Yarn The New JavaScript Package Manager
Yarn The New JavaScript Package Manager
Written by Lucy Black   
Wednesday, 12 October 2016

Facebook and Google are the best known names behind the creation and release of the new open source JavaScript package manager Yarn, which is intended as a replacement for the npm package manager. 

It seems like only yesterday that JavaScript programs were a few hundred lines at most and using a package was a matter of loading something from a CDN. Node.js changed all this and turned JavaScript into a server side language that is used in really big projects. 

The current solution to managing the thousands of available JavaScript packages is npm the client for which is automatically included with Node.js. Facebook developers working on big projects like React found that working with the npm client just didn't scale to the number of programmers and the number of packages. The solution was to get together with Google, Exponent and Tilde and build a new npm client - which is what Yarn is. 

yarnbanner

 

So what is different about Yarn? 

The Facebook blog post introducing it says:

In the Node ecosystem, dependencies get placed within a node_modules directory in your project. However, this file structure can differ from the actual dependency tree as duplicate dependencies are merged together. The npm client installs dependencies into the node_modules directory non-deterministically. This means that based on the order dependencies are installed, the structure of anode_modules directory could be different from one person to another. These differences can cause “works on my machine” bugs that take a long time to hunt down.

Yarn resolves these issues around versioning and non-determinism by using lockfiles and an install algorithm that is deterministic and reliable. These lockfiles lock the installed dependencies to a specific version, and ensure that every install results in the exact same file structure in node_modulesacross all machines. The written lockfile uses a concise format with ordered keys to ensure that changes are minimal and review is simple.

That a package manager should implement deterministic installs seems to be the least you could ask, but it seems that the npm client isn't deterministic. 

Yarn might use the npm registry to get packages but once you have retrieved a package it is cached. This means you can install it locally without having to have an Internet connection and slowly your dependence on the npm registry is decreased. 

npn

 

The irony is that to install Yarn you have to use the npm client, which it then replaces - reminiscent of the idea that the only use of IE is to install another browser. However, there is a serious issue here. It isn't clear if Yarn has the potential to replace or be a fork of the npm registry. At the moment Yarn accesses the registry as supplied by Npmjs.com, but it doesn't authenticate and so cannot work with private packages.

The registry hosts private packages for around $7 per month per programmer; only the hosting and downloading of open source packages is free. It is clear that at some time in the future a Yarn spin-off (pun attempted) could setup a private package facility of its own.

 yarnicon

More Information

https://github.com/yarnpkg/yarn

https://code.facebook.com/posts/1840075619545360/yarn-a-new-package-manager-for-javascript/

Related Articles

Node.js v6 Released 

Node.js Foundation Releases First Joint Code 

Getting Started with Node.js   

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on, Twitter, FacebookGoogle+ or Linkedin

 

Banner


3D Face Reconstruction Applied to Art
05/11/2017

In yet another AI breakthrough, researchers from the University of Nottingham Computer Vision laboratory, have managed to transform 2D facial images to their 3D counterparts in a most productive and e [ ... ]



Bug Bounty Bonanza
24/10/2017

HackerOne's annual Hack the World Challenge has opened with additional monetary rewards and double points from its sponsors. Google has a new Android App Bug Bounty program on HackerOne and GitHu [ ... ]


More News

 

 
 

 

blog comments powered by Disqus

Last Updated ( Wednesday, 12 October 2016 )
 
 

   
Banner
Banner
RSS feed of news items only
I Programmer News
Copyright © 2017 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.