In the blog post announcing yarn (an alternative npm client) they say, "The easiest way to get started is to run npm install -g yarn". But if you go to the "install yarn" page in their docs, "npm install yarn" isn't listed on any of the platform-specific installation pages, and it's only offered as the third of three options on the "Alternatives" page. Furthermore when you npm install yarn it prints a deprecation warning, "It is recommended to install Yarn using the native installation method for your environment." So my question is if npm install is the easiest installation method, why isn't it a recommended method in their docs? Are there disadvantages to installing yarn using npm?
According to the Yarn project maintainers, installing Yarn via npm goes against the goals of the project, can cause issues, and is, in general, worse than platform-specific installation methods.
Advantages to recommended platform-specific installation:
The Yarn teams regards npm as insecure and unreliable. From the "Install via npm" section on Yarn's "Installation" page:
Note: Installation of Yarn via npm is generally not recommended. Installing Yarn with npm is non-deterministic, the package is not signed, and the only integrity check performed is a basic SHA1 hash, which is a security risk when installing system-wide apps.
For these reasons, it is highly recommended that you install Yarn through the installation method best suited to your operating system.
Running Yarn, which is a separate package manager utility, via npm can lead to edge-case issues (see issue 2072)
- Installing via a system package manager decouples Yarn from npm, allowing you to run Yarn without npm
- The system package manager typically runs regularly, keeping Yarn updated
- Installing Yarn via npm is slow
Advantages to npm install -g yarn:
- Quick and easy (
npm install -g yarn) - Can be done in any npm environment (platform-agnostic)
- Familiar paradigm and process for Node.js developers
- Can be easily updated (
npm update -g yarn)- A Yarn update command exists (
yarn self-update) but it seems to be broken
- A Yarn update command exists (
- No dependence on system package managers
- Can use different versions of Yarn for different projects or different versions of Node.js via
nvm
The system package manager arguments for the recommended installation tend to break down when referring to Windows, where there is no official package manager (unless you count Windows Update). Also, Windows package managers such as Chocolatey are often not configured for automatic updates.
I'm not sure that I fully agree with the Yarn team's decision on this, but they do make some fair points. The Yarn project is still young and if it is to become a replacement for npm then it wouldn't make sense to encourage npm as its primary installer.
Regardless, installations via npm seem to work just fine for now in most cases.
Sources:
There's no visible disadvantage to installing Yarn through npm. In fact I chose this method myself because of a few reasons:
- It's clearly the easiest way to do it.
npm i --global yarnand you can literally replacenpmwithyarnon your console immediately. - If you're using
nvmand maintaining different code projects on each NodeJS version, then you can install Yarn on one version and not have it on the other - Honestly, the only reason I can think of that it is not mentioned in the Platform Specific installs, is that npm is platform agnostic
Because npm is not platform specific and runs on almost any system it is listed as an Alternative. There is no advantage or disadvantage over the platform specific installs. The difference would be the install location but all methods expose the global yarn command to your CLI.
I would argue they listed it as "the easiest way" because most people are already very familiar with npm.
来源:https://stackoverflow.com/questions/40025890/why-wouldnt-i-use-npm-to-install-yarn