Thoughts about migrating to Yarn?

The last attempt was a few years ago: Refactor #17581: Migrate from npm to yarn - Foreman
and it seems to fail because of the DataTable package: Bug #20571: javascript error: DataTable is not a function on production - Foreman

does someone have any concerns with using Yarn?
Is there anyone who would like to volunteer for it?

Thanks :pray:


What is the benefit of using yarn over npm?

Reading a bit about it in Yarn vs npm - Best Package Manager 2021 - positronX.IO

I am pasting some quotes here so people can comment on each:

Yarn.lock File – the version numbers that are available in the package.json can at times get messy but the presence of the yarn.lock file allows getting rid of the mess. The very moment you add a set of the module, Yarn quickly updates a yarn.lock file, which is similar to the Gemfile.lock in Ruby.

Package Installation – on the second point of Yarn vs npm, when the installation of a package is going on npm tends to perform the essential steps sequentially which means that each of the packages will need to be installed fully before going on to the next. Yarn is capable of helping in multiple installations that can be done at the same time which brilliantly changes the speed.
This is something very similar that we can see in HTTP/2.

Speed – In a comparison of speed, Yarn is much quicker and faster than most of the npm versions which are below the 5.0 versions. The npm developers have mentioned that npm 5.0 is 5 times faster than most of the earlier versions of the npm modules.

Security – one of the essential aspects of the Yarn vs npm comparison is security. npm automatically executes a code which allows the other packages to get included into the fly. This results in several vulnerabilities in the security system, and it can cause severe problems later on. On the other hand, Yarn installs those files which are only from the yarn.lock or package.json files. Therefore it has been deemed as more secured than npm packages.

Disadvantages of Yarn
yarn is not considered as a standalone application but an improvement of npm. Using npm and yarn can bring out different issues. Yarn is also responsible for taking up a lot of hard disk space. Since Yarn is a comparatively newer package, and therefore many people are much sceptical about using Yarn over npm because it is much older.

However, with time, Yarn is becoming more popular than npm, and with much better security updates and stability, it will overtake npm in the coming days.

1 Like

The workspaces feature sounds very useful to us. It looks like it supports globs so we can use plugins/* and as long as we have checkouts/symlinks in the right place, we can actually install all dependencies for all plugins. Right now with NPM that’s really hacky. Note that I have no experience with it, but it’s a functionality that looks useful to us.

Maybe we can emulate bundler’s groups as we well and make (for example) a lint workspace. In packaging we can simply delete the workspace and not deal with it. See 3.0 cherry-picks of the NodeJS speedup for packaging by evgeni · Pull Request #8736 · theforeman/foreman · GitHub</ for the hacks we apply today to work around NPMs limitations.


Maybe we could have npm and yarn at the same time, switching right away to yarn could cause many issues (or not?), but having the option to switch between those two could give us more time to test.

Documentation Migrating from npm | Yarn says it should be possible.