Why Do You Need a Package Manager?
As the name implies, a package manager is a tool to manage the installation of packages (pieces of code that serve a particular purpose) from a global registry into a developer’s local environment. Simply, a package manager is a tool that facilitates working with other tools.
A package manager replaces the need to search, download, unpack and copy the files you need for your project with a few commands in the terminal. And while on a small project you could manage to get the code you need manually, you probably don’t want to when a typical project could need hundreds of packages each with dependencies. The task of loading them in proper order can be daunting. Why waste valuable time and CPU cycles when an automatic tool can do that for you in a matter of seconds (depending on the size of your packages)?
Developed by Facebook in collaboration with Exponent, Google and Tilde, Yarn (not to be confused with Apache Hadoop YARN, the cluster management software), promises to be a fast, reliable and secure alternative npm client. According to Facebook, in some scenarios Yarn is capable of performing 10x times faster than npm. Initially built by Sebastian McKenzie for internal use at Facebook, the project quickly gained traction. As of October, Yarn is available to use under a BSD license.
“After trying to solve for each issue as it came up, we set out to build a new solution to help us manage our dependencies more reliably,” said Sebastian McKenzie, Christoph, PojerJames Kyle @ code.facebook.com
Although npm is a robust package manager, its logical architecture may need a refresh to address certain work scenarios better. Facebook attempted to mitigate and improve npm’s functionality, but it ended up delivering a new tool. While Yarn maintains compatibility with the npm registry, it implements a new approach to package management.
Yarn’s Main Features Are:
- Caching mode: If a package was installed before, Yarn will allow deploying the package without an internet connection. This is essential for tight security scenarios, where an internet connection is not feasible. This feature also delivers a consistently faster installation process.
- Improved network performance and resilience: To maximize network utilization, Yarn queues up requests and avoids request waterfalls. Installation failures caused by failed requests are mitigated by continuously retrying failed requests.
- Registry compatibility: Whether you need a package from npm or Bower, Yarn is compatible with both registries.
- Deterministic install algorithm: By using lockfiles, Yarn installs the same dependencies across multiple development environments regardless of install order, maintaining the same structure of node_modules directories (no more machine specific bugs).
- Secure installs: Yarn inspects package integrity upon every installation to avoid corrupt packages.
Is Yarn the End of NPM?
This feature alone should allow Yarn to gain significant popularity in the short term, and we could see a lot of developers defaulting to Yarn. Is this the end of npm? No, because this is not how open-source works. Yarn creators are, and will remain, significant npm contributors. However, when a piece of code doesn’t satisfy your needs or your organization needs, you are free to fork it or develop your own tool. Choice is what makes open-source great.
npm install -g yarn yarn
Check out Kyle, McKenzie and Pojer’s full blog post for more insight on Yarn’s history, architecture and installation process. Yarn is available now on GitHub under a BSD-2-clause license. If you are using private packages, Yarn is not yet capable of working with them, however, this issue should be addressed in the following months.