A new alternative to npm

Facebook’s Yarn rewrites npm from scratch

Gabriela Motroc
Newcomer image via Shutterstock

Facebook has been using the npm client for years but they started running into problems with performance, security and consistency once the size of their codebase and the number of engineers started to grow. This is how Yarn, “a fast, reliable, and secure alternative npm client” came into being.

“With Yarn, engineers still have access to the npm registry, but can install packages more quickly and manage dependencies consistently across machines or in secure offline environments,” according to the official announcement. “Yarn enables engineers to move faster and with confidence when using shared code so they can focus on what matters — building new products and features.”

Many projects at Facebook depend on code in the npm registry but as they scaled internally, they faced consistency, performance and security problems. Although they tried to build solutions (to check in package.json and ask engineers to manually run npm install.,check all of node_modules into the repository and to zip the entire node_modules folder and upload it to an internal CDN) around these issues, new problems arose so they needed to find a different solution.

Yarn to the rescue

Facebook joined forces with developers from Exponent, Google, and Tilde and “built out the Yarn client and tested and validated its performance on every major JS framework and for additional use cases outside of Facebook.”

Although the new package manager replaces the existing workflow for the npm client or other package managers, it is still compatible with the npm registry. Yarn claims it makes installs faster and more reliable but there are also other features that simplify the dependency management workflow such as the ability to restrict licenses of installed modules and a means for outputting license information, compatibility with both the npm and bower workflows and supports mixing registries and more.

SEE ALSO: Lessons learned from npm fiasco: How much harm can 11 JavaScript lines of code can do?

What does npm have to say about Yarn?

After Facebook released Yarn, npm wrote on its blog that even though they “haven’t had time to run extensive tests on the compatibility of Yarn, it seems to work great with public packages.”

We’re pleased to see Yarn get off to such a great start, and look forward to seeing where it goes.

However, due to the fact that it does not authenticate to the registry the way the official client does, Yarn cannot work with private packages at the moment.

Why choose Yarn?

Shuvo Habib, Front End Engineer at GG, Basundhara Group, urged people via a Medium post to go for Yarn because it has some features that npm doesn’t have, including the fact that “you can check the licenses of your dependencies and you can also generate your license dependencies.” Plus, it’s faster and it allows developers to upload the libraries or code block they created.

Yarn is now available on GitHub.

Gabriela Motroc
Gabriela Motroc was editor of and JAX Magazine. Before working at Software & Support Media Group, she studied International Communication Management at the Hague University of Applied Sciences.

Inline Feedbacks
View all comments