Everything You Wanted to Know About Yarn Package Manager (opens in new tab)

(atatus.com)

22 pointsfizerkhan9y ago27 comments

27 comments

This post contains content that is plagiarized verbatim from other sources. Namely Yehuda's blog post and the Yarn homepage itself.

noir_lord9y ago

http://yehudakatz.com/2016/10/11/im-excited-to-work-on-yarn-... for those who where curious.

gotofritz9y ago

- promises "everything you wanted to know about yarn"

- has barely any content

joelthelion9y ago

Well, most people don't want to know much about Yarn. Granted, mostly because they don't even know it exists :)

sotojuan9y ago

What do you expect when Yarn has been out for less than a couple of weeks and this person isn't involved with the project in any way?

wnevets9y ago

to not write an article proclaiming its everything?

1 more reply

gotofritz9y ago

I expect the title to be something along the lines of "First thoughts on Yarn"

choward9y ago

I was thinking the same thing. I want to know about the pitfalls and reasons not to use yarn. For example, does it support modules from github?

matthewmacleod9y ago

I have such a burning, unquenchable hatred for NPM that I just switched to using Yarn. It's fine, has done what I expect it to, and hasn't caused any problems so far. Maybe not an ideal solution, but for someone coming primarily from languages that have non-shitty package managers it's a breath of fresh air.

ittan9y ago

Yarn needs to learn from lein for clojure. Yarn is the wrong way forward, but an incremental fix for npm.

ngrilly9y ago

What can be learnt from lein? (I've not used Clojure enough to know.)

aarpmcgee9y ago

I would also like to hear more about this!

Kiro9y ago

What's the benefit of having a lockfile compared to just specifying exact versions in your package.json?

throwanem9y ago

Because you can only specify exact versions for your top-level dependencies. Whether or not they pin versions of their own dependencies is up to their own maintainers; you can't control it from package.json. And, while a lot of npm packages adhere to semver and avoid shipping breaking changes on minor version number bumps, a lot of npm packages don't. So you can get hosed through no fault of your own by an Nth-level dependency.

'npm shrinkwrap' solves this by pinning the currently installed versions of everything under node_modules/, regardless of dependency depth. Yarn does the same thing, but by default rather than, as with npm, an optional extra. There's an argument to be made that the correct place to shrinkwrap, if you want to, is in your build process. But I suspect that, in practice, Yarn defaulting to it will prove a net positive, albeit a bit of a speedbump for people looking to do turnkey migrations from npm.

Kiro9y ago

Oh, of course. Thank you!

kyriakos9y ago

anyone knows if yarn has an equivalent of --no-bin-links option?

EDIT: guess not according to https://github.com/yarnpkg/yarn/issues/929

agnivade9y ago

Why can't all of this be patched in npm ? Why do we have to create a new tool every time ?

It makes no sense and honestly makes me want to tear my hairs.

sotojuan9y ago

I don't get why people say this. You're acting like the npm team is desperate for contributions and fixes and the Yarn people are like "No! We'll make our OWN tool!".

It's the literal opposite. npm hasn't been open to contributions or fixes for years.

throwanem9y ago

Really? https://github.com/npm/npm/pulls?q=is%3Apr+is%3Aclosed would seem to suggest otherwise. Should I be looking elsewhere? Is there something I'm not seeing here?

1 more reply

Touche9y ago

A lot of people say this and I'll repeat the answer: go look at npm's source code and tell me you'd like to "patch in" a large change such as the one Yarn takes on.

No seriously, go look at their source code. In particular go look at the caching code, one of the big things that Yarn fixes. You think their time would have been better spent hacking on that?

throwanem9y ago

Maybe? It'll be interesting to see how many bugs turn up in Yarn that've already been fixed in npm. Until we can perform that kind of comparison, I'm not sure it is possible to know whether building a new package manager from scratch was more worthwhile than improving the one that everyone already uses.

1 more reply

jerrycruncher9y ago

My favorite thing about the post* that introduced Yarn, itself a rewrite of a basic component, is that the author(s) unironically began with "In the JavaScript community, engineers share hundreds of thousands of pieces of code so we can avoid rewriting basic components, libraries, or frameworks of our own."

*https://code.facebook.com/posts/1840075619545360?_fb_noscrip...

j / k navigate · click thread line to collapse

27 comments

eric_b9y ago

This post contains content that is plagiarized verbatim from other sources. Namely Yehuda's blog post and the Yarn homepage itself.

noir_lord9y ago

http://yehudakatz.com/2016/10/11/im-excited-to-work-on-yarn-... for those who where curious.

gotofritz9y ago

- promises "everything you wanted to know about yarn"

- has barely any content

joelthelion9y ago

Well, most people don't want to know much about Yarn. Granted, mostly because they don't even know it exists :)

sotojuan9y ago

What do you expect when Yarn has been out for less than a couple of weeks and this person isn't involved with the project in any way?

wnevets9y ago

to not write an article proclaiming its everything?

1 more reply

gotofritz9y ago

I expect the title to be something along the lines of "First thoughts on Yarn"

choward9y ago

I was thinking the same thing. I want to know about the pitfalls and reasons not to use yarn. For example, does it support modules from github?

matthewmacleod9y ago

ittan9y ago

Yarn needs to learn from lein for clojure. Yarn is the wrong way forward, but an incremental fix for npm.

ngrilly9y ago

What can be learnt from lein? (I've not used Clojure enough to know.)

aarpmcgee9y ago

I would also like to hear more about this!

Kiro9y ago

What's the benefit of having a lockfile compared to just specifying exact versions in your package.json?

throwanem9y ago

Kiro9y ago

Oh, of course. Thank you!

kyriakos9y ago

anyone knows if yarn has an equivalent of --no-bin-links option?

EDIT: guess not according to https://github.com/yarnpkg/yarn/issues/929

agnivade9y ago

Why can't all of this be patched in npm ? Why do we have to create a new tool every time ?

It makes no sense and honestly makes me want to tear my hairs.

sotojuan9y ago

I don't get why people say this. You're acting like the npm team is desperate for contributions and fixes and the Yarn people are like "No! We'll make our OWN tool!".

It's the literal opposite. npm hasn't been open to contributions or fixes for years.

throwanem9y ago

Really? https://github.com/npm/npm/pulls?q=is%3Apr+is%3Aclosed would seem to suggest otherwise. Should I be looking elsewhere? Is there something I'm not seeing here?

1 more reply

Touche9y ago

A lot of people say this and I'll repeat the answer: go look at npm's source code and tell me you'd like to "patch in" a large change such as the one Yarn takes on.

No seriously, go look at their source code. In particular go look at the caching code, one of the big things that Yarn fixes. You think their time would have been better spent hacking on that?

throwanem9y ago

1 more reply

jerrycruncher9y ago

*https://code.facebook.com/posts/1840075619545360?_fb_noscrip...

j / k navigate · click thread line to collapse