Facebook partners with Google, others to launch a new JavaScript package manager

Facebook today launched Yarn, a new package manager for javascript . If you’ve every worked with JavaScript and Node.js, chances are that you’ve used the npm package manager to find and reuse existing code (or maybe publish your own libraries, too). At Facebook’s scale, though, npm didn’t quite work for the company, though, and itstarted developing an opinionated alternative for its internal use.Over time, the team got help from developers at Google, Exponent and Tilde.

It’s worth stressing that Yarn, which promises to even give developers that don’t work at Facebook’s scale a major performance boost, still uses the npm registryand is essentially a drop-in replacement for the npm client.

As Facebook software engineer Sebastian McKenzie and engineering manager Tom Occhino told me, the company had developed lots of internal infrastructure around npm. “But over time, as we bolted new pieces to this, we realized it didn’t work so well,” McKenzie said. So instead of hacking around npm’s limitations, Facebook decided to rewrite it from scratch.

Given that npm works well for millions of developers, why did it not work for Facebook? The team told me there were a couple of fundamental problems with npm for the company’s workflow. Performance was one of those, so Yarn does a better job at caching files locally, which ensures it doesn’t have to hit the network quiet as often as before. Yarn is also able to parallelize some of its operations, which in turn speeds up the install process for new modules, too.

At Facebook, npm slowed down the company’scontinuous integration workflow. Early on, engineers had to run the ubiquitous “npm install” command manually, but that didn’t work in the sandboxed and isolated continuous integration environments the company uses for security and reliability reasons. Checking all of the modules into a repository was also inefficient because even a minor change could easily trigger massive commits. React Native, for example, currently has 68 dependencies (which themselves have their own dependencies). Once you’ve unspooled all of those, you end up with 121,358 files. That’s obviously notvery efficient.

Another issue Facebook ran into was that npm is, by design, nondeterministic ― yet Facebook’s engineers needed a consistent and reliable system for their DevOps workflow. Depending on the modules you have already installed, the node_modules directory that is part of every project can look very different depending on which developer’s machine you’re looking at. Yarn uses lockfiles and a deterministic install algorithm to create consistent file structures across machines.

By default, npm also allows developers who write these packages to execute other code that’s needed as part of the install process. That creates security issues, though, so Yarn does not have this feature.

As McKenzie told me, the team tried to “fix” npm for its purposes, but at the end of the day, many of the features of the existing npm client that didn’t work for Facebook were not bugs, but features. Occhino added that many of the features the team wanted to build were not the kind of changes that the npm community would’ve likely accepted.

Npm, the commercial entity that backs the npm project, is obviously aware of this new project, but given that its business model revolves more around the registry than the client, there is far less conflict here than one would initially think.

Yarn is now available on GitHub.Given that a number of other companies contributed to the project, the team decided to host it outside of Facebook’s own repository. It’s not clear what the governance model for Yarn will look like, though. “Our hope is that all of the folks who have been contributing to it so far can help us figure that out,” Occhino said.

Featured Image: Justin Sullivan /Getty Images

本文前端(javascript)相关术语:javascript是什么意思 javascript下载 javascript权威指南 javascript基础教程 javascript 正则表达式 javascript设计模式 javascript高级程序设计 精通javascript javascript教程

分页:12
转载请注明
本文标题:Facebook partners with Google, others to launch a new JavaScript package manager
本站链接:http://www.codesec.net/view/481421.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 前端(javascript) | 评论(0) | 阅读(30)