12 October 2016, USA :
Facebook announced today that they have open sourced Yarn, a backwards-compatible client for the npm registry. This joins a list of other third-party registry clients that include ied, pnpm, npm-install and npmd. (Apologies if we missed any.) Yarn’s arrival is great news for npm’s users worldwide and we’re happy to see it.
“We’ve used the NPM client successfully at Facebook for years, but as the size of our code base and the number of engineers grew, we ran into problems with consistency, security, and performance,” Facebook engineers Sebastian McKenzie, Christoph Pojer, and James Kyle said in a jointly authored statement. “After trying to solve for each issue as it came up, we set out to build a new solution to help us manage our dependencies more reliably.”
Yarn is a new package manager that replaces the existing workflow for the npm client or other package managers while remaining compatible with the npm registry. It has the same feature set as existing workflows while operating faster, more securely, and more reliably.
The primary function of any package manager is to install some package — a piece of code that serves a particular purpose — from a global registry into an engineer’s local environment. Each package may or may not depend on other packages. A typical project could have tens, hundreds, or even thousands of packages within its tree of dependencies.
These dependencies are versioned and installed based on semantic versioning (semver). Semver defines a versioning scheme that reflects the types of changes in each new version, whether a change breaks an API, adds a new feature, or fixes a bug. However, semver relies on package developers not making mistakes — breaking changes or new bugs may find their way into installed dependencies if the dependencies are not locked down. Source/Image- Facebook Blogpost
