Facebook’s Yarn rewrites npm from scratch
Facebook has been using the npm client for years but they started running into problems with performance, security and consistency once the size of their codebase and the number of engineers started to grow. This is how Yarn, “a fast, reliable, and secure alternative npm client” came into being.
“With Yarn, engineers still have access to the npm registry, but can install packages more quickly and manage dependencies consistently across machines or in secure offline environments,” according to the official announcement. “Yarn enables engineers to move faster and with confidence when using shared code so they can focus on what matters — building new products and features.”
Many projects at Facebook depend on code in the npm registry but as they scaled internally, they faced consistency, performance and security problems. Although they tried to build solutions (to check in
package.json and ask engineers to manually run
npm install.,check all of
node_modules into the repository and to zip the entire
node_modules folder and upload it to an internal CDN) around these issues, new problems arose so they needed to find a different solution.
Yarn to the rescue
Facebook joined forces with developers from Exponent, Google, and Tilde and “built out the Yarn client and tested and validated its performance on every major JS framework and for additional use cases outside of Facebook.”
Although the new package manager replaces the existing workflow for the npm client or other package managers, it is still compatible with the npm registry. Yarn claims it makes installs faster and more reliable but there are also other features that simplify the dependency management workflow such as the ability to restrict licenses of installed modules and a means for outputting license information, compatibility with both the npm and bower workflows and supports mixing registries and more.
What does npm have to say about Yarn?
After Facebook released Yarn, npm wrote on its blog that even though they “haven’t had time to run extensive tests on the compatibility of Yarn, it seems to work great with public packages.”
We’re pleased to see Yarn get off to such a great start, and look forward to seeing where it goes.
However, due to the fact that it does not authenticate to the registry the way the official client does, Yarn cannot work with private packages at the moment.
Why choose Yarn?
Shuvo Habib, Front End Engineer at GG, Basundhara Group, urged people via a Medium post to go for Yarn because it has some features that npm doesn’t have, including the fact that “you can check the licenses of your dependencies and you can also generate your license dependencies.” Plus, it’s faster and it allows developers to upload the libraries or code block they created.
Yarn is now available on GitHub.