After using the successful npm client for years, a group of Facebook engineers realized that the size of the codebase and the number of engineers grew too much to handle. They needed to create a new package manager to reliably manage all the dependencies, while still giving engineers access to the npm registry.
The result of this is an open-source, fast and secure alternative npm client called Yarn, which came from a collaboration of Exponent, Google, Tilde and Facebook engineers. Using Yarn, engineers can install their packages quickly and manage dependencies across offline environments or across machines.
According to a Facebook Code blog post, the primary function of a package manager is to install a piece of code from a global registry into an engineer’s local environment. The average project could have anywhere from 10 to 10,000 packages within its tree of dependencies.
In a Node ecosystem, dependences get placed within a node_modules directory in a project. But, based on the dependencies installed, the structure of a node_modules directory could be different from one person to another, according to the blog post.
This creates a problem called “works on my machine” bugs, which take a long time to hunt down, according to the blog. This is the issue that Yarn aims to resolve.
To avoid these issues, Yarn uses lockfiles and an install algorithm that is “deterministic and reliable,” according to Facebook. The lockfiles ensure that every install results in the exact same file structure across the machines. This entire install process can be broken down, according to the blog post:
“1. Resolution: Yarn starts resolving dependencies by making requests to the registry and recursively looking up each dependency.
“2. Fetching: Next, Yarn looks in a global cache directory to see if the package needed has already been downloaded. If it hasn’t, Yarn fetches the tarball for the package and places it in the global cache so it can work offline and won’t need to download dependencies more than once. Dependencies can also be placed in source control as tarballs for full offline installs.
“3. Linking: Yarn links everything together by copying all the files needed from the global cache into the local node_modules directory.”
Top five projects trending on GitHub this week
#1. Yarn: You just learned all about this client for secure dependency management.
#2. Google Interview University: A complete daily plan for studying to become a Google software engineer.
#3. The Open Guide to Amazon Web Services: “Amazon Web Services—a practical guide.”
#5. FreeCodeCamp: Back at it again with the FreeCodeCamp project!