For those familiar with working of JS package managers, you’d be aware of the popular npm package manager, which you’d have used to find existing code form the vast library of over 300,000 packages in the npm registry. For Facebook however, it didn’t work out the way it works for us, largely due to the sheer scale of the company’s codebase and engineering team.
Thus arose the need for a more efficient, secured and consistent package manager. Enters Yarn, a new package manager for Javascript build by a team consisting of Facebook, Google, Exponent and Tilde.
With Yarn, engineers still have access to the npm registry, but can install packages more quickly and manage dependencies consistently across machines or in secure offline environments. Yarn enables engineers to move faster and with confidence when using shared code so they can focus on what matters — building new products and features.
In more crude terms, Yarn could easily be called a more efficient extension of the currently existing npm package manager. As is clear from Facebook’s explanation, Yarn is a manager which will help companies or products deployed/built at a much larger scale.
Yarn is a new package manager that replaces the existing workflow for the npm client or other package managers while remaining compatible with the npm registry. It has the same feature set as existing workflows while operating faster, more securely, and more reliably.
The primary function of any package manager is to install some package — a piece of code that serves a particular purpose — from a global registry into an engineer’s local environment. Each package may or may not depend on other packages. A typical project could have tens, hundreds, or even thousands of packages within its tree of dependencies.
These dependencies are versioned and installed based on semantic versioning (semver). Semver defines a versioning scheme that reflects the types of changes in each new version, whether a change breaks an API, adds a new feature, or fixes a bug. However, semver relies on package developers not making mistakes — breaking changes or new bugs may find their way into installed dependencies if the dependencies are not locked down.
Features
In addition to making installs much faster and more reliable, Yarn has additional features to further simplify the dependency management workflow.
- Compatibility with both the npm and bower workflows and supports mixing registries.
- Ability to restrict licenses of installed modules and a means for outputting license information.
- Exposes a stable public JS API with logging abstracted for consumption via build tools.
- Readable, minimal, pretty CLI output.
Yarn in production
Facebook is already using Yarn in production, and it’s been working really well. It powers the dependency and package management for many of our JavaScript projects. With each migration we’ve enabled engineers to build offline and helped speed up their workflow.
For dev looking for more info, you can head straight to Facebook’s post on the matter.
