Technoholik

Your Digital Companion

Friday, March 24

Why to choose yarn over npm!


Since the domination of Javascript over web began, we developers have been creating and using modules or packages in our projects which make our lives easier.

Packages save us from "reinventing the wheel" and allow reusability in code.

These packages come with their own set of dependencies (other files or libraries that the package requires to function) which may be either flat i.e. just one package or nested dependency - package requiring another package as dependency and so on.

To easily handle packages and their dependencies we have package managers. These allow packages to be installed along with their dependencies and free up our To-Do list of effort required to manage them.

In Javascript we have "package.json" a file we keep track of all packages required for project.

Until now, npm has been the de-facto package manager to be used in Node projects till Facebook introduced us to yarn. Yarn has been gaining a lot of traction mainly in projects using ReactJS.
So let's see the comparison between the two.

npm

npm stands for node pacakge manager and it claims itself to be the world's largest software repository. It is by default installed in a Node project and can manage both local dependencies in a project as well as JS tools required globally. It uses pacakge.json file in project to keep track of dependencies and their versions. The dependencies are downloaded and installed in node_modules folder inside project tree.

npm commands follow the following structure:
npm <command> [args]
Usage
To initialise a project by creating package.json file -
npm init
To install all dependencies from package.json -
npm install
To install a specific package -
npm install <package-name>
Example: npm install express

A specific version can be installed by -
npm install [package-name]@version
To uninstall a package -
npm uninstall [package-name]

Yarn

Now moving on to yarn, new kid on the block introduced to the world by Facebook on Oct'16. Facebook has been using yarn as their dependency manager on production and have now open sourced it. It's the same modules, registries of npm but a different installer - Yarn.

Apart from doing what npm does, yarn outsmarts npm by caching packages that are downloaded once on a system, so you don't have to re-download whole package tree every time you setup. Yarn also parallelises operations to maximize resource utilisation so install times are faster.

Usage
Yarn installation -
brew install yarn
To initialise a project by creating package.json file -
yarn init
To install all dependencies from package.json -
yarn install
To install a specific package -
yarn add [package-name]
To uninstall a package -
yarn remove [package-name]

Advantages of Yarn over npm 

1. Yarn has Security-centric design and verifies integrity with checksums for every package installed before execution.
2. We can install packages from either bower or npm without any hassle.
3. Yarn uses lockfile for locking all dependencies following  deterministic approach in package management, i.e. for same package.json all machines will all have same source tree of dependencies installed in their node_modules folder.
4. npm is non-deterministic package manager, which doesn't guaranteed lockfile, and deterministic algorithm for installs.
5. By using yarn we may stay assured that an working install on one system will work exactly the same way on any other system.
6. We can  selectively upgrade specific packages using "yarn upgrade-interactive"
7. Yarn is network resilient, so install won't fail because of a single failed request. Failed ones are retried later on.