Unraveling npm: Deterministic dependencies with Yarn
Npm is known to be non-deterministic. This means that depending on the order you install dependencies in, your node_modules
folder can look very different. Debugging a dependency issue often consists of throwing away your node_modules
and running npm install
again. With the average JS project nowadays having hundreds of dependencies this can be pretty scary.
“Life calls the tune, we dance.” - John Galsworty
Yarn offers an easily accessible deterministic alternative to npm. It uses your existing package.json
and installs dependencies to the familiar node_modules
directory.
With Yarn you can feel safe installing your dependencies knowing that your node_modules
folder structure will end up exactly the same every time. Yarn adds a yarn.lock
file to your project locking the exact versions of your dependencies. It keeps checksums so the installed package is guaranteed to be the same.
Little things matter
I can’t count the number of times I’ve ran npm install <package>
only for my code to fail minutes later on the CI. Turns out typing --save
is hard for me. Yarn makes me sane again:
yarn add <packagename>
Dependencies are stored in package.json
by default. Makes sense.
Speed knitting
Running Yarn on a (small) project shows a speed improvement as well.
npm:
» rm -rf node_modules
» time npm install
npm install 44.51s user 18.75s system 114% cpu 55.335 total
yarn (first run):
» rm -rf node_modules
» time yarn install
yarn install 33.01s user 23.81s system 128% cpu 44.204 total
yarn (cached):
» rm -rf node_modules
» time yarn install
yarn install 18.83s user 14.72s system 130% cpu 25.612 total
Getting started with Yarn
Starting with Yarn couldn’t be easier. Install Yarn with npm:
npm install -g yarn
Now you can start a new project with yarn init
or migrate your existing project by simply running yarn install
. This will generate a yarn.lock
file. Don’t forget to check this in to version control!
There’s a lot more to like about Yarn. It’s generally faster than npm, supports multiple registries (like Bower) and offers an Offline mode.