Stack update 2016: Switching from NPM to Yarn - Advantages and first impressions

Stack update 2016: Switching from NPM to Yarn - Advantages and first impressions

Tl;dr: Use Yarn - It’s faster and switching is easy

Our old approach: NPM

NPM (node package manager) is the official package manager of node.js. In its prior version 2 it suffered from a few major drawbacks which were solved in large part by the new version 3 (especially flat file storage is greatly appreciated).

We use npm in combination with npm-check-updates to regularly push the minimal package versions and minimize the pain if some important library suddenly requires new versions of half your packages.

Our updated approach: Yarn

Yarn is the latest and greatest solution for package management, engineered as a cooperation of Facebook, Exponent, Google, and Tilde. It supports the npm registry as well as the bower registry (which is not that useful, since most packages got published in the npm registry since the release of npm 3 anyway).

It provides us with a few niceties that make it an overall great choice:

  • Local asset caching and offline support is great, as packages won’t have to be downloaded over and over again if you set up or update individual projects.
  • Improved performance is very noticeable in comparison to npm, as packages get downloaded and installed in parallel and thus faster.
  • Lockfile support (known for example from php’s composer) is great, as this lets you reinstall dependencies without running into unforeseen incompatibilities through different versions of packages.
  • Improved security through checksum checking of downloaded packages. An easy fix for a very possible security attack vector.

Overall a good deal, especially since switching is very easy, as yarn uses the default npm package.json format. There are a few gotchas with including git repositories though (which we rely on heavily for internal packages) which are discussed in this issue.

Conclusion

Yarn fixes many problems I never knew I had: The better performance and caching are extremely nice, the lockfile support just makes things easier (Remember to commit them to your repositories) and hopefully gets adopted quickly in the community.

If you have any pointers or questions, I’m happy to hear from you on twitter.