A few months ago I came across a new great tool called YARN which is an NPM replacement but much better. This tool was created by the engineers from Facebook and their promise is that YARN does: Fast, reliable and secure dependency management.

If you are a front-end or back-end developer using Node you are probably using NPM to install dependencies. NPM is good but it does have some issues which were fixed in YARN. I will cover these soon.

Let’s get started

To install YARN all you have to do is:
npm install -g yarn

You do need NPM to install its replacement which is more like using Internet Explorer to install Chrome. That’s all you need to do. YARN will work with your existing project without any changes.

YARN vs NPM speed

Let’s see how fast each of these tools are. For this example I will use the following package.json file:

{
  "name": "Cubui.com",
  "version": "0.0.1",
  "private": true,
  "scripts": {
    "start": "node node_modules/react-native/local-cli/cli.js start",
    "test": "jest",
    "lint": "eslint src/**/*.js"
  },
  "dependencies": {
    "react": "16.2.0",
    "react-native": "0.53.0",
    "react-native-vector-icons": "^4.5.0",
    "react-navigation": "^1.0.0",
    "react-redux": "^5.0.6",
    "redux": "^4.0.0-beta.1",
    "redux-logger": "^3.0.6",
    "redux-thunk": "^2.2.0"
  },
  "devDependencies": {
    "babel-eslint": "^8.0.2",
    "babel-jest": "21.0.2",
    "babel-preset-react-native": "3.0.2",
    "eslint": "^4.6.1",
    "eslint-plugin-react": "^7.3.0",
    "jest": "21.0.2",
    "react-test-renderer": "16.0.0-alpha.12"
  },
  "jest": {
    "preset": "react-native"
  }
}

– Running npm install took 1 minute and 59 seconds
– Running yarn install took 58 seconds

As you can see YARN is almost twice as fast than NPM because it parallelizes operations to maximize resource utilization so install times are much faster. The great part is that YARN is caching everything. To test this, I removed the node_modules folder and ran yarn install again. This time it took 32 seconds because it didn’t have to fetch the dependencies again since they were cached. If you will create a new project that is using some of the cached packages, you won’t even need internet to install them.

Application stability

Once you run the yarn install command, you will notice that there is a new file created in your project called yarn.lock which contains the full dependency tree to make sure the same dependency versions are installed on all machines.

The guys working on NPM started to see the benefit of this approach and if you’ve updated to v5.x.x this feature also exists there and a new file called package-lock.json will be created when you run the npm install command. This feature is not available in older versions of NPM. The only thing you have on those old versions is a crippled shrinkwrap. So it looks like YARN pushed NPM to start innovating again.

yarn.lock vs package-lock.json

There are some small differences between the two lock files. NPM technically has a “more deterministic” lock file which means there is a theoretical guarantee that NPM will produce the exact same node_modules folder across different NPM versions. On the other hand, YARN’s exact hoisting/ordering of dependencies depends on the YARN version and it could change across different YARN versions but in general, this has very little impact.

YARN has a much simpler yarn.lock file by making the slight determinism trade-off to achieve that so that it will be easier to merge. This will only affect teams with multiple people committing dependency changes. If you are the only one working on the project then it will make no difference.

The issue with NPM’s package-lock file is that is practically impossible to merge and you end up having to re-generate the file or struggle to fix the conflicts. On the other hand, with YARN, merges are easy and predictable.

License checking

Yarn is coming with a handy license checker which can help you check the licenses of all the modules you depend on.

That’s it for now

I hope you found this article helpful and if you didn’t try YARN yet I highly recommend you to do it.