Yarn

What is Yarn?

Yarn is a fast, reliable, and secure dependency management tool for JavaScript projects. Developed by Facebook (now Meta), Yarn was created to address performance and security issues with npm. It provides deterministic installs, offline caching, and parallel downloads, making it a popular choice for modern JavaScript development.

Key Features

• Fast Installation: Parallel downloads and caching for speed
• Deterministic: Lockfile ensures consistent installs across environments
• Secure: Checksums verify package integrity
• Offline Mode: Install packages without internet connection
• Workspaces: Manage multiple packages in a single repository
• Zero Installs: Yarn 2+ can run without node_modules

Common Yarn Commands

                    
# Initialize a new project
yarn init

# Add dependencies
yarn add react react-dom
yarn add --dev webpack babel-loader
yarn add --peer react@^17.0.0

# Install all dependencies
yarn install
yarn  # shorthand

# Remove dependencies
yarn remove lodash

# Update dependencies
yarn upgrade
yarn upgrade react@latest

# Run scripts
yarn start
yarn build
yarn test

# Workspace commands
yarn workspace my-package add lodash
yarn workspaces run build

# Check for outdated packages
yarn outdated

# Audit for security vulnerabilities
yarn audit
yarn audit --fix

# Clean cache
yarn cache clean
                    
                

Package.json Scripts with Yarn

                    
{
  "name": "my-project",
  "version": "1.0.0",
  "scripts": {
    "start": "react-scripts start",
    "build": "react-scripts build",
    "test": "react-scripts test",
    "eject": "react-scripts eject",
    "lint": "eslint src/",
    "format": "prettier --write src/"
  },
  "dependencies": {
    "react": "^18.2.0",
    "react-dom": "^18.2.0"
  },
  "devDependencies": {
    "eslint": "^8.0.0",
    "prettier": "^2.8.0"
  },
  "workspaces": [
    "packages/*"
  ]
}
                    
                

Yarn vs npm Comparison

• Speed: Yarn is generally faster due to parallel downloads
• Security: Yarn uses checksums to verify package integrity
• Lockfile: yarn.lock vs package-lock.json
• Workspaces: Better monorepo support in Yarn
• Offline: Yarn can install packages offline from cache

Yarn Workspaces Example

                    
// Root package.json
{
  "name": "my-monorepo",
  "private": true,
  "workspaces": [
    "packages/*"
  ],
  "scripts": {
    "build": "yarn workspaces run build",
    "test": "yarn workspaces run test"
  }
}

// packages/ui/package.json
{
  "name": "@mycompany/ui",
  "version": "1.0.0",
  "main": "dist/index.js",
  "dependencies": {
    "react": "^18.2.0"
  }
}

// packages/app/package.json
{
  "name": "@mycompany/app",
  "version": "1.0.0",
  "dependencies": {
    "@mycompany/ui": "1.0.0",
    "express": "^4.18.0"
  }
}