Almost a year ago we published the news Facebook Open Sources Yarn, a JavaScript Package Manager, introducing Yarn and the motivation behind its creation. The community has moved the project forward, releasing the first major version with workspaces, automatic merging, selective version resolution and many other features and fixes.
The main new features in Yarn 1.0 are:
- Workspaces – offering the ability to aggregate and install once multiple dependencies from various package.json files. This is done to enforce dependency synchronization.
- Auto-merge – merge conflicts in lock files can be automatically solved by running
yarn install
. - Selective version resolution – provides the ability to establish what version to use for the dependencies of a dependency.
- Improved interactive upgrade.
- The change log mentions many other features, improvements and bug fixes.
Yarn has received some traction after being open sourced last year. Facebook claims that "many large and small companies" are using it, including Twitter, Microsoft, Sentry, Expo and Kenzan with "improvements of 5x in install times." Also, over 190k GitHub projects include yarn.lock in their root directory and Yarn is used for over 3B package downloads a month. It also comes pre-installed with several CI tools including AppVeyor, CircleCI, and Travis CI. Facebook detailed a bit how they are using Yarn:
Here at Facebook, Yarn has been adopted across many codebases including the main Facebook app and website, Instagram, Oculus, and WhatsApp. Yarn supports hundreds of thousands of package installs on our systems every day. It was designed to scale even when a project has hundreds or thousands of direct or transitive dependencies. Installs are done quickly and securely using the offline mirror feature, and they are reliable and reproducible not only on the different machines of our engineers, but also across our continuous integration systems.
Facebook attributes the success of the package manager to the open source community with over 300 contributors of which 40 have made "impactful changes" in 2017. For the future, Facebook plans to integrate tools that deal with package change logs, semantic versioning, and version synchronization in related projects. They also want to work with npm to add support for two-factor authentication for enhanced security during the package upgrading process. They also promise not to introduce "breaking changes in minor or patch releases," and have a more streamlined release process.