Yarn Package Manager – The Next Evolution Of Package Managers (npm, Bower)
Shortcomings Of Today’s Package Managers (bower / npm)
However there are shortcoming of npm which arises when dealing with projects with a lot of dependencies. The installation of packages in the node_modules folder is done in a non-deterministically way, so the exact order and patch levels of packages can differ from one person to another which is a source of potential problems.
Furthermore the installation process of npm requires an internet connection because every package is loaded at installation time, no caching mechanism is available. There is no possibility to use the package manager in an offline scenario and the installation process is time-consuming.
Introducing Yarn Package Manager
The yarn package manager has been initiated by Facebook and is supported by companies like Google. It has been developed to address the previously mentioned shortcomings and provide a more advanced package management tool for an overall easier development workflow.
The main features of yarn are listed in the following:
- Caching mode: If a package has already been installed before, Yarn is able to deploy that package without an internet connection because it is available in an internal cache. This feature contributes to a faster installation process.
- Improved network performance and resilience: To maximize network utilization, Yarn queues up requests and avoids request waterfalls. Installation failures caused by failed requests are mitigated by continuously retrying failed requests.
- Registry compatibility: Yarn is compatible with both registries: npm and bower.
- Deterministic install algorithm: Yarn is using lock files to make sure that the node_modules directory has the exact same structure on all development environments.
- Secure installs: Package integrity is checked after each install to avoid corrupt packages.
Yarn comes as a NPM package, so installation can be done by using the following command:
$ npm install -g yarn
This installs yarn globally on your system. Having completed the installation successfully the
yarn becomes available on your system. In the following you’ll find a brief overview of how to use the
Initializing a Project
A new project is initialized by using the
$ yarn init
This command is executed in the project directory and as a result you’ll receive various questions on the command line:
Having completed the initialization process the package.json file becomes available.
Adding and Removing Dependencies
Adding a new dependency is done by using the add option:
$ yarn add [package-name]
If you want to choose a specific version of a package use the following syntax:
$ yarn add [package-name]@[version]
This automatically adds the packages to your package.json file. It corresponds to the command
npm install [package-name] --save.
Adding development, peer or optional dependencies can be done by using one of the following flags:
E.g. if you you install a package with the
--dev option, the dependency is added the the devDependencies section in package.json:
$ yarn add gulp --dev
The following result will be available in package.json:
The Yarn Lock File
Yarn is creating a lock file: yarn.lock. This file is updated with every operation (installing, updating or removing packages) and keeps track of the exact package version. If you add this lock file to your Git repository you can make sure that the exact same result in
node_modules/ is reproducible on every system.
The Future Of Package Manager