Editorial: Are We Heading for Package Manager Fatigue?
But wait, before you take to Twitter or your blog to decry package manager fatigue, Yarn is actually not that bad. For a start, Yarn is not a new package repository: it’s more of a drop-in replacement for the npm client, designed to improve upon some of npm’s shortcomings. As an added bonus, not only does it work with npm packages, it also supports Bower! Change to a project folder with either a package.json or a bower.json file, run
yarn, and you’re in business.
“OK, but I don’t use Bower, so why would I change to Yarn?” I hear you ask. Well, the Yarn team built it to address issues with speed, reliability, and security that they have had when using npm on projects internally at Facebook. To achieve this, Yarn generates a lockfile which helps it to keep track of exactly how each dependency is resolved.
One of the benefits of the lockfile is a speedup of install times. I’ve seen some differing accounts so far on just how much difference it makes (and in some cases, whether it makes a difference at all) but there are some very interesting comparisons between Yarn and npm here. One of the other things Yarn does differently is to keep a cache of downloaded packages, making reinstalls blazingly fast. It also means they can be done offline.
Another important consideration is making sure that a project can be installed predictably on different machines. Yarn uses a deterministic algorithm when figuring out which dependencies are required to ensure that they are always installed in the same order. This avoids potential hard-to-debug errors that can sometimes occur with npm.
Yarn also improves the reliability of the installation process. Rather than aborting the install, a failed dependency request will be queued to be retried. The request queue is intelligently handled to parallelize requests and minimize download time.
If you’re really trying to streamline your project, Yarn offers the option to perform a flat install. You may have multiple packages in your project that depend on different versions of a specific library. By choosing a flat install, Yarn will prompt you about each package that is being required in more that one version and allow you to manually select which version to install, preventing the need for multiple copies at different versions.
It’s worth having a dig through the CLI documentation, as there are some other interesting commands available. Running
yarn why <package-name> will let you know why a specific package has been installed, how much space it takes up, and how many shared dependencies it uses.
yarn clean is still experimental, but will attempt to remove unneeded files from the node_modules folder and reclaim some disk space. Another potentially useful command is
yarn licenses, which will list out the type of license for each package your project is using.