- Intro to Yarn
- Install Yarn
- Managing packages
- Inspecing licenses
- Inspecting dependencies
- Upgrading packages
Intro to Yarn
Yarn is a JavaScript Package Manager, a direct competitor of npm, and it’s one of Facebook most popular Open Source projects.
It’s compatible with npm packages, so it has the great advantage of being a drop-in replacement for npm.
The reason you might want to use Yarn over npm are: - faster download of packages, which are installed in parallel - support for multiple registries - offline installation support
To me offline installation support seems like the killer feature, because once you have installed a package one time from the network, it gets cached and you can recreate a project from scratch without being connected (and without consuming a lot of your data, if you’re on a mobile plan).
Since some projects could require a huge amount of dependencies, every time you run npm install to initialize a project you might download hundreds of megabytes from the network.
With Yarn, this is done just once.
This is not the only feature, many other goodies are provided by Yarn, which we’ll see in this article.
In particular Yarn devotes a lot of care to security, by performing a checksum on every package it installs.
Tools eventually converge to a set of features that keeps them on the same level to stay relevant, so we’ll likely see those features in npm in the future - competition is nice for us users.
Install Yarn
While there is a joke around about installing Yarn with npm (npm install -g yarn), it’s not recommended by the Yarn team.
System-specific installation methods are listed at https://yarnpkg.com/en/docs/install. On MacOS for example you can use Homebrew and run
brew install yarn
but every Operating System has its own package manager of choice that will make the process very smooth.
In the end, you’ll end up with the yarn command available in your shell:
Managing packages
Yarn writes its dependencies to a file named package.json, which sits in the root folder of your project, and stores the dependencies files into the node_modules folder, just like npm if you used it in the past.
Initialize a new project
yarn init
starts an interactive prompt that helps you quick start a project:
Install the dependencies of an existing project
If you already have a package.json file with the list of dependencies but the packages have not been installed yet, run
yarn
or
yarn install
to start the installation process.
Install a package locally
Installing a package into a project is done using
yarn add package-name
This is equivalent to running
npm install --save package-name, thus avoiding the invisible dependency issue when runningnpm install package-name, which does not add the dependency to thepackage.jsonfile
Install a package globally
yarn global add package-name
Install a package locally as a development dependency
yarn add --dev package-name
Equivalent to the
--save-devflag in npm
Remove a package
yarn remove package-name
Inspecing licenses
When installing many dependencies, which in turn might have lots of depencencies, you install a number of packages, of which you don’t have any idea about the license they use.
Yarn provides a handy tool that prints the licens of any dependency you have:
yarn licenses ls
and it can also generate a disclaimer automatically including all the licenses of the projects you use:
yarn licenses generate-disclaimer
Inspecting dependencies
Do you ever check the node_modules folder and wonder why a specific package was installed? yarn why tells you:
yarn why package-name
Upgrading packages
If you want to upgrade a single package, run
yarn upgrade package-name
To upgrade all your packages, run
yarn upgrade
But this command can sometimes lead to problems, because you’re blindly upgrading all the dependencies without worrying about major version changes.
Yarn has a great tool to selectively update packages in your project, which is a huge help for this scenario:
yarn upgrade-interactive
