Yarn 1.0 simplifies JavaScript dependency management

Posted on 07-09-2017 , by: admin , in , 0 Comments

Facebook’s Yarn, an alternative JavaScript package manager to NPM, has reached a 1.0 release, which features a workspaces capability to ensure the latest code is being used on engineering projects.

With workspaces, users transition their code base into a “mono-repository” to ensure that the most recent code gets used. Workspaces aggregate dependencies from package.json files and install them all at once. Also featured in Yarn 1.0 is auto-merging of lock files, whereby Yarn automatically resolves merge conflicts in lock files when working with multiple contributors pulling the same code.

A selective version resolutions capability streamlines the version control process to make sure code has the latest security updates and bug fixes. The aim is to address problems in which packages may receive important fixes or security updates but a project may not be a direct consumer of those dependencies. Other highlights in Yarn 1.0 include an improved upgrade experience, a quicker file integrity check, and a separate lock file parser module. Users also can defer to another Yarn binary for consistency.

Future plans for open source Yarn include working with NPM to provide two-factor authentication, to increase the confidence in packages being installed. Also eyed is a streamlined release process and tooling to ensure that no breaking changes are made in minor or patch releases.