Fast, Deterministic Builds with Yarn

October 20, 2016

Blog | Technology | Fast, Deterministic Builds with Yarn

Yarn is a new Node.js package manager released by Facebook. It is intended to be a replacement for npm, the canonical Node.js package manager. It is a very important new tool for the Node.js community, addressing a number of issues experienced across the application life cycle of real world Node.js products.

Yarn produces deterministic builds

Keeping your Node.js-based product’s module dependencies in sync across all of your developer and build server instances is a challenge. By default, npm does not install dependencies in a deterministic way. The dependency descriptions typically have allowable ranges specified in semver notation, so unless developer and build server instances are updated continuously they will soon fall out of sync due to upstream module updates. Installing new dependencies can have the side effect of updating other installed dependencies leading to unexpected program behavior and further exacerbating the ability for developers and build server instances to stay in sync. While dependency versions can be “shrinkwrapped” (“locked down”) there is no dependency integrity verification and requires manual effort that will occasionally be missed despite the best human vigilance.

Yarn creates and updates a lockfile automatically, specifying the exact version of each dependency with additional checksums for integrity verification. Introducing dependency updates is a manual effort and does not happen incidentally when installing or updating a dependency. This makes it easy to recreate an environment with the exact dependency versions at any point in your product’s source history.

Yarn is comparatively fast

Independent and official benchmarks agree — Yarn is fast:

  • multiple times faster than npm at populating a fresh clone
  • an order of magnitude faster than npm at verifying installed packages with a lockfile present
  • slightly slower than npm at verifying installed packages when no lockfile is present

Both developers and build server instances can get a product up and running quicker and with increased reliability.

Yarn package source

Yarn uses its own package registry that acts as a proxy to the official npm registry. According to Facebook employee and Yarn contributor James Kyle, it serves as an additional layer for performance.

Yarn is easy to install and use

The simplest method of obtaining Yarn is through npm. The CLI interface is very similar making migrating to it easy, with minor command and argument differences.

Learn more

Learn more about the motivation behind Yarn by reading the introduction post, Yarn: A new package manager for JavaScript, or get started with Yarn by reading the Yarn Documentation.

Justin Firth

Technical Lead
Tags
  • Node.js
  • npm
  • Technology
  • Trending
  • Yarn

Recent Work

Check out what else we've been working on