Everything You Wanted to Know About Yarn Package Manager
atatus.comThis post contains content that is plagiarized verbatim from other sources. Namely Yehuda's blog post and the Yarn homepage itself.
http://yehudakatz.com/2016/10/11/im-excited-to-work-on-yarn-... for those who where curious.
- promises "everything you wanted to know about yarn"
- has barely any content
Well, most people don't want to know much about Yarn. Granted, mostly because they don't even know it exists :)
What do you expect when Yarn has been out for less than a couple of weeks and this person isn't involved with the project in any way?
to not write an article proclaiming its everything?
Such is the problem with the majority of programming blog posts.
I expect the title to be something along the lines of "First thoughts on Yarn"
I was thinking the same thing. I want to know about the pitfalls and reasons not to use yarn. For example, does it support modules from github?
I have such a burning, unquenchable hatred for NPM that I just switched to using Yarn. It's fine, has done what I expect it to, and hasn't caused any problems so far. Maybe not an ideal solution, but for someone coming primarily from languages that have non-shitty package managers it's a breath of fresh air.
Yarn needs to learn from lein for clojure. Yarn is the wrong way forward, but an incremental fix for npm.
What can be learnt from lein? (I've not used Clojure enough to know.)
I would also like to hear more about this!
What's the benefit of having a lockfile compared to just specifying exact versions in your package.json?
Because you can only specify exact versions for your top-level dependencies. Whether or not they pin versions of their own dependencies is up to their own maintainers; you can't control it from package.json. And, while a lot of npm packages adhere to semver and avoid shipping breaking changes on minor version number bumps, a lot of npm packages don't. So you can get hosed through no fault of your own by an Nth-level dependency.
'npm shrinkwrap' solves this by pinning the currently installed versions of everything under node_modules/, regardless of dependency depth. Yarn does the same thing, but by default rather than, as with npm, an optional extra. There's an argument to be made that the correct place to shrinkwrap, if you want to, is in your build process. But I suspect that, in practice, Yarn defaulting to it will prove a net positive, albeit a bit of a speedbump for people looking to do turnkey migrations from npm.
Oh, of course. Thank you!
anyone knows if yarn has an equivalent of --no-bin-links option?
EDIT: guess not according to https://github.com/yarnpkg/yarn/issues/929
Why can't all of this be patched in npm ? Why do we have to create a new tool every time ?
It makes no sense and honestly makes me want to tear my hairs.
I don't get why people say this. You're acting like the npm team is desperate for contributions and fixes and the Yarn people are like "No! We'll make our OWN tool!".
It's the literal opposite. npm hasn't been open to contributions or fixes for years.
Really? https://github.com/npm/npm/pulls?q=is%3Apr+is%3Aclosed would seem to suggest otherwise. Should I be looking elsewhere? Is there something I'm not seeing here?
I've contributed multiple issues and PRs which have been completely ignored. It seems from the outside that their focus on monetizing causes their API to be purposefully opaque and subject to change. It's been disappointing and certainly turns me off from ever purchasing private repo hosting from npm itself.
For reference:
https://github.com/npm/npm/issues/12085
https://github.com/npm/npm/issues/8319
https://github.com/npm/couch-login/pull/13
I have a deep understanding of how it works now, and therefore more to contribute, but what's the point? I just keep running my own npm(s) instead and contribute to packages that appreciate it.
A strong statement, to be sure, for which one would hope to see equally strong evidence. But two out of those three issues have unfulfilled requests for followup. I'm not sure quite what you mean them to show.
A lot of people say this and I'll repeat the answer: go look at npm's source code and tell me you'd like to "patch in" a large change such as the one Yarn takes on.
No seriously, go look at their source code. In particular go look at the caching code, one of the big things that Yarn fixes. You think their time would have been better spent hacking on that?
Maybe? It'll be interesting to see how many bugs turn up in Yarn that've already been fixed in npm. Until we can perform that kind of comparison, I'm not sure it is possible to know whether building a new package manager from scratch was more worthwhile than improving the one that everyone already uses.
Exactly my point. I am not totally against reinventing the wheel. Sometimes its fun and sometimes interesting results do come out of it. I am especially looking at the servo project.
But considering the amount of collaboration effort it took to build this (fb said they collaborated with multiple companies in different timezones), wouldn't it be better to spend a little more time understanding npm's codebase and get it patched ? Maybe I'm wrong, but yea just a thought.
> But considering the amount of collaboration effort it took to build this (fb said they collaborated with multiple companies in different timezones), wouldn't it be better to spend a little more time understanding npm's codebase and get it patched ?
Better for you? You know that open source work is free labor, right? Why should they prefer to spend weeks trying to understand undocumented, opaque and "clever" code (much of which has never been refactored) when they can start from scratch with a codebase of their own design?
What I'm asking is, what is the value to them? Or to you (assuming you ever do open source)? Unless you are getting paid for your OS work, you're under no obligation to do things any way other than what works for you.
My favorite thing about the post* that introduced Yarn, itself a rewrite of a basic component, is that the author(s) unironically began with "In the JavaScript community, engineers share hundreds of thousands of pieces of code so we can avoid rewriting basic components, libraries, or frameworks of our own."
*https://code.facebook.com/posts/1840075619545360?_fb_noscrip...