When comparing npm + Browserify vs Yarn, the Slant community recommends npm + Browserify for most people. In the question“What are the best open source front-end package managers?” npm + Browserify is ranked 1st while Yarn is ranked 3rd. The most important reason people chose npm + Browserify is:
If you're using node.js as your backend, you gain a lot of flexibility by using the same package manager for the frontend and backend, making it much easier to share code without adding one more tool to an already large toolbase.
Ranked in these QuestionsQuestion Ranking
Pros
Pro Best way to share code with the backend
If you're using node.js as your backend, you gain a lot of flexibility by using the same package manager for the frontend and backend, making it much easier to share code without adding one more tool to an already large toolbase.
Pro Huge active ecosystem
Npm gains a lot from its large community, and the activity from node.js gives npm the largest set of active repositories. Since so many people already use npm, chances are the library you need has already been added to npm, and many new authors are writing their libraries with npm in mind.
Pro Client side shims provided by Browserify
Browserify provides client side versions of non I/O related built in npm modules. This allows you to use the path manipulation, crypto, and zip libraries on the client side.
Pro Support multiple bundles
Browserify allows splitting up bundles among multiple pages to get the benefit of caching for shared, infrequently-changing modules, while still being able to use require().
Pro All modules must implement CommonJS modules which leads to cleaner dependency management
Because all npm modules need to follow the CommonJS format, it's much easier to set up dependencies through the require function.
Pro Easy to create bundles
Because of the nature of Browserify, it's easy to require
different dependencies and concatenate them into one minified file.
This helps with performance and load times, especially for mobile devices.
Pro Can also flatten the dependency tree with dedupe
npm dedupe lets you flatten the dependency tree.
Npm has a very handy dedupe tool. What this tool does is that it checks the dependency tree to find modules that depend on third dependencies. If a suitable version for all modules exists, it keeps that version and deletes any other versions that are not needed.
For example, in this dependency graph:
a
+-- b <-- depends on c@1.0.x
| -- c@1.0.3
-- d <-- depends on c@~1.0.9
-- c@1.0.10
dedupe will transform it to:
a
+-- b
+-- d
-- c@1.0.10
What it did was to make sure that both b
and d
got their dependency met by a single c
module. It then deleted all the unneeded versions of the c
module.
Pro Browserify shim allows you to use non Common JS formatted packages
Browserify shim is a transformation extension for Browserify that lets you load in libraries that do not follow the Common JS structure (using an exports module). This allows you to explicitly define what globally defined variables should be exposed by a require
statement so you can control how you load in these poorly formatted libraries safely without polluting the global scope.
Because the Common JS style loads in required libraries within a closure, any variables defined in a library will not pollute the global scope. Browserify shim lets you define which variables defined within that closure to map to the exports
variable that Common JS expects in a safe and explicit way through declarations in your project's package.json
file.
Pro Can include HTML, CSS and images as well
Packages hosted with NPM do not include just JavaScript. Other assets, like static ones (HTML, CSS and images) are included.
Pro The same results will be yielded every time yarn is run in a repository
One of the most important aspects of Yarn is determinism (predictability). The lock file ensures that the same dependencies will always be installed in the same way and order regardless of the machine for a given repository.
Pro Can tell you why a package was installed
yarn why <query>
can tell you why a package was installed and what other packages depend on it.
Pro Good network performance
Yarn efficiently queues up requests and avoids request waterfalls in order to maximize network utilization.
Pro Offline mode
If you've installed a package before, you can install it again without any internet connection.
Pro Flat Mode
Resolve mismatching versions of dependencies to a single version to avoid creating duplicates.
Pro Multiple registries
Install any package from either npm or Bower and keep your package workflow the same.
Pro Network resilience
A single request failing won't cause an install to fail. Requests are retried upon failure.
Pro Good documentation
It looks like it has good documentation.
Pro Security is put at the forefront
Even though it's still in its early stages of development, security is one of the core values on which Yarn is built. It uses checksums to verify the integrity of every package before executing its code. This also helps avoiding errors related to faulty caching or captive portals.
Further steps are also being taken to improve the security of Yarn which will be implemented in the future.
Pro Built by the community for the community
Even though it's backed by Facebook, Yarn is built as a community project first and foremost. It's completely open source and hosted on Github. It's released under a standard open source client and has its own GitHub organization and set up to work under the same governance model that other successful projects have used in the past, such as Rust and Ember.
All of this means that both existing and new contributors will always work together to improve the product and introduce new features while also keeping in mind suggestions coming from the community.
Pro Backed by Facebook and Google
Was created in a collaboration of Facebook with Exponent, Google and Tilde.
Cons
Con Familiarity with Node is required
Browserify's documentation assumes that you have some familiarity with Node before starting to work with it. Some methods are not explained very thoroughly and others are assumed to be already known by the developer.
For example, Node's module.exports
is not explained, it's just mentioned that browserify modules can be exported using it. Which is fine, but for a developer not used with Node, or a front-end engineer that has never used Node it can be confusing.
Con Does not guarantee reproducible builds
Con Needs to create a bundle in every change
That makes debugging more difficult and requires extra time to create the bundle again for every change.
Con Post-install scripts
Packages shouldn't need post-installing. They should be an enclosed unit. This is another potential attack vector.
Con Potentially hijacked and malicious packages
Con Takes up disk space
Yarn adds to your disk space usage since it stores dependencies locally.