Facebook’s Yarn rewrites npm from scratch
Newcomer image via Shutterstock
Facebook has been using the npm client for years but they started running into problems with performance, security and consistency once the size of their codebase and the number of engineers started to grow. This is how Yarn, “a fast, reliable, and secure alternative npm client” came into being.
“With Yarn, engineers still have access to the npm registry, but can install packages more quickly and manage dependencies consistently across machines or in secure offline environments,” according to the official announcement . “Yarn enables engineers to move faster and with confidence when using shared code so they can focus on what matters ― building new products and features.”
Many projects at Facebook depend on code in the npm registry but as they scaled internally, they faced consistency, performance and security problems. Although they tried to build solutions (to check in package.json and askengineers to manually run npm install .,check all of node_modules into the repository and to zip the entire node_modules folder and upload it to an internal CDN) around these issues, new problems arose so they needed to find a different solution.Yarn to the rescue
Facebook joined forces with developers fromExponent, Google, and Tilde and “built out the Yarn client and tested and validated its performance on every major JS framework and for additional use cases outside of Facebook.”
Although the new package managerreplaces the existing workflow for the npm client or other package managers, it is still compatible with the npm registry. Yarn claims it makes installs faster and more reliable but there are also other features that simplifythe dependency management workflow such as the ability to restrict licenses of installed modules and a means for outputting license information, compatibility with both the npm and bower workflows and supports mixing registries and more.
After Facebook released Yarn, npmwrote on its blog that even though they “haven’t had time to run extensive tests on the compatibility of Yarn, it seems to work great with public packages.”
We’re pleased to see Yarn get off to such a great start, and look forward to seeing where it goes.
However, due to the fact that it does not authenticate to the registry the way the official client does, Yarn cannot work with private packages at the moment.Why choose Yarn?
Shuvo Habib,Front End Engineer at GG, Basundhara Group , urged people via a Medium post to go for Yarn because it has some features that npmdoesn’t have, including the fact that “you can check the licenses of your dependencies and you can also generate your license dependencies.” Plus, it’s faster and itallows developers to upload the libraries or code block they created.
Yarn is now available on GitHub .