Fast, Deterministic Builds with Yarn
October 20, 2016
Yarn is a new Node.js package manager released by Facebook. It is intended to be a replacement for npm, the canonical Node.js package manager. It is a very important new tool for the Node.js community, addressing a number of issues experienced across the application life cycle of real world Node.js products.
Yarn produces deterministic builds
Keeping your Node.js-based product’s module dependencies in sync across all of your developer and build server instances is a challenge. By default, npm does not install dependencies in a deterministic way. The dependency descriptions typically have allowable ranges specified in semver notation, so unless developer and build server instances are updated continuously they will soon fall out of sync due to upstream module updates. Installing new dependencies can have the side effect of updating other installed dependencies leading to unexpected program behavior and further exacerbating the ability for developers and build server instances to stay in sync. While dependency versions can be “shrinkwrapped” (“locked down”) there is no dependency integrity verification and requires manual effort that will occasionally be missed despite the best human vigilance.
Yarn creates and updates a lockfile automatically, specifying the exact version of each dependency with additional checksums for integrity verification. Introducing dependency updates is a manual effort and does not happen incidentally when installing or updating a dependency. This makes it easy to recreate an environment with the exact dependency versions at any point in your product’s source history.
Yarn is comparatively fast
- multiple times faster than npm at populating a fresh clone
- an order of magnitude faster than npm at verifying installed packages with a lockfile present
- slightly slower than npm at verifying installed packages when no lockfile is present
Both developers and build server instances can get a product up and running quicker and with increased reliability.
Yarn package source
Yarn is easy to install and use
The simplest method of obtaining Yarn is through npm. The CLI interface is very similar making migrating to it easy, with minor command and argument differences.
Stay up to date with our email updates!