Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Yarn vs Npm - "works on my machine" - clarification?

Tags:

javascript

node.js

npm

yarnpkg

I'm new to yarn and something caught my eyes while reading this article which states :

Deterministic:
The same dependencies will be installed the same exact way across every machine regardless of install order. Yarn resolves "works on my machine" issues around versioning and non-determinism by using lockfiles and an install algorithm that is deterministic and reliable

Question:

I don't understand : When I write npm install it looks at the package.json and installs the exact version and each version also installed its dependencies according to its own package.json and so on and so on

So what's the difference (regarding this aspect)

An example of scenario for "thing that can go wrong in npm while not in yarn" will be much appreciated

like image 734
Royi Namir Avatar asked Jan 01 '18 08:01

Royi Namir

1 Answers

The package.json file often contains the minimum version required of a dependency. For instance, you could have "^1.0.0", which matches with version 1.0.0 or any minor releases.

{ "name": "my_package", "version": "1.0.0", "dependencies": { "my_dep": "^1.0.0" } }

When you run npm install, it could install the version 1.0.0, 1.1.0, 1.2.0 etc of "my_dep", because all those versions meet the requirements of package.json. You could end up with version 1.0.0 on your local machine and 1.1.0 on your test environment.

Yarn creates a yarn.lock file automatically to make sure you always install the same version of "my_dep". It generates something like this:

# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1
my_dep@^1.0.0:    
version "1.1.0"
resolved "https://registry.npmjs.org/my_dep/-/my_dep-1.1.0.tgz#a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0"

Yarn will use this file to resolve "my_dep" to version 1.1.0, even if there is a new version (1.2.0) available.

All yarn.lock files should be checked into source control (e.g. git or mercurial). This allows Yarn to install the same exact dependency tree across all machines, whether it be your coworker’s laptop or a CI server.

References:

https://docs.npmjs.com/getting-started/using-a-package.json

https://docs.npmjs.com/getting-started/semantic-versioning

https://yarnpkg.com/en/docs/yarn-lock

like image 140
DevMonster Avatar answered Oct 05 '22 21:10

DevMonster
Sign in to Comment

Related questions

angularjs 1.5 : How to identify what is getting leaked and fix the leak?
Is it possible to enable JS object intellisense in prototype accessors in Visual Studio Code?
Why doesn't iPhone's Safari trigger changed event on input type=file?
Communication between created Iframe and extension, google chrome extension
standard js, flow type defintions always undefined
Retrieve LinkedIn access token
SweetAlert2, .then() - not updating DOM immediately
Duplicate key error in Mongoose' findOneAndUpdate and upsert
What is a JSON-safe object?
Why is a browser not always finishing rendering of the preceding HTML, before executing JavaScript?
Google Maps Javascript API tilt view differs from the one on www.google.com/maps
Fetch API Download Progress Indicator?
Rails .js.erb templates no longer work with Webpack
JS destructuring. How to deal with null or undefined values
How to list files in assets folder react-native
Angular 2+ Security; Protecting Lazy Loaded Modules on the Server
JS/TS decorators naming convention
Typescript path-mapping not being translated in node app
How to validate dynamically added ion-input in Ionic
JestJS: How to get different promise results of a mocked function and test for thrown error?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!