Unraveling npm: Deterministic dependencies with Yarn

Npm is known to be non-deterministic. This means that depending on the order you install dependencies in, your node_modules folder can look very different. Debugging a dependency issue often consists of throwing away your node_modules and running npm install again. With the average JS project nowadays having hundreds of dependencies this can be pretty scary.

“Life calls the tune, we dance.” - John Galsworty

Yarn offers an easily accessible deterministic alternative to npm. It uses your existing package.json and installs dependencies to the familiar node_modules directory.

With Yarn you can feel safe installing your dependencies knowing that your node_modules folder structure will end up exactly the same every time. Yarn adds a yarn.lock file to your project locking the exact versions of your dependencies. It keeps checksums so the installed package is guaranteed to be the same.

Little things matter

I can't count the number of times I've ran npm install <package> only for my code to fail minutes later on the CI. Turns out typing --save is hard for me. Yarn makes me sane again:

yarn add <packagename>

Dependencies are stored in package.json by default. Makes sense.

Speed knitting

Running Yarn on a (small) project shows a speed improvement as well.


» rm -rf node_modules
» time npm install
npm install  44.51s user 18.75s system 114% cpu 55.335 total

yarn (first run):

» rm -rf node_modules
» time yarn install
yarn install  33.01s user 23.81s system 128% cpu 44.204 total

yarn (cached):

» rm -rf node_modules
» time yarn install
yarn install  18.83s user 14.72s system 130% cpu 25.612 total

Getting started with Yarn

Starting with Yarn couldn't be easier. Install Yarn with npm:

npm install -g yarn

Now you can start a new project with yarn init or migrate your existing project by simply running yarn install. This will generate a yarn.lock file. Don't forget to check this in to version control!

There's a lot more to like about Yarn. It's generally faster than npm, supports multiple registries (like Bower) and offers an Offline mode.

Zilverline gebruikt cookies om content en advertenties te personaliseren en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services.