Yarn The New JavaScript Package Manager
Written by Lucy Black   
Wednesday, 12 October 2016

Facebook and Google are the best known names behind the creation and release of the new open source JavaScript package manager Yarn, which is intended as a replacement for the npm package manager. 

It seems like only yesterday that JavaScript programs were a few hundred lines at most and using a package was a matter of loading something from a CDN. Node.js changed all this and turned JavaScript into a server side language that is used in really big projects. 

The current solution to managing the thousands of available JavaScript packages is npm the client for which is automatically included with Node.js. Facebook developers working on big projects like React found that working with the npm client just didn't scale to the number of programmers and the number of packages. The solution was to get together with Google, Exponent and Tilde and build a new npm client - which is what Yarn is. 

yarnbanner

 

So what is different about Yarn? 

The Facebook blog post introducing it says:

In the Node ecosystem, dependencies get placed within a node_modules directory in your project. However, this file structure can differ from the actual dependency tree as duplicate dependencies are merged together. The npm client installs dependencies into the node_modules directory non-deterministically. This means that based on the order dependencies are installed, the structure of anode_modules directory could be different from one person to another. These differences can cause “works on my machine” bugs that take a long time to hunt down.

Yarn resolves these issues around versioning and non-determinism by using lockfiles and an install algorithm that is deterministic and reliable. These lockfiles lock the installed dependencies to a specific version, and ensure that every install results in the exact same file structure in node_modulesacross all machines. The written lockfile uses a concise format with ordered keys to ensure that changes are minimal and review is simple.

That a package manager should implement deterministic installs seems to be the least you could ask, but it seems that the npm client isn't deterministic. 

Yarn might use the npm registry to get packages but once you have retrieved a package it is cached. This means you can install it locally without having to have an Internet connection and slowly your dependence on the npm registry is decreased. 

npn

 

The irony is that to install Yarn you have to use the npm client, which it then replaces - reminiscent of the idea that the only use of IE is to install another browser. However, there is a serious issue here. It isn't clear if Yarn has the potential to replace or be a fork of the npm registry. At the moment Yarn accesses the registry as supplied by Npmjs.com, but it doesn't authenticate and so cannot work with private packages.

The registry hosts private packages for around $7 per month per programmer; only the hosting and downloading of open source packages is free. It is clear that at some time in the future a Yarn spin-off (pun attempted) could setup a private package facility of its own.

 yarnicon

More Information

https://github.com/yarnpkg/yarn

https://code.facebook.com/posts/1840075619545360/yarn-a-new-package-manager-for-javascript/

Related Articles

Node.js v6 Released 

Node.js Foundation Releases First Joint Code 

Getting Started with Node.js   

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on, Twitter, FacebookGoogle+ or Linkedin

 

Banner


Edgeless Systems Announces Continuum AI
14/03/2024

Edgeless Systems has announced the launch of Continuum, a  security solution that provides cloud-based "Confidential AI" services and enables sharing of sensitive data with chatbots such as ChatG [ ... ]



AWS Adds Support For Llama2 And Mistral To SageMaker Canvas
12/03/2024

As part of its effort to enable its customers to use generative AI for tasks such as content generation and summarization, Amazon has added these state of the art LLMs to SageMaker Canvas.


More News

 

raspberry pi books

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Wednesday, 12 October 2016 )