YARN vs. NPM
Inspired by the latest (May 2018 if you’re reading this at a later time) viral trend of Yanni vs Laurel this blog is going to explain the differences between NPM and Yarn. The first few labs in React we were told to use the NPM install and start CLI commands. While in lecture my instructor had recommended us to install Yarn. So while I am in the first week of learning React and the only thing I am certain they do is that NPM takes a really long time to install on my Mac, I decided to learn what both of these are and familiarize myself with them and provide a small summary in their differences.
What is NPM and Yarn?
Both NPM and Yarn are both package managers. Package Managers is essentially a way to automate the process of installing, upgrading, configuring or removing software.
Upon further research I learned that Yarn was created by Facebook as an alternative to NPM. They created Yarn to solve the problems they were having while using NPM particularly the problems with consistency, security and speed. Yarn has the same feature set while operating faster, more securely and most importantly more reliable.
With the introduction of Yarn it overtook NPM as the preferred manager. Using GitHub’s star counter, Yarn is nearly double that of NPM.
Speed
In terms of installation speed Yarn trumps NPM. Many have done benchmark tests and Yarn edges out NPM in every aspect. This is due to the fact that Yarn installs multiple packages at once compared to NPM which installs one at a time.
Security
Another reason Facebook developed Yarn was NPM’s security issues. NPM allowed packages to run code on installation. NPM will run code from dependencies automatically and on the fly. While this feature has its conveniences, it raised a few security concerns.
How Yarn is different in NPM is that Yarn only installs from your yarn.lock or package.json files. Yarn.lock ensures that the same package is installed throughout all devices, this reduces the possibility of bugs from having different versions installed. Facebook had problems with the consistency with NPM when installing dependencies across different users and machines. Yarn can also be run offline to install packages if you have already installed them in the past (NPM needs an internet connection to install packages.)
NPM Version 5.0
With their newest release if npm 5 many of the shortcomings of NPM were addressed.
- NPM 5 introduced the package-lock.json file for better versioning control.
- NPM 5 is now much faster, but Yarn still edges them out in terms of speed.
- Now supports offline installation for previously downloaded packages.
Conclusion
Both NPM and Yarn are great tools in managing your projects dependencies. There are a lot of improvements Yarn has over npm from faster speeds and stronger security. Many say that if you are already familiar with NPM that a jump to Yarn isn’t really necessary, especially with the release of version 5. Personally I will favor Yarn over NPM mainly because of the speed and that the instructors here at Flatiron prefer Yarn over NPM. But it all boils down to a matter of preference.