_CORE
AI & Agentic Systems Core Information Systems Cloud & Platform Engineering Data Platform & Integration Security & Compliance QA, Testing & Observability IoT, Automation & Robotics Mobile & Digital Banking & Finance Insurance Public Administration Defense & Security Healthcare Energy & Utilities Telco & Media Manufacturing Logistics & E-commerce Retail & Loyalty
References Technologies Blog Know-how Tools
About Collaboration Careers
CS EN
Let's talk

Yarn: the fast and reliable package manager from Facebook

14. 05. 2016 2 min read CORE SYSTEMSdevelopment

Facebook, Google and others introduced Yarn — an alternative npm client solving problems with speed, determinism and offline installation. Why switch to Yarn.

npm problems in enterprise

npm is the default package manager for Node.js, but in an enterprise environment it runs into problems:

  • Non-determinismnpm install can produce different dependency trees on different machines
  • Speed — installing large projects takes minutes
  • Security — no package integrity verification
  • Offline — installation requires a network connection

Yarn solves all of these problems.

Lockfile and determinism

Yarn introduces yarn.lock — an automatically generated file ensuring identical dependency trees:

# yarn.lock
lodash@^4.17.0:
  version "4.17.4"
  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.4.tgz"
  integrity sha1-eCA6TRwyiuHYbcpkYONQ0d9P1cg=

Every dependency has an exact version, URL and integrity hash. yarn install on a CI server produces an identical result to the developer’s machine.

At that time npm had no lockfile — npm shrinkwrap existed, but nobody used it.

Performance and caching

Yarn is dramatically faster than npm:

  • Parallel downloads — packages are downloaded simultaneously, not sequentially
  • Global cache — a package downloaded once does not need to be downloaded again
  • Offline installation — works from cache without internet

Benchmarks show 2–7x speedup over npm 3.x. For CI/CD pipelines where npm install runs on every build, this is a significant saving.

Migrating from npm

Switching to Yarn is trivial:

  • yarn instead of npm install
  • yarn add package instead of npm install --save package
  • yarn remove package instead of npm uninstall package
  • Commit yarn.lock to git (and delete npm-shrinkwrap.json)

Yarn is compatible with the npm registry — it uses the same packages, just a different client. Yarn and npm can coexist, but choose one per project.

Conclusion: competition benefits npm

Yarn pushed npm to improve — npm 5 will bring its own lockfile and improved performance. Healthy competition benefits the entire ecosystem. For current projects we recommend Yarn as the primary package manager.

yarnnpmnode.jspackage managerjavascripttooling
Share:

CORE SYSTEMS

Stavíme core systémy a AI agenty, které drží provoz. 15 let zkušeností s enterprise IT.

Need help with implementation?

Our experts can help with design, implementation, and operations. From architecture to production.

Contact us