Yarn is a new JavaScript package manager built by Facebook, Google, Exponent and Tilde. As can be read in the official announcement, its purpose is to solve a handful of problems that these teams faced with npm, namely:
- installing packages wasn't fast/consistent enough, and
- there were security concerns, as npm allows packages to run code on installation.
But, don't be alarmed! This is not an attempt to replace npm completely. Yarn is only a new CLI client that fetches modules from the npm registry. Nothing about the registry itself will change — you'll still be able to fetch and publish packages as normal.
Should everyone jump aboard the Yarn hype train now? Chances are you never encountered these problems with npm. In this article, we're going to compare npm and Yarn, so you can decide which is best for you.
Yarn vs npm: Functional Differences
At a first glance Yarn and npm appear similar. As we peek under the hood though, we realize what makes Yarn different.
The yarn.lock File
In package.json, the file where both npm as Yarn keep track of the project's dependencies, version numbers aren't always exact. Instead, you can define a range of versions. This way you can choose a specific major and minor version of a package, but allow npm to install the latest patch that might fix some bugs.
In an ideal world of semantic versioning, patched releases won't include any breaking changes. This, unfortunately, is not always true. The strategy employed by npm may result into two machines with the same package.json file, having different versions of a package installed, possibly introducing bugs.
To avoid package version mis-matches, an exact installed version is pinned down in a lock file. Every time a module is added, Yarn creates (or updates) a yarn.lock file. This way you can guarantee another machine installs the exact same package, while still having a range of allowed versions defined in package.json.
In npm, the npm shrinkwrap command generates a lock file as well, and npm install reads that file before reading package.json, much like how Yarn reads yarn.lock first. The difference here is that Yarn always updates yarn.lock automatically, where npm requires you to maintain it.
Continue reading %Yarn vs npm: Everything You Need to Know%
by Tim Severien via SitePoint
No comments:
Post a Comment