There were times when we had only npmbut it had so many issues with resolving dependencies and caching that another tool has born (yarn). Usually it was using local cache to resolve dependencies and it was crucial for example while running CI jobs which are almost always ran in same environment and high bandwidth is costly as you pay for data in cloud services. That means in old npmversions when you ran npm installand you had lets in deps

有时我们只有npm但它在解决依赖项和缓存方面存在很多问题，因此另一个工具诞生了（yarn）。通常它使用本地缓存来解决依赖关系，例如在运行 CI 作业时，这些作业几乎总是在相同的环境中运行并且高带宽成本很高，因为您需要为云服务中的数据付费。这意味着在旧npm版本中，当你运行时npm install你有让在 deps

First note

第一个注意

Please understand that yarnwas built on the top of npmpackages and https://www.npmjs.com/that means they are both using NPMregistry for resolving packages. so if you run npm install [email protected].or yarn add [email protected].you will get very same result

请理解它yarn是建立在npm包和https://www.npmjs.com/之上的，这意味着它们都使用NPM注册表来解析包。所以如果你运行npm install [email protected].或者yarn add [email protected].你会得到非常相同的结果

Incremental install

增量安装

[email protected]

On every new build both dependencies were again downloaded from internet. Yarn uses yarn.lockunderneath and it is comparing your package.jsonfile with yarn.lockand determines which packages needs to be fetched additionally to only incrementally install new dependencies

在每次新构建时，这两个依赖项都再次从 Internet 下载。Yarnyarn.lock在下面使用，它会将您的package.json文件与yarn.lock并确定需要额外获取哪些包以仅增量安装新的依赖项

Multithreading

多线程

yarnoffers parallel installation of packages which are not dependent in threads. It can lower installation time to 1/10 of time from npm install

yarn提供不依赖于线程的软件包的并行安装。它可以将安装时间降低到 1/10npm install

Version locking

版本锁定

As said before yarngenerates yarn.lockafter each installation which persists ALL versions of installed packages (as you probably know a package can have dependencies and a dependency can also have its own dependencies) so it can build up infinite tree of dependencies which can lead to very bad conflicts. Let's imagine this scenario

如前所述，每次安装后都会yarn生成yarn.lock，它会保留所有版本的已安装包（你可能知道一个包可以有依赖项，一个依赖项也可以有自己的依赖项）所以它可以建立无限的依赖树，这可能会导致非常严重的冲突. 让我们想象一下这个场景

 - lodash^1
 - [email protected]
 - - [email protected]
 - [email protected]
 - - [email protected]

Imagine scenario when maintainer of another_moduledecides to bump lodash to breaking changes version 1.2.0what can happen is that npmin old days could fetch 2 different instances of same library, and 2 different version which could lead to extremely weird behavior. Because as you don't have exact lock in your module (you accept any semver version ^1.x.x and ^2.x.x so that means both sub modules would satisfy your requirements but fetch different version. Yarn will lock your yarn.lockAT THE TIME OF AN ADDING new package to the project, that means when other developers on your project will checkout the project he will also have same yarn.lockand yarnwill ultimately "mimic" the state of package how they were installed when you committed yarn.lockon other hands NPMjust looks to the semver satisfaction and can fetch 2 different version for 2 developers (assuming that in time packages are upgrading)

想象一下，当维护者another_module决定将 lodash 更改为破坏性更改版本时1.2.0，可能发生的情况是，npm在过去可能会获取同一库的 2 个不同实例，以及 2 个不同的版本，这可能会导致极其奇怪的行为。因为您的模块中没有精确锁定（您接受任何 semver 版本 ^1.xx 和 ^2.xx，因此这意味着两个子模块都可以满足您的要求，但获取不同的版本。Yarn 将锁定您的yarn.lockAT THE TIME OF向项目添加新包，这意味着当您项目的其他开发人员签出该项目时，他也将拥有相同的包yarn.lock，yarn并最终“模仿”包的状态，当您yarn.lock在其他手上提交时，它们是如何安装的NPM只看 semver 满意度，可以为 2 个开发人员获取 2 个不同的版本（假设及时包正在升级）

Final note

最后说明

There has been a lot of work from npmguys as they released npm@5and I think all statements are now just reasons WHY yarnwas created and which problems it was solving at the time, but I think at current date, it is no big difference between those 2 nowadays

目前已经有很多下班的npm人，因为他们发布的npm@5，我想现在所有的报表都只是原因yarn被创造和问题，这是解决的时候，但我认为在当前的日期，它是那些2时下之间没有大的区别