The Nodesource Blog

#shoptalk Subscribe

The Definitive Guide to the First Three Days of Yarn and npm

This week, Facebook unleashed a new package manager for JavaScript. It’s called Yarn .

Development of Yarn started back on January 23, 2016 at 2:06 AM PT when the first commit was made by Sebastian McKenzie. There were 735 commits from then, up until October 11, 2016, when it was published publicly.

Here’s the timeline of Yarn beginning at the public release of the tool at 7:50AM.

Tuesday, October 11, 2016.

It’s interesting to note the delayed publishing of the yarn package. The yarn installation instructions don’t include npm i -g yarn as a suggested option. It seems that Yarn is definitely aiming to be a complete replacement to npm. A bit radical - but some healthy competition is good, right?

If you use the yarn package that’s published to npm, consider giving a shout out to Sam Holmes for donating the package name. ;-)

Yarn: The First Three Days

Stars Commits Open Issues Closed Issues Issue Comments Open PRs Closed PRs Unique Users
npm 10,643 0 86 48 1181 9 3 685
yarn 13,475 90 268 215 1577 30 92 748

That is a flurry of activity! Running the following Google BigQuery over the GitHub Public Data has already returned 122 github repositories with a yarn.lock file - which is used to provide deterministic builds of packages with yarn, similar to npm’s npm-shrinkwrap.json.

SELECT
  repo_name,
  COUNT(repo_name) AS count
FROM
  [bigquery-public-data:github_repos.files]
WHERE
  RIGHT(path, 9) = 'yarn.lock'
GROUP BY
  Repo_name


What does it all mean?

There is no question that yarn is a serious power play. It is an investment into the ecosystem. The project is officially sponsored by Facebook with key members like Tom Occhino (instrumental in React), Chris Pojer (who has put major work into Jest), and of course Sebastian McKenzie (the creator of Babel). Yehuda Katz a core contributor to Ember.js and creator of Bundler. With support from key Google open source evangelists like Addy Osmani and Paul Irish.

Yarn was designed first and foremost with speed and security in mind. It is designed to be consistent and compatible with the package.json format. Yarn even boasts its own registry that it points to by default.

Should I use Yarn?

The Answer? It really depends.

Myles Borins (@thealphanerd) recently ran citgm with yarn, and shared the results. It was 25 minutes faster than npm, but 20 modules failed to install.

Yarn is not a drop in replacement.

Some areas where issues arise:

  • Reliance on npm-shrinkwrap.json
  • Private modules on npm
  • Modules backed by self-signed certificates
  • Exotic dependencies declarations like .zip or shorthand urls
  • Edge case issues on specific OSes, like Windows
  • Pre- and post-script hooks don't work like they do in npm
  • Scripts that rely on npm environmental variables

How to migrate to Yarn

Yarn already has documentation on how to migrate from the npm client. Gant Laborde at Infinite Red also published a great NPM vs Yarn Cheat Sheet, to compare and contrast the differences between npm and Yarn.

The biggest difference when starting out is adding packages to an existing project, instead of using npm install {package} you use yarn add {package}.

Final Thoughts

It will be exciting to watch new tooling and ideas grow in our ecosystem while getting registry redundancy from a company like Facebook. I hope the Yarn team is as open and transparent as npm, Inc. has been with the data. It would be amazing to see a downloads count API added to the registry, along with other public-facing data sources to build a layer of transparency.

Get Involved

Yarn is young and, while it is extremely well designed, it doesn't handle or document all edge cases. The project is very active and welcoming to contributions. The documentation pages are all easy to fork and make contributions.