Yarn vs npm: Everything You Need to Know
- installing packages wasn’t fast/consistent enough, and
- there were security concerns, as npm allows packages to run code on installation.
But, don’t be alarmed! This is not an attempt to replace npm completely. Yarn is only a new CLI client that fetches modules from the npm registry. Nothing about the registry itself will change — you’ll still be able to fetch and publish packages as normal.
Should everyone jump aboard the Yarn hype train now? Chances are you never encountered these problems with npm. In this article, we’re going to compare npm and Yarn, so you can decide which is best for you.
Yarn vs npm: Functional Differences
At a first glance Yarn and npm appear similar. As we peek under the hood though, we realize what makes Yarn different.
The yarn.lock File
package.json, the file where both npm as Yarn keep track of the project’s dependencies, version numbers aren’t always exact. Instead, you can define a range of versions. This way you can choose a specific major and minor version of a package, but allow npm to install the latest patch that might fix some bugs.
In an ideal world of semantic versioning, patched releases won’t include any breaking changes. This, unfortunately, is not always true. The strategy employed by npm may result into two machines with the same
package.json file, having different versions of a package installed, possibly introducing bugs.
To avoid package version mis-matches, an exact installed version is pinned down in a lock file. Every time a module is added, Yarn creates (or updates) a
yarn.lock file. This way you can guarantee another machine installs the exact same package, while still having a range of allowed versions defined in
In npm, the
npm shrinkwrap command generates a lock file as well, and
npm install reads that file before reading
package.json, much like how Yarn reads
yarn.lock first. The difference here is that Yarn always updates
yarn.lock automatically, where npm requires you to maintain it.
Continue reading %Yarn vs npm: Everything You Need to Know%