Yarn for beginners

Yarn for beginners

Node.js provides an open-source and cross-platform runtime environment for executing JavaScript code outside a browser. Node.js is ideal for building highly scalable, data-intensive, and real-time back-end services (APIs) that power our client applications.

It allows you to create dynamic web pages written in JavaScript. These include video streaming sites, single-page applications, online chat applications, etc. These pages are executed on the server before being sent to a browser. Node.js has gained tremendous popularity in the JavaScript community.

Popular enterprise companies like Netflix, Uber, and eBay use Node.js to develop their applications. One of the reasons for Node.js popularity is the availability of diverse and open-source packages and libraries.

The popular ones include Express.js, Lodash, AsyncJS, Meteor, Sails, and others. These frameworks are built for Node.js. They help ease the entire web development pipeline. However, to use them in your Node.js projects, you need a package manager.

A package manager enables you to install, uninstall, and manage packages’ dependencies and binaries, as well as update package versioning. There are two major players here, a Node package manager (NPM) and Yarn.

They automate the process of installing, upgrading, configuring, or removing Node.js packages. This guide will help you learn the difference between NPM and Yarn.

Use of the Package manager

  • It is used to download code packages for your apps. These packages are standalone tools that you can use right away within your projects.
  • You can manage multiple versions of packages and dependencies.
  • You can update your applications easily when the underlying package is updated.

Introducing Yarn

Yarn is a new package manager that replaces the existing workflow for the npm client or other package managers while remaining compatible with the npm registry. It has the same feature set as existing workflows while operating faster, more securely, and more reliably.

The primary function of any package manager is to install some package — a piece of code that serves a particular purpose — from a global registry into an engineer’s local environment. Each package may or may not depend on other packages. A typical project could have tens, hundreds, or even thousands of packages within its tree of dependencies.

These dependencies are versioned and installed based on semantic versioning (server). The server defines a versioning scheme that reflects the types of changes in each new version, whether a change breaks an API, adds a new feature, or fixes a bug. However, the server relies on package developers not making mistakes — breaking changes or new bugs may find their way into installed dependencies if the dependencies are not locked down.

Architecture

In the Node ecosystem, dependencies get placed within a node_modules directory in your project. However, this file structure can differ from the actual dependency tree as duplicate dependencies are merged together. The npm client installs dependencies into the node_modules directory non-deterministically. This means that based on the order dependencies are installed, the structure of a node_modules directory could be different from one person to another. These differences can cause “works on my machine” bugs that take a long time to hunt down.

Yarn resolves these issues around versioning and non-determinism by using lock files and an install algorithm that is deterministic and reliable. These lock files lock the installed dependencies to a specific version and ensure that every install results in the exact same file structure node_modules across all machines. The written lock file uses a concise format with ordered keys to ensure that changes are minimal and the review is simple.

The installation process is broken down into three steps:

  1. Resolution: Yarn starts resolving dependencies by making requests to the registry and recursively looking up each dependency.
  2. Fetching: Next, Yarn looks in a global cache directory to see if the package needed has already been downloaded. If it hasn’t, Yarn fetches the tarball for the package and places it in the global cache so it can work offline and won’t need to download dependencies more than once. Dependencies can also be placed in source control as tarballs for full offline installs.
  3. Linking: Finally, Yarn links everything together by copying all the files needed from the global cache into the local node_modules directory.

By breaking these steps down cleanly and having deterministic results, Yarn is able to parallelize operations, which maximizes resource utilization and makes the installation process faster. On some Facebook projects, Yarn reduced the install process by an order of magnitude, from several minutes to just seconds. Yarn also uses a mutex to ensure that multiple running CLI instances don’t collide and pollute each other.

Throughout this entire process, Yarn imposes strict guarantees around package installation. You have control over which lifecycle scripts are executed for which packages. Package checksums are also stored in the lock file to ensure that you get the same package every single time.

Features

In addition to making installs much faster and more reliable, Yarn has additional features to further simplify the dependency management workflow.

  • Compatibility with both the npm and Bower workflows and supports mixing registries.
  • Ability to restrict licenses of installed modules and a means for outputting license information.
  • Exposes a stable public JS API with logging abstracted for consumption via build tools.
  • Readable, minimal, pretty CLI output.

The lock file generation

A lock file is a list that contains all of the dependencies required for your project to function. This file “locks down” your dependency versions. That way whenever someone else runs yarn install or npm install, they’ll receive the exact dependencies versions listed in the lock file. This ensures that your team has the identical package versions as you do. It also helps prevent bugs that can appear due to the introduction of updated, untested package versions.

Security

You download stuff from the NPM registry without necessarily knowing what you’re downloading. However, these package managers perform a security check on each installation.

Yarn checks behind the scenes and make sure that you’re not downloading rogue scripts or stuff that can conflict with your project dependencies. Security is one of Yarn’s core features.

In the past, NPM was very fragile and didn’t provide a secure installation process. This allowed other packages to get included on the fly, resulting in possible security systems vulnerabilities. It has since then greatly improved on the security checks with its recent updates.

NPM vs Yarn new updates

Yarn and NPM are continually updating to improve on their current features, as well as adding new features such as NPX and PnP.

NPX

NPX stands for Node Package Executor. It is a new addition to the NPM version 5.2.0 or higher. NPX helps you to execute one-off commands. With NPX, you can execute packages from the NPM registry without installing them to your project dependencies.

There are more features that you can benefit from using NPX. Check this guide to learn more about NPX.

Yarn2 (Berry)

Yarn introduced Yarn2, nicknamed Berry. This new Yarn version has exciting features such as Plug’n’Play, Constraints, Offline installation, Zero installs, Workspaces, and Yarn Dlx (the new Yarn NPX).

The most significant additions here are:

  1. Plug’n’Play — This is an alternative installation strategy. Instead of generating a node_modules directory and leaving the resolution to Node.js, Plug’n’Play generates a single pnp.js file and lets Yarn tell us where to find our packages.

This means

  • No more node_modules.
  • Reduced package installation time by up to 70%.
  • Plug’n’Play will warn you when you forget to list your dependency.
  • Faster project booting time.

Check this guide to learn more about Plug’n’Play.

  1. Constraints — Constraints offer a way to specify generic rules using prologue (a declarative programming language) to manage the dependencies in your project. This allows you to write rules and ensure that there are no conflicting dependencies in your repository.
  2. Improved Workspaces — Workspaces allow you to create a mono repository to manage the dependencies across multiple projects. This allows multiple projects to cross-reference each other. Changes applied to one project repository are applied to the others.

Yarn2 differs a lot from Yarn1. Check this migration guide on how to switch from Yarn1 to Yarn2.

Additional resources



Comments

Post a Comment

Popular posts from this blog

Bootstrap for beginners

Image
  Bootstrap for beginners You’ve definitely heard of this helpful resource for simpler page styles if you’ve found yourself here. Perhaps you have given it a shot on your own and found that you really don’t like it, at which point you started asking, “Why the hell do people say that it’s way easier to apply Bootstrap?” What is Bootstrap? Bootstrap is an open-source software package that can be used to build mobile-friendly websites and applications. It is the most widely used framework for creating mobile-friendly webpages with HTML, CSS, and JavaScript. The issue of incompatibility between browsers is just one of several that it fixes. These days, websites work faultlessly across desktop, tablet, phablet, and mobile phone browsers and displays of all sizes. Bootstrap’s creators, Twitter’s Mark Otto, and Jacob Thornton, deserve all the credit. Responsive Marketed as “One framework, all devices,” Bootstrap aims to be universal in its applicability. The reason for this is th...
Read more

Html History

Image
  Html History The World Wide Web began life in the place where you would least expect it: at CERN, the European Laboratory for Particle Physics in Geneva, Switzerland. CERN is a meeting place for physicists from all over the world, where highly abstract and conceptual thinkers engage in the contemplation of complex atomic phenomena that occur on a minuscule scale in time and space. This is indeed a surprising place for the beginnings of a technology that would, eventually, deliver everything from tourist information, online shopping and advertisements, financial data, weather forecasts, and much more to your personal computer. In other words, there could be cross-references from one research paper to another. This would mean that while reading one research paper, you could quickly display part of another paper that holds directly relevant text or diagrams. Documentation of a scientific and mathematical nature would thus be represented as a `web’ of information held in electron...
Read more

History of the web browser

Image
  History of the web browser In 1950, computers took up whole rooms and were dumber than today’s pocket calculators. But progress was swift, and by 1960, they were able to run complex programs. Governments and universities across the globe thought it would be great if the machines could talk, nurturing collaboration and scientific breakthroughs. ARPANET was the first successful networking project, and in 1969, the first message was sent from the computer science lab at the University of California, Los Angeles (UCLA) to the Stanford Research Institute (SRI), also in California. British computer scientist Tim Berners-Lee created the first web server and graphical web browser in 1990 while working at CERN , the European Organization for Nuclear Research, in Switzerland. WorldWideWeb was the name he gave to his new internet browser. The NeXT computer provided a simple graphical user interface. The World Wide Web was the first public network on which text content could be lin...
Read more