I understand that Yarn 2 is essentially a new tool, as there are certain features you simply can't ship while still being compatible with npm, but this hasn't resonated with developers. The initial appeal of Yarn 1 was that you could pretty much drop it into your node project and get much faster install times. `pnpm`, from what I understand, is faster than yarn, while still having that seamless interop w/ npm.
- many basic things were missing from the docs for a long time, or at least were easier to find in Github issues (e.g. "what should I gitignore")
- defaulting to PnP meant that, without configuration, things wouldn't properly work on many projects based on frameworks/toolkits/editors
- opinionated defaults made things harder than necessary (e.g. why does `yarn init` create a Git repository?)
You either had to accept/work around these issues, or configure everything to work as e.g. npm or yarn 1 did. I did the latter, and am still happy that I bought in - but I can very much understand anyone who didn't.
My preferred setup with Yarn 2+ projects is:
- use the node-modules linker (I tried pnp every couple of months and always ran into some issue, which I sometimes sent PRs for, but there was always something not working)
- gitignore as described for zero-installs[0] (even though I don't use pnp; this has the advantage that you'll have a ZIP copy of every module cached, leading to very fast local/CI installs and resistance against registry issues)
- create .gitattributes file as described at the end of [0] to hide the binary files from diffs
- add the base SDK[1] for WebStorm support (this rarely worked well)
- add the TypeScript plugin
[0]: https://yarnpkg.com/getting-started/qa#which-files-should-be... [1]: https://yarnpkg.com/getting-started/editor-sdks
I see no reason for anyone to use Yarn. Either use vanilla npm, or use pnpm which doesnt require a mountain of hacks to work.
The plugins system has been extremely valuable to us, and the hoisting / peer dependency behavior has been consistently correct, where other package managers have caused bugs.
Yeah, they really wanted you to install yarn's source to your repo, which is why they don't let you `npm install` yarn v2 (or higher). That's maybe great for monorepos, but personally I find it ugly.
Thankfully now you can use `corepack`, which is shipped with npm. This way you can specify a version of yarn in packages.json, in the `packageManager` field. That is, without committing yarn's source to your repo.
This way you always have the right version when cloning a random Yarn repo.
pnpm is (at least) as fast as Yarn 1, and they managed to do it with a much better compatibility story (in my experience)
I remember upgrading yarn to yarn 2 and instantly regretting it then reverting.
- it patches packages to work with its PnP system
- even if you opt out of PnP
- in ways that are opaque for me as a user
- and in ways that break usage, eg it broke a beta version of TypeScript because the patch it wanted to apply wasn’t available for the beta
I’m sure the PnP feature is brilliant, but I don’t want to use it and I don’t want its behavior to be applied when I don’t use it. So Yarn 2+ is not an option for me. And since Yarn 1 is still supported, and meets my needs well, I continue to use it by choice.
Weirdly, going from v1 to v4 is a lot easier now than v1 to v2 or v1 to v3.
That being said... It's too little too late. I use `pnpm` now and maybe I'll use `bun` after total Node compatability.
In personal projects I heavily gravitate towards bun as a package manager now, it's npm drop-in replacement but faster (and typing `bun run` is just so cute compared to `npm run`).
People really should get off of Yarn 1. It's not maintained, has a poor package locking system, and bugs will simply never be fixed.
I've actually been really happy with 3.2.1. It and wireit together make it super easy to work on a project that spans various libraries/repos. PnP was a compatibility nightmare, but node-modules mode works.
For comparison, not long ago I switched from pipenv to poetry and that was pretty much drop-in, with nevertheless markedly incremental improvements.
I love UI development. If only I could get to building the actual thing…
Corepack is a nice addition to Node to make it easy to install a package manager but it's also an unwelcome layer of abstraction (why isn't there just one?).
Yes, if memory serves me right, yarn might've been first with `yarn.lock` before `package-lock.json` was a thing.
But why would I use yarn today?
I don't care about speed of npm install locally, I do it once in a blue moon.
I don't care if my pipeline takes 3 minutes (yarn) to install dependencies instead of 5 minutes (npm).
I think many many many people switched to Yarn 1.x wholesale and then switched back to NPM once it had undergone some improvements.
I'll be very happy when npm's linked install strategy is stable so that there's less reason to use pnpm and we get dependency isolation in monorepos.
But in 2022-2023, I feel like I'm starting to see a lot of yarn again. Maybe just anecdotal, or maybe something changed I'm not aware of.
As long as the npm roadmap doesn't stray too far from what developers want, or ship those things too slowly, there should be no need to use yarn.
But for that to work, yarn needs to remain a credible alternative, so that it's actually possible to overcome the switching cost.
Add that to the mix...
In a similar vein,
https://github.com/lerna/lerna
I am not sure when to use `npm workspaces` instead of lerna now? It seems like the answer (for me at least) was "you don't need lerna anymore given recent (past 2 years) NPM updates"
* Deduplicates versions of packages across workspaces (desirable for some projects)
* No-configuration linking between workspace modules
* Doesnt force using a specific structure
* Top level module can be used to specify shared versions
I still like the yarn cli more than the npm one, but I ended up just defaulting to npm.
> Hardened Mode, constraints engine
a) pin your dependencies, set save-prefix='' in .npmrc, use a tool like pnpm outdated, Renovate, Dependabot, npm-check-updates to keep them updated. Doesn't need to be done or enforced in the package manager, Git Hooks and CI are sufficient. b) use syncpack to ensure all your dependencies in different workspaces use the same versions. This doesn't need to be done in the package manager.
pnpm also has pnpm licenses to help keep compliance happy.
If someone wants to write a package manager in Rust for speed (pnpm is already moving in this direction, see https://github.com/pnpm/pn and https://github.com/pnpm/pacquet ), we'd take a look. Otherwise - not enough benefit to switching away.
The example in their docs [1] seems to just be wrong
> FROM common AS app1
> COPY --from=prod-deps /app/packages/app1/node_modules/ /app/packages/app1/node_modules
> COPY --from=build /app/packages/app1/dist /app/packages/app1/dist
This of course will not work, since the node_modules folders of packages in a pnpm workspace just contain symlinks to the virtual store at the root of the monorepo, not the actual modules. I don't see any good way to do what this example pretends to achieve (minimize docker image build size) since even when hoisting is forced, pnpm seems to only ever hoist node_modules in the root of the repo.
Sorry for this somewhat unrelated rant, I was just surprised at hitting such an obstacle immediately after trying to adopt pnpm after I heard so much praise for this tool.
[1] https://pnpm.io/docker#example-2-build-multiple-docker-image...
As someone struggling with Docker caching at work at the moment, I think your problem is less with pnpm and more with the difficulty of writing decent Dockerfiles.
How about Zig?
Seriously, try Bun. It's stupid fast. Even if you don't use all its other features, just try "bun install".
pnpm is more than just pnpm install, there's an evolving ecosystem of tools. For a mainstream project looking for tools to depend on, either everything supports bun, or it might as well be nothing.
Why not?
Yarn came out at a time when NPM was particularly slow and buggy. NPM has caught up some since then, but I _personally_ still like Yarn better. I find the CLI output more useful, and it feels like it installs in a more consistent amount of time.
You should only have one of them in use in a project at time.
PNPM is another alternative package manager that installs the same packages, but tries to use symlinks to a single globally-cached copy of each package to save disk space. (I believe recent versions of Yarn have an equivalent option, but it's not on by default.)
Well, no. Not if you use Yarn's zero-install or PnP or whatever they call it. It doesn't create node_modules and thus it's not very compatible, and that's the problem everyone is complaining about.
And the lockfiles aren't cross-compatible either.
Yarn 1.x came out because NPM was really slow and buggy back in the day. Yarn was fast and buggy. Then Yarn 2 came out, was even faster and less buggy, but not backward compatible. I've never actually seen it used in the wild, even now (it's just yarn and NPM on all the projects I've worked on).
Bigger differences will come trying to upgrade multiple packages at once, especially across major versions (e.g. 2.x to 3.x). It's going to be hard no matter what, but `yarn upgrade-interactive` makes it a bit simpler, while npm has third party plugins that do similar things. There's also complexities involved if you need to switch the underlying `node` version across projects, since npm and yarn both need different node versions depending on their own version.
Their final outputs are similar (a node_modules folder where all your JS dependencies and sub-dependencies live), but their internal workings are different, and you shouldn't use both together because they will conflict with each other (sometimes).
Generally, switching back and forth isn't hard on smaller projects: just delete the lock files and delete the node_modules folder and reinstall everything from scratch.
But you really don't want to get into the habit of doing that. There's no real benefit (just choose one and stick with it; either is fine these days), and you may introduce hard-to-catch bugs related to one of your thousands of dependencies. Especially on bigger projects, erasing the lockfile means that it will try to use the designated SemVer in your package.json to get the desired version, but that may be different than the actual version that was being used, which is stored in the lockfile as a manual override. I'm not sure why these package managers had two sources of truth, but it's a nightmare.
1. yarn was a shiny version of npm
2. They did a Python 3 stunt (well...much worse) with yarn 2 so nobody uses it and everyone stuck with 1.x
3. Bugs aren't fixed in 1.x
4. So back to npm, or the next shiny thing.
Edit: no you can't switch back and forth. The tools end up storing internal state in your project repo. I mean, yes you can change, but it'll mean some hassle and possibly re-writing build files.
I mostly write C code these days, so I decided to checkout node to see what it was all about, and the shiny thing is spot on. A number of things that I looked at were described as "old" by people because they had been replaced by the new hotness a few months back.
And it was so much better that if they hadn’t pulled the python 3 but worse stunt I suspect a significant number of projects would have continued using yarn even after npm had caught up in terms of features and performance.
I briefly tried Yarn 3 but it also did some weird things.
Here's to hoping that Yarn 4 "just works" the way Yarn 1 does.
I think if I really went searching for problems I might find something. I also just try to avoid JS these days unless it’s UI, and there I keep things very lean and straightforward.
I use "yarn run" incredibly frequently, for things like "yarn run nodemon" and "yarn run tsc" or other executable packages that are local dependencies.
I'm not convinced they can catch up even on speed, and Bun ergonomics are also a lot nicer from the get go.
Funny enough, I got our work project working with yarn berry (whatever number this was this summer) in 10-15 minutes, but I couldn't manage to do the same with bun. I'll try again now after they got few minor updates probably just to see if its better now...
My own experience is that Yarn 2/3 have worked great, as long as you stick with the "`node_modules` linker" option rather than the "PnP/Zero Install" option.
Yarn 2 brought a lot of great improvements but since it was named "Yarn" people were expecting it to behave somewhat like the first one.
Judging by the other comments in this thread, and the blog post saying that "zero-install is disabled by default", I had kinda hoped 4 would be a reboot of Yarn v1 with modern conveniences. This does not appear to be the case.
I'm still not sure whether it goes like "2.x -> 3.x -> 4.x are all in the same line, and upgrading from 2 to anything beyond that is easy" or if they are each as different from each other as 2 was from 1. That's the confusing part. (Like, did the 2.x line stabilize into 4.x, or are these just four separate projects altogether?)
I think it would've been a lot clearer if they just named Yarn 2+ something entirely different, like Moment did with Luxon
(I also still think package managers should be language and ecosystem independent. We just need one way of getting named and versioned folders of files from the internet.)
Is there any good comparison out there of the JS package managers, and the trade-offs they make? I happen to really like the disk/time vs compatibility trade-off yarn 2 makes, but not the zero-install (which had been the default for a time). But hearing that Bun is faster, and better ergonomics? And other people mentioning pnpm? That makes want a package manager in depth comparison.
If you install libfoo@1.0.0 and libfoo@1.0.1 and the only difference between them is a single file, the second copy will only add that file to disk.
If you then install that libfoo@1.0.0 into a hundred projects spread across your disk, no files will be copied (both reflinks and hardlinks only add a bit of filesystem metadata).
Did I miss something, Yarn has been acquired by Datadog or is it poor wording?
The latter should work but the former requires an extra step for now iirc: https://bun.sh/docs/cli/install#lifecycle-scripts
Personally, I've moved on to pnpm (with npm as a fallback when I can't use pnpm).
We went through the same "~2015 everyone uses yarn", "~2020 everyone goes back to npm" cycle, but in the last ~year or so are back on yarn v3 for...reasons that I forget (oh yeah, the ability to download multiple platform libs for when you're running in docker [1])...but :shrug: it's been great.
My only complaint is that `yarn dedupe` should be automatic (as it was in yarn v1), or at least via a flag. :-D
But otherwise yarn v3 (with the node_modules linker) has been great, and look forward to using v4.
[1] here's the "afaict npm can't do this?" snippet we use in `.yarnrc.yml`: https://gist.github.com/stephenh/43c7f15b97b73baf821f2a22c62...
I think Yarn Berry with node_modules linker is strictly better than Yarn 1.0, whereas PnP and zero installs involve tradeoffs that might not be right for everyone. There's a lot of great design decisions in Berry that gets muddled with all the PnP-related discussion. I will say Maël deserves a lot of credit for driving corepack, which makes version control of package management totally seamless. It's always been a total nightmare but now it's shockingly easy.
Also, not having to install plugins such as interactive-tools is sooooo good. I have no ideia why these are plugins in the first place as they are so essential to using Yarn.
I still wish PnP faced better adoption though. In most projects I still go back to using the pnpm or the node-modules linker because of various issues with PnP which are sometimes hard to debug.
In other notes, why the hell in Node corepack still experimental and not enabled by default? I simply don't get it.
There isn't even any arguing with it being an abject failure. It's just abundantly obvious when you look at how many people keep using yarn 1. These patch notes even prove it since they realized how insane it is to make their zero install thing the default.
We definitely suffer badly trying to make the very simple example shown happen across our projects: how do we make sure everyone is using the same version of React (for example)?
I'd be curious to know how this rules engine is usable outside of Yarn. The post talks about it being used at Datadog, seemingly on their app. But I didn't see or missed info on the package itself & how it might be embedded elsewhere.
Also super notable from this release, turning off zero-install by default. Still such a neat idea. Even though most package managers are reasonably fast now, there's still often multiple hundreds of MB of files copied out of cache, for each project, and the idea of just directly using the cache without copying stuff in feels like a real nice to have, a potential big saver of disk space.
Even some “heavyweight” frameworks which I didn’t expect to work, work fine, such as NextJS.
I’m a very happy Yarn Berry user.
So... why didn't they just put a package-manager version number in package.json? I would have no problem with projects requiring Yarn 2+, if upgrading to Yarn 2+ didn't create an obstacle to continuing to run everything else that still uses Yarn 1. As it is now, I'm not willing to even _try_ the newer versions, because I expect to have to revert and I'm worried that I'll lose a day to the mess that the uninstall/revert will create.
I just installed Yarn for the first time and got version 4.0.0, what a coincidence!
A clean major version? At this time of the year? In this part of the world?
I've never been more suspicious of a tool :D
But the codebase is really nice, especially the comments in the plugin system.
I'm SO gonna extend that thing.
In my testing, npm has gotten a lot faster that it used to be and often it is faster than yarn 3.x when doing installs in a CI system. npm also has decent workspace support, excluding the important ability to do topological sort-based builds (which I still use lerna for.)
I also found bun install also works great and fast and is a drop in replacement for npm.
I know my share of frontend technology, React, Angular, AngularJS, MUI, Bootstrap and so on, Vue, Next, Nuxt, Svelte. Others.
None of it is really complex, there are competing, but increasingly incorporating patterns at play, just fighting for views, stars and clicks.
In the end, it boils down to the ever same boilerplate JS feeding a browser.
Please don't misunderstand me: JS can as complex as any "turing-complete"¹ language. But the things which seem to bother us have been solved over and over again, and there are no new solutions in sight, but only reformulations.
¹ there is no real turing-complete language out there, since memory is limited. Flamewar inc.
(I last looked at this closely way back... back then it solved problems I didn't have and didn't solve the problems I did have.)
I admire that arcanis tried something very bold with plug and play and zero installs in version 2 and 3, but is willing to default back to node_modules since it didn't stick. Must have been hard to come up with something this good, but then nearly everyone rejecting it.
