Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why wouldn't I use npm to install yarn?

In the blog post announcing yarn (an alternative npm client) they say, "The easiest way to get started is to run npm install -g yarn". But if you go to the "install yarn" page in their docs, "npm install yarn" isn't listed on any of the platform-specific installation pages, and it's only offered as the third of three options on the "Alternatives" page. Furthermore when you npm install yarn it prints a deprecation warning, "It is recommended to install Yarn using the native installation method for your environment." So my question is if npm install is the easiest installation method, why isn't it a recommended method in their docs? Are there disadvantages to installing yarn using npm?

like image 208
Chris Arnesen Avatar asked Oct 13 '16 16:10

Chris Arnesen


People also ask

Can't npm install Yarn?

To solve the error "yarn: command not found", install the yarn package globally by running npm install -g yarn and restart your terminal. If the command fails, run it with sudo and make sure the correct PATH is set in your system's environment variable.

Can you install Yarn with npm?

The Yarn maintainers recommend installing Yarn globally by using the NPM package manager, which is included by default with all Node. js installations. Use the -g flag with npm install to do this: sudo npm install -g yarn.

Do you need npm for Yarn?

To start using Yarn, you need to install it using the MSI installer from the official website or a package manager such as Chocolatey, Scoop CLI, or NPM itself. Learn more in our guide to installing Yarn on Windows and installing Yarn on Ubuntu 18.04. NPM is included by default with the Node.

Should I use Yarn install or npm install?

As previously stated, Yarn installs dependency packages in parallel, whereas NPM installs them sequentially. As a result, Yarn outperforms NPM when installing bigger files. Both tools can save dependent files to the offline cache.

What is the difference between NPM and yarn-tools?

It is battle-tested, surprisingly flexible, and used by hundreds of thousands of JavaScript developers every day. NPM generates a correct lock file whereas a Yarn lock file could be corrupt in some cases and has to be fixed with yarn-tools A new package manager for JavaScript.

Why should I install yarn via a system package manager?

Advantages to recommended platform-specific installation: The Yarn teams regards npm as insecure and unreliable. Running Yarn, which is a separate package manager utility, via npm can lead to edge-case issues (see issue 2072) Installing via a system package manager decouples Yarn from npm, allowing you to run Yarn without npm

Where is “NPM install yarn” on the installation page?

But if you go to the “install yarn” page in their docs, “npm install yarn” isn’t listed on any of the platform-specific installation pages, and it’s only offered as the third of three options on the “Alternatives” page.

What is the difference between NPM install and NPM shrinkwrap?

In npm, the npm shrinkwrap command generates a lock file as well, and npm install reads that file before reading package.json, much like how Yarn reads yarn.lock first. The important difference here is that Yarn always creates and updates yarn.lock, while npm doesn’t create one by default and only updates npm-shrinkwrap.json when it exists.


1 Answers

Edit (2020/11/23):

Thanks to @Kissaki for providing an update on Yarn's advice in the comments.

As of Yarn 2.x, the Yarn team has altered their advice and now suggests installing the tool via npm. This advice centers around the advantages of locking the version of Yarn used on a per-project basis. This allows projects to be resilient to variations between versions of Yarn.

From the new Yarn "Installation" page:

Using a single package manager across your system has always been a problem. To be stable, installs need to be run with the same package manager version across environments, otherwise there's a risk we introduce accidental breaking changes between versions - after all, that's why the concept of lockfile was introduced in the first place! And with Yarn being in a sense your very first project dependency, it should make sense to "lock it" as well.

For this reason, Yarn 2 and later are meant to be managed on a by-project basis.

This is similar to other methods of locking build tool versions on a per-project basis. See the Gradle Wrapper for an example.

The advantages of a standalone Yarn installation fall apart rather quickly, particularly with the Yarn team's change in direction. Installing via npm is now suggested, and instructions for standalone installations no longer appear to be offered on their site as of Yarn 2.x.


Original Answer:

According to the Yarn project maintainers, installing Yarn via npm goes against the goals of the project, can cause issues, and is, in general, worse than platform-specific installation methods.


Advantages to recommended platform-specific installation:

  • The Yarn teams regards npm as insecure and unreliable. From the "Install via npm" section on Yarn's "Installation" page:

Note: Installation of Yarn via npm is generally not recommended. Installing Yarn with npm is non-deterministic, the package is not signed, and the only integrity check performed is a basic SHA1 hash, which is a security risk when installing system-wide apps.

For these reasons, it is highly recommended that you install Yarn through the installation method best suited to your operating system.

  • Running Yarn, which is a separate package manager utility, via npm can lead to edge-case issues (see issue 2072)
  • Installing via a system package manager decouples Yarn from npm, allowing you to run Yarn without npm
  • The system package manager typically runs regularly, keeping Yarn updated
  • Installing Yarn via npm is slow

Advantages to npm install -g yarn:

  • Quick and easy (npm install -g yarn)
  • Can be done in any npm environment (platform-agnostic)
  • Familiar paradigm and process for Node.js developers
  • Can be easily updated (npm update -g yarn)
    • A Yarn update command exists (yarn self-update) but it seems to be broken
  • No dependence on system package managers
  • Can use different versions of Yarn for different projects or different versions of Node.js via nvm

The system package manager arguments for the recommended installation tend to break down when referring to Windows, where there is no official package manager (unless you count Windows Update). Also, Windows package managers such as Chocolatey are often not configured for automatic updates.

I'm not sure that I fully agree with the Yarn team's decision on this, but they do make some fair points. The Yarn project is still young and if it is to become a replacement for npm then it wouldn't make sense to encourage npm as its primary installer.

Regardless, installations via npm seem to work just fine for now in most cases.


Sources:

  • npm vs system package manager explanation
  • Additional explanation
  • Short comment on the "app" vs "npm package" goal for Yarn
  • Issue on how to keep Windows Yarn up to date
like image 158
Mike Hill Avatar answered Sep 30 '22 06:09

Mike Hill