Ready to talk package managers? You know, those tools that make your life as a developer so much easier (or sometimes, more frustrating)? Well, we'...
For further actions, you may consider blocking this person and/or reporting abuse
All three packager manager support lockfiles (package-lock.json, yarn.lock, pnpm-lock.yaml) and install dependencies according to that. I cannot see any reason to favor Yarn over the others?
npm's dependency resolution is inferior compared to yarn. I was working in a react project, after installing some packages, it suddenly became irreproducible on other devices, npm install or npm clean-install just wouldn't work. Tried out yarn and it worked out just fine
@renzhamin This happened multiple times with me as well. when it comes to using private GitHub Repo based packages. It's resolution is too slow and often fails on different platforms.
It's probably because you were using npm wrong. If you want consistency in the versions installed you need to use
npm ci
and notnpm install
.I do wanna agree, choosing a package manager won't make much of a great difference but I prefer yarn. Also beleive me when I say, I didn't mean Yarn is the only package manager which supports
lockfiles
. I meant it's package resolution through the lockfile is much faster.Thanks for making it clear though.
You CLEARLY don't know what you're talking about.
1 - it's VERY tendentious to promote YARN.
2 - you should always use a lockfile to handle dependencies to keep EXACTLY the same package versions (have you ever heard about The 12 Factor App?!?).
3 -
yarn check
is deprecated since Fev/2019 (github.com/yarnpkg/rfcs/pull/106). Actually, you shouldn't be using yarn v1 anymore.4 -
yarn check
never was implemented to be a security feature. It's a feature to verify if the installation was done successfully (github.com/yarnpkg/rfcs/pull/106#p...). This is how would it be in a secure way: docs.npmjs.com/about-registry-sign...5 - Yarn audit USES the npm's audit database (github.com/yarnpkg/yarn/blob/158d9...). yarn does this in a very ineffective way, by the way, if compared with npm way, cause the uses only the database and npm really checks for version, integrity and signing.
npm ALWAYS checks for integrity when installing packages. Ask apologies to your readers, update the post summing up the
yarn install
+yarn check --integrity
times to have a more real case approach.And, please, RTFM before shitpostting.
Really Sorry My man, Just trying to do better.
If some of you need to use different package managers, I recommend looking at the swpm Switch Package Manager project.
You always write the same command no matter the Package Manager and it will translate the command according to the Package Manager used on the project.
Supports: npm, yarn, pnpm and bun
Goddamn I was waiting for your comment. Wherever there is a conversation about package manager I see this. Guys this swpm can be really helpful. :)
I created nstl a while ago that is similar to swpm.
This comic speak with the wise of the universe. 😅
This should be the case with NPM too, if you delete the lockfile it should install the latest version.
On the other hand, if you want consistency, having a 3.0.1 version(fe) installed locally and then CI installs 3.1.1 even though lockfile specifies 3.0.1 is def inconsistent.
is the yarn described v1 or v3/berry?
dev.to/raxraj/why-upgrade-to-yarn-...
@holiq I just published this one. I'll be glad if you take a look on that.
Thanks mate!
I was taking about yarn v1
Can you compare it with yarn v3/berry too?
Sure Can do!.. I will get on it today.
I have to admit Yarn has good features.
Regarding lockfiles, all 3 supports the feature.
It is often overlooked like your example of the 'no more reproducible state of installation', npm can install the same state using the ci command, and pnpm by providing the --frozen-lockfile option to install command.
It's an other discussion that Yarn behaves like this by default.
Also regarding the offline mode, each can cache the downloaded packages, tough sure they handle them with different approach.
One key differentiator that I'm missing here tough is the workspaces feature. For that I'm sure Yarn has a solid lead and in fact most of the points the author made here are serving this feature.
@dannystyleart Great points!!
Apparently you haven't used PNPM, and missed a few cons for yarn. Here is my take on why I use pnpm over yarn and npm.
Awesome article, I guess I need give pnpm a serious try.
Сongratulations 🥳! Your article hit the top posts for the week - dev.to/fruntend/top-10-posts-for-f...
Keep it up 👍
Awesome. Thanks for writing about this
Love to yarn
Yarn and knit! lol
Your analysis is nice, however I think some points are missing:
I agree! Thanks. I would love to be more comprehensive next time.
use of yarn feels simple and commands also feel natural
As I said your codebase and your brain will thank you.
Speed can be very different also using different version of npm. So please, maybe you can write some about version used