What is Yarn

Yarn is a fast, reliable, and secure package manager for JavaScript, developed and released by Facebook in October 2016. It provides an alternative to npm (Node Package Manager) and addresses several issues that developers encountered with npm, particularly speed, security, and consistency.

Yarn manages the dependencies of your JavaScript project through a package.json file. It installs, updates, and manages packages from the npm registry, as well as allowing you to use other package registries.

Getting Started with Yarn

Installing Yarn

Before you can start using Yarn, you need to have it installed on your system. If you have npm installed, you can easily install Yarn globally by using the following command:

$ npm install -g yarn

This command tells npm to install Yarn globally on your system, meaning it will be accessible from any directory.

Once you've installed Yarn, you can verify the installation and check the version with the following command:

$ yarn --version

This command will display the version of Yarn that's currently installed on your system.

Creating a New Project with Yarn

To create a new project with Yarn, first, navigate to the directory where you want to create the project. Then, use the yarn init command. This command creates a new package.json file, which is used to manage your project's dependencies:

$ yarn init

You'll be asked several questions about your project (like its name, version, description, entry point, etc.). If you're not sure about any of these, it's safe to press enter and accept the defaults.

Adding Dependencies with Yarn

To add a dependency to your project, you can use the yarn add command followed by the package's name. For example, to install the express package, you would run:

$ yarn add express

This command adds express to your package.json file under dependencies and installs the express package in your node_modules folder. If you want to install a specific version of a package, you can specify the version number like so:

$ yarn add express@4.17.1

If you want to add a package as a development dependency (a package that's only needed for development, like a testing library), you can do so with the -D flag:

$ yarn add -D jest

This command adds jest to your package.json file under devDependencies.

Adding Dependencies globally

To install a package globally on your system, use the global keyword with the yarn add command.

$ yarn global add [package-name]

Upgrading a package

To upgrade a package, use the yarn upgrade command followed by the package name.

$ yarn upgrade [package-name]

Removing a package

To remove a package from your project, use the yarn remove command followed by the package name.

$ yarn remove [package-name]

Running scripts

If you have scripts defined in your package.json file, you can use the yarn run command followed by the script name to run them.

$ yarn run [script-name]

Yarn.lock File

The yarn.lock file is a crucial component of a Yarn-managed project. This file, automatically generated when dependencies are added, is responsible for ensuring consistency in package installations across different environments.

When Yarn adds a dependency, it uses yarn.lock to lock down the exact version of the package and its dependencies. This means that every install will be identical, regardless of minor or patch updates released to those packages after the lock file was created.

This deterministic approach ensures that the project behaves the same way on all machines, reducing "but it works on my machine" type of issues. It also aids in debugging problems, since developers can be sure they're working with the same package versions.

Reading Yarn.lock File

The yarn.lock file is a text file that maps a package name and version to a precise installed version. Here's an example of what you might see:

commander@2.20.0:
  version "2.20.0"
  resolved "https://registry.yarnpkg.com/commander/-/commander-2.20.0.tgz#57a4dd71ab0bf4b4bfcfc0511f1e8217c2076512"
  integrity sha512-7j2y+40w61zy6YC2iRNpUe/N9+26Xzur40a6e34UgaJC2Qi2E7+bTwZdujJIq0G6tXJ+8UU/EgkWR7uXR4mErg==

Each package in the yarn.lock file has a block like this. In this example, commander@2.20.0 is the dependency. It shows the exact version installed (2.20.0), the URL where it was downloaded from, and a SHA512 hash for integrity check.

The yarn.lock file should be committed to your version control system (like Git) to ensure that other developers on the project and your deployment systems use the exact same dependencies.

To update the yarn.lock file, you can use the yarn upgrade command, which updates the versions of all the dependencies in the package.json file according to the version ranges specified in it and also updates the yarn.lock file.