Yarn is a relatively newer package manager (released on October 2016, developed by Facebook) that emerged to address some of the limitations of npm. Yarn aims to provide faster, more reliable dependency management. It offers features like offline mode, deterministic dependency resolution, and parallel installation, which have gained significant traction among developers.
Exclusive features of YARN:
– Plug and play: Yarn 2 no longer uses the node_modules folder. Instead, it generates a .pnp.cjs file that maps dependencies for the project, resulting in more optimal dependency trees and quicker project launch and package installation.
– Offline Mode: Yarn’s offline mode allows developers to work without an internet connection once dependencies are downloaded and cached locally. This feature is particularly beneficial when internet access is limited or unreliable.
– Zero-Installs – allows you to quickly retrieve and install packages that have been saved.
Both NPM and Yarn use the same package.json file to manage dependencies. They allow you to specify project dependencies and versions, making it easier to ensure consistent environments across different machines. However, Yarn’s lockfile mechanism provides deterministic installations by default, whereas npm relies on the package-lock.json file, which can lead to slight variations in dependency resolution.
The package-lock.json file, created by NPM, is also supported by Yarn, making it easy to migrate version data from NPM to Yarn.
One of the key reasons developers turned to Yarn was its improved performance. Yarn caches every package it downloads, so it never needs to download the same package again. Additionally, Yarn parallelizes operations, enabling concurrent installations, which can significantly speed up the process. npm has made significant performance improvements in recent updates, but Yarn still maintains a reputation for faster and more efficient dependency management.
Yarn installs dependencies in parallel.
NPM installs dependencies sequentially.
Every time you install a package, NPM does a security audit to avoid vulnerabilities and assures that no dependencies are incompatible. You can also manually trigger the security audit.
Yarn uses checksums to verify the integrity of every installed package before its code is executed.