🤯 50% Off! 700+ courses, assessments, and books

Editorial: Are We Heading for Package Manager Fatigue?

    Nilson Jacques

    This is the editorial from my latest JavaScript newsletter, you can subscribe here.

    Facebook has made a big splash this past week with the announcement of its new JavaScript package manager, Yarn. Your initial reaction may be similar to mine when I first heard this: isn’t another package manager the last thing we need?! It seemed that, despite the upheaval of a seemingly never-ending parade of new frameworks, the JavaScript community had at least settled on npm as the defacto package manager.

    But wait, before you take to Twitter or your blog to decry package manager fatigue, Yarn is actually not that bad. For a start, Yarn is not a new package repository: it’s more of a drop-in replacement for the npm client, designed to improve upon some of npm’s shortcomings. As an added bonus, not only does it work with npm packages, it also supports Bower! Change to a project folder with either a package.json or a bower.json file, run yarn, and you’re in business.

    “OK, but I don’t use Bower, so why would I change to Yarn?” I hear you ask. Well, the Yarn team built it to address issues with speed, reliability, and security that they have had when using npm on projects internally at Facebook. To achieve this, Yarn generates a lockfile which helps it to keep track of exactly how each dependency is resolved.

    One of the benefits of the lockfile is a speedup of install times. I’ve seen some differing accounts so far on just how much difference it makes (and in some cases, whether it makes a difference at all) but there are some very interesting comparisons between Yarn and npm here. One of the other things Yarn does differently is to keep a cache of downloaded packages, making reinstalls blazingly fast. It also means they can be done offline.

    Another important consideration is making sure that a project can be installed predictably on different machines. Yarn uses a deterministic algorithm when figuring out which dependencies are required to ensure that they are always installed in the same order. This avoids potential hard-to-debug errors that can sometimes occur with npm.

    Yarn also improves the reliability of the installation process. Rather than aborting the install, a failed dependency request will be queued to be retried. The request queue is intelligently handled to parallelize requests and minimize download time.

    If you’re really trying to streamline your project, Yarn offers the option to perform a flat install. You may have multiple packages in your project that depend on different versions of a specific library. By choosing a flat install, Yarn will prompt you about each package that is being required in more that one version and allow you to manually select which version to install, preventing the need for multiple copies at different versions.

    It’s worth having a dig through the CLI documentation, as there are some other interesting commands available. Running yarn why <package-name> will let you know why a specific package has been installed, how much space it takes up, and how many shared dependencies it uses. yarn clean is still experimental, but will attempt to remove unneeded files from the node_modules folder and reclaim some disk space. Another potentially useful command is yarn licenses, which will list out the type of license for each package your project is using.

    For those concerned about Yarn fragmenting the ecosystem, it’s worth point out that this is not the first third-party npm client by any means. The maintainers of npm see this as a positive development, saying it demonstrates that Facebook “is invested in and committed to the ongoing health of the npm community. That’s great news for JavaScript devs everywhere.”