Facebook released Yarn, a package manager to replace NPM. Here’s a tldr of why it’s a big deal:
- Official URL: https://yarnpkg.com/
- Facebook, with large code base and thousands of engineers struggled with NPM
- Problems with consistency, security, and performance are hard to solve.
- Yarn was a result of their internal tweaks to NPM and collaboration effort from Exponent, Google, and Tilde.
- Yarn is NOT a package registry. Yarn pulls packages from registry.yarnpkg.com, which allows them to run experiments with the Yarn client. This is a proxy that pulls packages from the official npm registry, much like npmjs.cf.
- “With Yarn, engineers still have access to the npm registry, but can install packages more quickly and manage dependencies consistently across machines or in secure offline environments.”
- Problems with NPM: node_modules tree structure could be different depend on the order modules are installed, thus making it non-deterministic, Yarn solves that by using lockfiles and recursively install modules with a deterministic algorithm
- Package checksums are stored in lockfiles
- Global module cache to help reduce installation time
- Backwards compatible with NPM and Bower
- Start using it by: npm install -g yarn
- Instead of npm install you simply do yarn
- Instead of npm install something –save you do yarn add something
- This thing is SUPER FAST! https://yarnpkg.com/en/compare
- Does NOT work with installing private npm modules or Github at the moment but it may come soon, help contribute! https://github.com/yarnpkg/yarn/issues/521
- Why I’m Working on Yarn by one of the contributers, Yehuda Katz
NPM vs Yarn speed comparison