I have a project with a package.json file and an install bash script that, among other steps, runs npm install
.
I'm thinking of updating the script so that it runs yarn install
if yarn is available (to take advantage of yarn's caching, lockfile, etc), and falls back to npm install
otherwise. As far as I can tell, all the packages seem to install and work ok either way.
Are yarn
and npm
interchangeable enough for this to be a viable approach, though? Or are there potential issues that this could lead to? Are we meant to just pick one, or is yarn interchangeable with npm in practice?
(nb. I've read this closely related question, but I'm asking this as a separate question because it's about explicitly supporting both yarn and npm install processes in a project)
Sure you can. Just change yarn to npm in package. json and run the app using npm dev.
The major difference between NPM and Yarn comes in terms of security performance. While NPM installs packages sequentially, Yarn performs parallel installation resulting in better speed and performance. NPM has tried to fix vulnerabilities, but still, Yarn is considered more secure than NPM.
Comparing the speed, yarn is the clear winner. Both Yarn and NPM download packages from the npm repository, using yarn add vs npm install command. However, Yarn is much faster than NPM as it installs all the packages simultaneously. It also cashes every download avoiding the need to re-install packages.
Yarn and npm (version >=3.0.0) should be relatively compatible, especially moving from npm to Yarn, because compatibility is one of the stated goals of Yarn. As stated in Migrating from npm:
Yarn can consume the same package.json format as npm, and can install any package from the npm registry.
So, in theory, any package.json
that is valid for npm should also work equally well for Yarn. Note that I say that npm v2 is probably less compatible - this is because npm migrated from a nested node_modules
structure to a flat layout (which is what Yarn uses). That said, Yarn and npm v3 should produce very similar layouts, because, as stated in the issue I linked:
To a first approximation we should try to be very compatible with the node_modules layout for people who need that compatibility, because it'll be the most likely way to avoid long-tail compatibility problems.
However, you will not be able to take advantage of the Yarn.lock generated by Yarn, because (as the name suggests) it's only supported by Yarn, and npm shrinkwrap
is not compatible.
Also, as noted by @RyanZim, older versions of Yarn don't support pre- and post-install hooks, but versions later than v0.16.1
do. If you rely on these hooks, you will need to specify to users that versions greater than v0.16.1
are required.
In summary, as long as you encounter no bugs and only use features that are shared by both package managers, you should have no issues whatsoever.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With