"We've used the NPM client successfully at Facebook for years, but as the size of our code base and the number of engineers grew, we ran into problems with consistency, security, and performance," Facebook engineers Sebastian McKenzie, Christoph Pojer, and James Kyle said in a jointly authored statement. "After trying to solve for each issue as it came up, we set out to build a new solution to help us manage our dependencies more reliably."
While NPM has been dependable, it can break down in large-scale code bases, Facebook said. Yarn replaces NPM in existing workflows while maintaining access to the popular NPM registry.
Npmjs.com, which provides the NPM registry, is paying close attention to Yarn. "We haven't had time to run extensive tests on the compatibility of Yarn," the company noted, "but it seems to work great with public packages. It does not authenticate to the registry the way the official client does, so it's currently unable to work with private packages. The Yarn team is aware of this issue and have said they'll address it."
Yarn also offers another take on NPM's shrinkwrap feature and "clever" performance work, Npmjs said. "We've also been working on these specific features, so we'll be paying close attention."
Npmjs raised the question of whether Yarn was forking the community, but noted Yarn users remain part of the NPM community and Yarn was not a fork. "Yarn publishes to NPM's own registry by default, so Yarn users continue to be part of the existing community and benefit from the same 350,000-plus packages as users of the official NPM client. Yarn pulls packages from registry.yarnpkg.com, which allows them to run experiments with the Yarn client. This is a proxy that pulls packages from the official NPM registry, much like npmjs.cf."