Gemnasium supports Yarn (and what it is)

You might have heard of Yarn before. It’s a new package manager for JavaScript.

Gemnasium now supports Yarn, and we have support for it coming in the next few days for Gemnasium Enterprise!

You can get your dependencies monitored for all your JavaScript projects using Yarn now. We’ll notify you if you use an outdated npm package or one that has security vulnerabilities, with details on how to fix it.

So, what’s Yarn?

The gist of it is that it’s a new package manager for JavaScript, which uses the same npm packages you know and love.

If it’s the same packages, why another format then?

It turns out that the people behind Yarn (Facebook, Google and other less known companies like Tilde) were pushing npm to its limits and faced some issues.

A quick word on Tilde: you might not know the company, but you might have heard about Yehuda Katz from Tilde who’s behind Bundler (Ruby package management), Cargo (Rust package management) or Ember (JavaScript framework) to name only that.

Back to Yarn.

One of the issues of the npm client is that it’s not deterministic. That means that running it multiple times could yield different results. Yes, you read that right.

Yarn is deterministic. No matter when in time or on what laptop or server you run yarn, you will get the same packages.

It’s faster, more reliable and more secure. It also can work offline if you’ve installed a package before.

You can learn a lot more about it on the official site or read more about it here and here.

You can start using it today on Gemnasium and later this week on Gemnasium Enterprise!

Oh, in case you didn’t know: we’re free for open source projects (and will always be)!

For your information, we’re working on adding support for more dependency management systems in the next few months…including Maven (Java) and nuget (.Net)!