Join egghead, unlock knowledge.

Want more egghead?

This lesson is for members. Join us? Get access to all 3,000+ tutorials + a community with expert developers around the world.

Unlock This Lesson
Become a member
to unlock all features

Level Up!

Access all courses & lessons on egghead today and lock-in your price for life.


    Pin Down NPM Package Versions with Yarn.lock

    Mark ShustMark Shust

    npm shrinkwrap > npm install > npm shrinkwrap is not guaranteed to produce the same output as just shrinkwrapping once, whereas Yarn explicitly uses "an install algorithm that is deterministic and reliable". We’ll learn how to generate a yarn.lock file and commit it to version control to ensure a deterministic and reliable module install process.



    Become a Member to view code

    You must be a Member to view code

    Access all courses and lessons, track your progress, gain confidence and expertise.

    Become a Member
    and unlock code for this lesson




    By default, NPM is not 100 percent deterministic. Even if you use NPM shrinkwrap, you cannot guarantee that what you NPM install on one computer will NPM install exactly the same on another computer. You can fix this by using Yarn.

    Yarn was built to be deterministic, reliable, and fast. New projects can get started very easily by typing "yarn add" followed by the package you want to install. You can also specify an exact version to install, or use a range or version constraint if you prefer a different install criteria.

    After installing the first package, yarn will create a yarn.lock file. We can check the exact pin-down version of this package by searching for our installed package in this file. Yarn also does file checks on matches to ensure exact one-to-one downloaded results.

    Regarding version control, be sure to add both the package.json file and the yarn.lock file to your repository. You'll also want to ignore the node modules directory, as these assets are compiled when the yarn command is ran later at bill time, or post deploy.