Why wouldn't I use npm to install yarn? - node.js

In the blog post announcing yarn (an alternative npm client) they say, "The easiest way to get started is to run npm install -g yarn". But if you go to the "install yarn" page in their docs, "npm install yarn" isn't listed on any of the platform-specific installation pages, and it's only offered as the third of three options on the "Alternatives" page. Furthermore when you npm install yarn it prints a deprecation warning, "It is recommended to install Yarn using the native installation method for your environment." So my question is if npm install is the easiest installation method, why isn't it a recommended method in their docs? Are there disadvantages to installing yarn using npm?

Edit (2020/11/23):
Thanks to #Kissaki for providing an update on Yarn's advice in the comments.
As of Yarn 2.x, the Yarn team has altered their advice and now suggests installing the tool via npm. This advice centers around the advantages of locking the version of Yarn used on a per-project basis. This allows projects to be resilient to variations between versions of Yarn.
From the new Yarn "Installation" page:
Using a single package manager across your system has always been a
problem. To be stable, installs need to be run with the same package
manager version across environments, otherwise there's a risk we
introduce accidental breaking changes between versions - after all,
that's why the concept of lockfile was introduced in the first place!
And with Yarn being in a sense your very first project dependency, it
should make sense to "lock it" as well.
For this reason, Yarn 2 and later are meant to be managed on a
by-project basis.
This is similar to other methods of locking build tool versions on a per-project basis. See the Gradle Wrapper for an example.
The advantages of a standalone Yarn installation fall apart rather quickly, particularly with the Yarn team's change in direction. Installing via npm is now suggested, and instructions for standalone installations no longer appear to be offered on their site as of Yarn 2.x.
Original Answer:
According to the Yarn project maintainers, installing Yarn via npm goes against the goals of the project, can cause issues, and is, in general, worse than platform-specific installation methods.
Advantages to recommended platform-specific installation:
The Yarn teams regards npm as insecure and unreliable. From the "Install via npm" section on Yarn's "Installation" page:
Note: Installation of Yarn via npm is generally not recommended. Installing Yarn with npm is non-deterministic, the package is not signed, and the only integrity check performed is a basic SHA1 hash, which is a security risk when installing system-wide apps.
For these reasons, it is highly recommended that you install Yarn through the installation method best suited to your operating system.
Running Yarn, which is a separate package manager utility, via npm can lead to edge-case issues (see issue 2072)
Installing via a system package manager decouples Yarn from npm, allowing you to run Yarn without npm
The system package manager typically runs regularly, keeping Yarn updated
Installing Yarn via npm is slow
Advantages to npm install -g yarn:
Quick and easy (npm install -g yarn)
Can be done in any npm environment (platform-agnostic)
Familiar paradigm and process for Node.js developers
Can be easily updated (npm update -g yarn)
A Yarn update command exists (yarn self-update) but it seems to be broken
No dependence on system package managers
Can use different versions of Yarn for different projects or different versions of Node.js via nvm
The system package manager arguments for the recommended installation tend to break down when referring to Windows, where there is no official package manager (unless you count Windows Update). Also, Windows package managers such as Chocolatey are often not configured for automatic updates.
I'm not sure that I fully agree with the Yarn team's decision on this, but they do make some fair points. The Yarn project is still young and if it is to become a replacement for npm then it wouldn't make sense to encourage npm as its primary installer.
Regardless, installations via npm seem to work just fine for now in most cases.
Sources:
npm vs system package manager explanation
Additional explanation
Short comment on the "app" vs "npm package" goal for Yarn
Issue on how to keep Windows Yarn up to date

There's no visible disadvantage to installing Yarn through npm. In fact I chose this method myself because of a few reasons:
It's clearly the easiest way to do it. npm i --global yarn and you
can literally replace npm with yarn on your console immediately.
If you're using nvm and maintaining different code projects on each NodeJS version, then you can install Yarn on one version and not have it on the other
Honestly, the only reason I can think of that it is not mentioned in the Platform Specific installs, is that npm is platform agnostic

Because npm is not platform specific and runs on almost any system it is listed as an Alternative. There is no advantage or disadvantage over the platform specific installs. The difference would be the install location but all methods expose the global yarn command to your CLI.
I would argue they listed it as "the easiest way" because most people are already very familiar with npm.

I don't use npm to install yarn because: as of May 2022, installing on ubuntu according to the official documentation of nvm and Yarn via npm breaks capistrano scripts.
bash: yarn: command not found
Yarn works in the ssh terminal session.
Detailed Description "Why does something work in my SSH session, but not in Capistrano?" https://capistranorb.com/documentation/faq/why-does-something-work-in-my-ssh-session-but-not-in-capistrano/
So I removed the default install of nvm nodejs yarn,
$ npm uninstall -g yarn
$ nvm deactivate
$ nvm uninstall 16.15.0
$ nvm unload
$ rm -r ~/.nvm
and installed yarn like this:
$ curl -sL https://deb.nodesource.com/setup_16.x | sudo -E bash -
$ curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/yarnkey.gpg >/dev/null
$ echo "deb [signed-by=/usr/share/keyrings/yarnkey.gpg] https://dl.yarnpkg.com/debian stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
$ sudo apt-get update && sudo apt-get install yarn
$ node -v
v16.15.0
$ npm -v
8.5.5
$ yarn -v
1.22.19
Capistrano scripts are now working.

Related

Any Conflicts With Running Both NPM and Yarn Globally

I have been using NPM exclusively for my projects and was assigned another project that requires using Yarn. I need to have support for both and will frequently switch back and forth on projects.
Are there any known issues with installing yarn globally and still using NPM on other projects?
super awesome, there are no such conflicts using yarn and npm together.
because yarn and npm both have different installation directories.
for global packages, you can use both, but don't forget to stick to one. we use yarn for our production.
for non-global packages, it is beneficial to stick to what the project author uses.
it becomes difficult sometimes if you have yarn.lock and package.lock file together, because there is a risk of being out of sync. for example, someone updated one package using yarn, someone will not get that changes who use npm and so on.
Yarn and npm are interchangeable. As long as you use the same one each time, there is no difference between them. They have different install directories, which is why they can't be used together. Yarn will install a package, npm can't find it. npm will install a package, yarn can't find it.
it is a more beneficial and good habit to use one package for each project to make sure that all packages are installed correctly, Having half your packages installed with yarn will stop npm start from working; having half your packages installed with npm will stop yarn start from working.
also always use the same one for global too, it does not matter what you use yarn or npm. it does not matter to your global install.

spawn yarnpkg ENOENT

This happens when I run expo install expo-permissions
It explicitly returns me
Installing 1 SDK 35.0.0 compatible native module using Yarn.
yarn add expo-permissions#~7.0.0
spawn yarnpkg ENOENT
Set EXPO_DEBUG=true in your env to view the stack trace.
Which is strange because I don't normally use Yarn. I use NPM to install dependencies.
I know this error has to do with my files or some path not being configured correctly. What I don't know is which path it is that I have to change and how to do so.
Please let me know if there is any other relevant info that I should add here.
I had the same problem as you my solution and you perform the installation of yarn via npm:
npm i -g yarn
I believe this error is caused because he cannot find the symbolic link for yarnpkg. When executing this command, yarn will be updated and linked.
You can just pass the flag --npm after the command.
expo install [package-name] --npm
Best solution for this would be using --npm flag
Example:
expo install pkname --npm,
expo update --npm,
expo upgrade --npm,
This is happened because you haven't executed yarn install or yarn command.
Yes, I tried many ways and finally, I found the solution.
The issue was different yarn package version.
So first of all, you need to upgrade yarn version lastest.
open terminal and type the following.
npm install --global yarn
expo update
Hope this solve your issue.
I had a similar problem. You should install yarn in your system, since that's what Expo CLI is trying to execute to install packages. For me my issue was that I did had yarn but I had an old version. I had to update my yarn version to 1.19.0. If you install this version it should work correctly.
I recommend using yvm to install and manage different versions of yarn. After you install yvm it is as easy to install yarn as yvm install <version>, so in this case you would do yvm install 1.19.0. And if you ever have to change versions because another project doesn't work with 1.19.0 (sometimes it happens) you can just install another version and change between versions by doing yvm use <version>.
Hope this helps!
This worked for me:
Latest Yarn Installation (from here)
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
sudo apt update && sudo apt install yarn
sudo apt update && sudo apt install --no-install-recommends yarn
Add this to your profile: export PATH="$PATH:/opt/yarn-[version]/bin" (the path may vary depending on where you extracted Yarn to)
In the terminal, log in and log out for the changes to take effect
yarn --version checks if the version is latest (1.0+).
Then expo update <version> (ex: 36.0.0)
Concideration:
Do not forget to check if you give attention to similar warning: "warning package-lock.json found. Your project contains lock files generated by tools other than Yarn."
"spawn yarnpkg ENOENT" usually indicates that the system cannot find the "yarnpkg" command.
npm i -g corepack
This worked for me.
For nextjs you can try this as I found out that I am npx not yarn same as how I start npx expo start
npx expo update

Install Yarn after NPM

I need some help and clarification regarding Yarn installation process.
MacOS ver. 10.14.2
I've installed Homebrew via official site (ver. 2.0.1).
I've installed NPM by downloading package from official site (ver. 10.15.1 LTS).
Now when I tried to install yarn via brew install yarn
I have the following error:
The post-install step did not complete successfully
You can try again using `brew postinstall node`
As I undertand, NPM installs node locally, when, for instance, I try to use create-react-app. When I use Homebrew to install yarn, it tries to install node globally. And we have conflict here.
I've found suggestion to use:
sudo chown -R `whoami`:admin /usr/local/
I am not entirely sure what this command does.
So, the questions are:
Why changing the owner of the folder should be a solution? How will it affect multi user system?
What is the correct way to install yarn?
Can be there any conflicts if node is installed globally and locally (app folder.)
P.S. Please correct me, if I have wrong understanding here.
As Trott points out, npm does not install Node. npm is a package manager that comes bundled with Node. If you install Node, you automatically install npm.
Why changing the owner of the folder should be a solution? How will it affect multi user system?
It's not. Changing the permissions of this folder is sometimes suggested as a workaround for when you have npm installed in a location owned by root. This can cause EACCES errors when you try to install packages globally.
What is the correct way to install yarn?
While you can install Yarn through the Homebrew package manager, I would recommend doing: npm install -g yarn.
Can be there any conflicts if node is installed globally and locally (app folder).
You can't install Node globally and locally. You can install multiple versions of Node on the same machine, however.
I'm not a big fan of having one global Node installation, as it makes it a pain to update (esp. if one application relies on an older version of Node) and, depending on how you install Node, it can lead to permissions errors.
The better way is to use a version manager. This will allow you to install multiple Node versions on your machine, avoid permissions errors and swap between these Node versions at will.
I would recommend using nvm. It works nicely on MacOS. The TL;DR for installing nvm is:
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.34.0/install.sh | bash
But I would encourage you to look at the project on GitHub and read its README. There is also a good tutorial on how to use it here.
Once you have Node installed using nvm, run npm install -g yarn to install Yarn globally and you should be off to the races.
Finally, you might want to read this tutorial on using npm, as it could help to clear up some of the concepts.
HTH
I have faced a problem after install yarn by running npm install -g yarn command in my OS Windows 10 Pro. That was showing yarn' is not recognized as an internal or external command operable program or batch file.
Whatever, I have found the solution:
After npm,
go to CMD from your windows PC,
write : *npm install -g yarn*
then,
Go to Environmental Variables set up.
Edit Path and add new and paste:
C:\Users\User\AppData\Roaming\npm\node_modules\yarn\bin\
Restart your terminal. And then check again in your cmd by running :
*yarn* or *yarn --version*

Changing from existing nodejs installation through apt to NVM

I am on Ubuntu 18.04 with existing NodeJS installed through apt.
(currently on version 9.11.1)
I want to uninstall this and switch to NVM without destroying other dependencies (like yarn) and preferrably my whole system. I need to do these cleanly and I don't want to risk missing a step. Can you please help me?
(nvm maintainer here)
You can install nvm on top of your system node, without losing anything (although node and npm themselves will be shadowed by the nvm-managed node).
Separately, you can run npm ls -g --depth=0 to get a list of your global modules, and then you can reinstall those after you've installed and activated an nvm-managed node.
If you installed yarn a different way than npm install -g yarn, then uninstalling your system node/npm shouldn't impact it.

Where does node.js put its files?

I have recently started playing with node.js, but I got lost in a big mess of different versions of node, npm, nvm and other packages. I don't know what is installed globally and what is installed locally (and if locally, how do the packages know which versions of node they can use?).
I'd like to have some summary of what different installation options do. In specific:
Where is node installed when I use nvm, apt-get, make install or when using other ways?
Is it a good idea to install node locally?
Why does nvm change my ~/.profile instead of installing itself in some system-recognizable bin folder?
I saw that nvm can install different versions of node alongside each other - why would I want to do this? I can install them locally instead, right?
Where does npm install packages? I saw that it checks packages aganist version of Node, what happens to these packages when node is upgraded?
In what cases it is better to use global or local installation? Where should I put my packages then (and where they put by default?)
What's the difference between npm, nvm and nave?
EDIT: There is a lot of ways to install node here, this makes me even more confused...
Where is node installed when I use nvm, apt-get, make install or when
using other ways?
apt-get installs all the software, not only node, on the file system following the Ubuntu convention where to store binaries, man files, shared files, logs, etc. However, using apt-get you'll have only the certain version of node which is determined by the distribution release cycle. If there are updates available they will be installed with apt-get update; apt-get upgrade However, the newest version of some app won't be available until it makes its way into the distribution. For example node v0.x.y might not be available until Ubuntu 13.10 the only way to get will be to install it manually. The good side of apt-get or other system package manager is that it manages updates and package removal for you. It stores all the data about the software package in it's own database. You can always delete the node with apt-get remove node and that's it.
make install install the package manually, but it is considered harmful. Never use the make install mainly because you won't be able to delete the package easily, you'll have to read the Makefile and manually delete all the files installed by it. In a situation where you want to use make install there is always checkinstall available. It's a software which creates a native package and registers it with the system. When you decide to delete the package you could do this with one command instead of many. wiki link; Ubuntu guide on checkinstall
Now nvm script is a node version manager. It is very helpful and easy to use. It allows you to have multiple versions of node to be installed and used in parallel on your machine. It doesn't compile the node from source like make install so it is very fast. it doesn't depend on your distribution release cycle so you have access to all the node versions available at the moment. nvm downloads precompiled binaries and is perfect for general use. It stores it's node files in it's own folder locally so in case you want to compare something between the different node versions it's easy to do.
Is it a good idea to install node locally?
If by locally you mean using nvm then it's very good for development, and testing. Not sure about production performance implications and benefits between having it's installed from source or using the nvm precompiled binaries. I use nvm for development and installed from source in production. However if someone could explain this issue any further I'll be glad to learn more.
Why does nvm change my ~/.profile instead of installing itself in some system-recognizable bin folder?
Because nvm isn't an executable. It is a set of bash functions which are sourced by shell and could be used separately. You can invoke nvm_ls and nvm_ls_remote and others without the main script after is is sourced into your shell. What the main script does it parses the command line arguments and pretty prints the output in case of for example `nvm_ls_remote'.
in the ~/.profile the following line is added
[[ -s /home/USERNAME/.nvm/nvm.sh ]] && . /home/USERANME/.nvm/nvm.sh # This loads NVM
loads all the functions into your shell
I saw that nvm can install different versions of node alongside each other - why would I want to do this? I can install them locally instead, right?
You can install them locally using make install or checkinstall but you will have to make aliases for them like node_0.8.1, node_0.8.2, node_0.10.1 , etc. AND you'll have to manage new aliases, installing all the packages, removing them in case you don't need them YOURSELF. These are a tedious and boring tasks which could be error prone sometimes. nvm does all of these tasks for you for free.
You want to do this to test your app under the different versions of node. For example you are good and tested under the v0.8 but you want to use the new features of the v0.10.3 how do you do that ? You have to download the source code, compile, make an alias and run your app. you could do this with just nvm install 0.10.3 and run your app.
Sometimes you have to support more than one version of node. For example some hosted environments are not keeping in touch with the latest release and only have v0.6 Your clients which use your server app might encounter a bug specific to this version. When you fix the bug you have to reproduce it first. Using nvm installation of the v0.6 is one line and half a minute. And you can check all the versions you want this way easily. Test your code under different versions and make sure you are good to go.
Where does npm install packages? I saw that it checks packages aganist version of Node, what happens to these packages when node is upgraded?
If you are using nvm the packages which are installed globally with -g option are tied to the relevant node version. When you switch between versions with nvm use 0.x you have to either install the packages again or use nvm copy-packages <version> to use the packages from in the current version. If the packages are installed locally then it depends. package.json should contain info on the dependencies of the app. If it says node: '0.8' and you just updated to 0.9 you might encounter troubles. For example the behavior of process.nextTick was changed in the latest releases compared to 0.6. So be careful.
In what cases it is better to use global or local installation? Where should I put my packages then (and where they put by default?)
It depends. For development nvm is superior in my opinion. For me it is convenient and simple. For production there are might be some performance implications when using the precompiled binary files not optimized for your system. It would be better to ask this as a separate question so the people with the relevant experience could answer.
What's the difference between npm, nvm and nave?
npm is a node package manager -> link It contains userland packages developed by other people. These packages are not part of the node core. npm is used for publishing your code and dependency management. If your app requires other app developed by other people it is convenient to publish it via npm.
nvm is a node version manager it does a completely separate thing. It gives you an ability to very easily switch between node versions on the same machine and manages all he changes in your $PATH environment variable.
Consider nvm as update manager for the Operation System and npm as a manager of the applications for this system. Well, this comparison isn't precise but just came upon my mind
nave is basically the same as nvm but it is an executable whereas nvm is a script which is sourced into the shell. Each system has it's own benefits. You could make a separate question regarding it's use cases and differences.
My answer isn't 100% complete and contains a lot of subjective personal opinions. However, I hope I'll at least make some points more clear so you might proceed with other more specific questions. Btw, this question list of yours could be asked as separate questions. I believe stackoverflow gives best results when specific questions are asked separately and more people with relevant experience could contribute.
If you run
npm install
in folder with package.json, it installs all packages localy (in the current folder).
Also, npm default install packeges local. To install it globaly - use -g flag:
npm install -g <package>
Execute next command:
npm config list
You see all npm config description.
You can install modules in the local context of your application with
npm install modulename
In this case the module will be installed to your node_modules folder of your application.
Otherwise you can install a module in the global context with
npm install -g modulename
In this case the module will be installed for the hole system environment usually at /usr/local/bin/modulename.
The global installation makes sense for modules you need in more than one application, like express or node-inspector.

Resources