Yarn The New JavaScript Package Manager
Written by Lucy Black   
Wednesday, 12 October 2016

Facebook and Google are the best known names behind the creation and release of the new open source JavaScript package manager Yarn, which is intended as a replacement for the npm package manager. 

It seems like only yesterday that JavaScript programs were a few hundred lines at most and using a package was a matter of loading something from a CDN. Node.js changed all this and turned JavaScript into a server side language that is used in really big projects. 

The current solution to managing the thousands of available JavaScript packages is npm the client for which is automatically included with Node.js. Facebook developers working on big projects like React found that working with the npm client just didn't scale to the number of programmers and the number of packages. The solution was to get together with Google, Exponent and Tilde and build a new npm client - which is what Yarn is. 



So what is different about Yarn? 

The Facebook blog post introducing it says:

In the Node ecosystem, dependencies get placed within a node_modules directory in your project. However, this file structure can differ from the actual dependency tree as duplicate dependencies are merged together. The npm client installs dependencies into the node_modules directory non-deterministically. This means that based on the order dependencies are installed, the structure of anode_modules directory could be different from one person to another. These differences can cause “works on my machine” bugs that take a long time to hunt down.

Yarn resolves these issues around versioning and non-determinism by using lockfiles and an install algorithm that is deterministic and reliable. These lockfiles lock the installed dependencies to a specific version, and ensure that every install results in the exact same file structure in node_modulesacross all machines. The written lockfile uses a concise format with ordered keys to ensure that changes are minimal and review is simple.

That a package manager should implement deterministic installs seems to be the least you could ask, but it seems that the npm client isn't deterministic. 

Yarn might use the npm registry to get packages but once you have retrieved a package it is cached. This means you can install it locally without having to have an Internet connection and slowly your dependence on the npm registry is decreased. 



The irony is that to install Yarn you have to use the npm client, which it then replaces - reminiscent of the idea that the only use of IE is to install another browser. However, there is a serious issue here. It isn't clear if Yarn has the potential to replace or be a fork of the npm registry. At the moment Yarn accesses the registry as supplied by Npmjs.com, but it doesn't authenticate and so cannot work with private packages.

The registry hosts private packages for around $7 per month per programmer; only the hosting and downloading of open source packages is free. It is clear that at some time in the future a Yarn spin-off (pun attempted) could setup a private package facility of its own.


More Information



Related Articles

Node.js v6 Released 

Node.js Foundation Releases First Joint Code 

Getting Started with Node.js   


To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on, Twitter, FacebookGoogle+ or Linkedin



NumPy 2 Released

NumPy 2.0 has been released, the first major new version since 2006. NumPy is the fundamental mathematical library for Python, and this release adds new features and performance improvements, but also [ ... ]

Rust's Rapid Rise on TIOBE Index

Rust is making spectacular progress up the TIOBE index and JavaScript is also on the up and experiencing a personal best. Kotlin is maintaining its inclusion in the top 20 and the gap at the very top  [ ... ]

More News


kotlin book



or email your comment to: comments@i-programmer.info

Last Updated ( Wednesday, 12 October 2016 )