you you install a package with the --dev option, the dependency is added the the devDependencies section in package.json:

$ yarn add gulp --dev

The following result will be available in package.json:

"devDependencies": {
"gulp": "^3.9.1"

The Yarn Lock File

Yarn is creating a lock file: yarn.lock. This file is updated with every operation (installing, updating or removing packages) and keeps track of the exact package version. If you add this lock file to your Git repository you can make sure that the exact same result in node_modules/ is reproducible on every system.

The Future Of Package Manager

Will yarn be the future of package management in the JavaScript world? Without having a crystal ball at hand it’s quite difficult to answer that question. However, evolution of package managers will take place and yarn is a good approach to move things forward. The fact that yarn is backed by big tech companies like Facebook and Google ensures that it will be actively developed. As yarn is full compatible to projects which have been managed with npm before you can just try it out by yourself without much effort.

ONLINE COURSE: The Complete JavaScript Course

Check out the great The Complete JavaScript Course: Build a Real-World Project with over 6800 students already enrolled:

The Complete JavaScript Course

  • Master JavaScript with the most complete JavaScript course on the market! Includes projects, challenges, final exam, ES6
  • You will go all the way from JavaScript beginner to advanced JavaScript developer.
  • You will gain a deep and true understanding of how JavaScript works behind the scenes.

Go To Course

Using and writing about best practices and latest technologies in web design & development is my passion.