During the last few weeks we have observed a huge hype regarding Yarn. If you haven’t heard about it yet (or just haven’t tried it) I will show you today what it is and why everybody is so excited about it (actually, me too).
What is Yarn?
But why the hell has someone created a new package manager? What are the main advantages of using Yarn as opposed to NPM? As we read on the official website of the project it is ultra fast, mega secure and super reliable. I will try to write about that later but first let’s just quickly test how Yarn works.
Installation and test run
To install Yarn on macOS we can use Homebrew:
brew update brew install yarn
Additionally, you will have to set up the PATH variable in your terminal to have access to Yarn globally. Here’s more about this.
Now that we have Yarn installed we can test it in action. Just pick one of your existing projects which already uses NPM, then delete the whole
node_modules folder from the root folder of the project. Now, open the terminal and in the project’s root folder just run:
This will install all your NPM packages listed in the
package.json file into the
node_modules folder. Simple, right?
Ok, so it works exactly the same way as NPM? Not exactly… I’m sure you have noticed that the package installation was much faster than it is normally using NPM? Let’s see why…
Why so fast?
There is no doubt that Yarn is much more efficient during package installation. If you use NPM it always traverses the dependency tree first and then fetches all the necessary packages. Yarn does it in a different way.
First, it looks for the dependencies in the registry. Next, it checks the global cache directory and looks for already downloaded packages. If it finds a dependency, it will just use it. If it doesn’t, it will download its tarball. At the end, it just copies all the packages from the global cache to the
node_modules directory. All these operations are parallel which also ends up increasing the installation speed.
Using the global cache is much faster than downloading all the packages every time we need them. It also has an additional advantage: it allows Yarn to work offline!
Why is it mega secure and super reliable??
On the official Yarn website we can read (about the security):
Yarn uses checksums to verify the integrity of every installed package before its code is executed.
I think that this explains a lot but, apart from the checksum verification, it also introduces the
lock.yarn file. It locks down specific versions of the installed packages and their dependencies. Thanks to this, everyone who is involved in the development process has exactly the same versions of all the packages. This also applies to production environments. That’s why we can be certain that after the deployment every single package will have the same version on the development machine as well as on the production env.
I think that Yarn is a great package manager that can speed up development as well as the deployment process. Does this mean that NPM is dead now? I’m not too sure. As you can see, Yarn is only a manager and doesn’t have its own package repository. Of course, it can utilize many existing package repos but frankly… NPM is currently the biggest one. I think that, until a revolution happens, we will still use NPM for storing packages but Yarn will become standard for installing them. And I like this future 😉
Post image source: https://laravel-news.com.