|Written by Lucy Black|
|Wednesday, 12 October 2016|
So what is different about Yarn?
The Facebook blog post introducing it says:
In the Node ecosystem, dependencies get placed within a
Yarn resolves these issues around versioning and non-determinism by using lockfiles and an install algorithm that is deterministic and reliable. These lockfiles lock the installed dependencies to a specific version, and ensure that every install results in the exact same file structure in
That a package manager should implement deterministic installs seems to be the least you could ask, but it seems that the npm client isn't deterministic.
Yarn might use the npm registry to get packages but once you have retrieved a package it is cached. This means you can install it locally without having to have an Internet connection and slowly your dependence on the npm registry is decreased.
The irony is that to install Yarn you have to use the npm client, which it then replaces - reminiscent of the idea that the only use of IE is to install another browser. However, there is a serious issue here. It isn't clear if Yarn has the potential to replace or be a fork of the npm registry. At the moment Yarn accesses the registry as supplied by Npmjs.com, but it doesn't authenticate and so cannot work with private packages.
The registry hosts private packages for around $7 per month per programmer; only the hosting and downloading of open source packages is free. It is clear that at some time in the future a Yarn spin-off (pun attempted) could setup a private package facility of its own.
or email your comment to: firstname.lastname@example.org
|Last Updated ( Wednesday, 12 October 2016 )|