javascript - When to use Yarn over NPM? What are the differences?

Question

What are the differences between Yarn and NPM? At the time of writing this question I can only find some articles on the Internet showing what's the Yarn equvalent of an NPM command like this.

Do they have the same functionalities (I know Yarn does local caching and looks like you only need to download a package once) but other than this is there any benefits for moving from NPM to Yarn?

Answer 1

UPDATE: March 2018 (bit late...)

Since version 5, npm

• generates a 'lockfile' called package-lock.json that fixes your entire dependency tree much the same way the yarn (or any other) locking mechanism does,
• A tool has been made
• --save is now implied for npm i
• Better network and cache usage

npm 5.7.0 further introduced the npm ci command to install dependencies more quickly in a continuous integration environment by only installing packages found in the package-lock.json (reporting an error if the package-lock.json and package.json are not synchronized).

Personally, I still use npm.

---

Original

I am loathe to quote directly from docs, but they do a great job of explaining why, concisely enough that I don't see how to further summarize the ideas.

Largely:

1. You always know you're getting the same thing on every development machine

2. It paralellizes operations that npm does not, and

3. It makes more efficient use of the network.

4. It may make more efficient use of other system resources (such as RAM) as well.

What are people's production experiences with it? Who knows, it's an infant to the general public.

TL;DR from Yehuda Katz:

From the get-go, the Yarn lockfile guarantees that repeatedly running yarn on the same repository results in the same packages.

Second, Yarn attempts to have good performance, with a cold cache, but especially with a warm cache.

Finally, Yarn makes security a core value.

Nice blog post

“NPM vs Yarn Cheat Sheet” by Gant Laborde

Slightly longer version from the project:

Fast: Yarn caches every package it downloads so it never needs to again. It also parallelizes operations to maximize resource utilization so install times are faster than ever.

Reliable: Using a detailed, but concise, lockfile format, and a deterministic algorithm for installs, Yarn is able to guarantee that an install that worked on one system will work exactly the same way on any other system.

Secure: Yarn uses checksums to verify the integrity of every installed package before its code is executed.

And from the README.md:

• Offline Mode: If you've installed a package before, you can install it again without any internet connection.
• Deterministic: The same dependencies will be installed the same exact way across every machine regardless of install order.
• Network Performance: Yarn efficiently queues up requests and avoids request waterfalls in order to maximize network utilization.
• Multiple Registries: Install any package from either npm or Bower and keep your package workflow the same.
• Network Resilience: A single request failing won't cause an install to fail. Requests are retried upon failure.
• Flat Mode: Resolve mismatching versions of dependencies to a single version to avoid creating duplicates.
• More emojis. ??