Friday Links 0.0.15 - Yarn, Security Primer, and Razor

This is based on an email I send my .NET team at work

Happy Friday,

Yarn: A new package manager for JavaScript

I know what you’re thinking: “Oh no, not another javascript build tool”.

Sadly yes. But at least this one runs off the same repository as npm but addresses some shortcomings in the standard npm client.

Its not quite a drop-in replacement, but it uses the same servers for packages and stores the downloaded files to node_modules just like npm.

Yarn, in my testing, is often almost twice as fast as npm install.

It locks versions so that at deploy time you get the same versions of code you tested with. Locking versions also helps speed it up by avoiding dependency resolution.

I like that it also has a yarn why command that tells you what packages brought in a specific dependency.

Try it next time you bring in a client side project and see if it is faster for you too

An Information Security Policy for the Startup

I thought this was a fun read. It’s a humorous take on standard corporate security policies. It covers all the same ground, but in a more conversational than legal voice. Security policies that are too boring to be read and understood don’t do any good.

Templated Razor Delegates

I never knew about this, but if you declare a method that takes Func<T, HelperResult> as a parameter, you can pass it snippets of razor markup as the parameter.

Here’s basically the example from the post, but you should check it out for more detail.

public static HelperResult RenderList<T>(this IEnumerable<T> items, Func<T, HelperResult> template)
    return new HelperResult(writer => {
        foreach(var item in items)


    @Model.Pages.RenderList(@<li><a href="@item.Url">@item.Name</a></li>)

Notice we’re actually passing markup as a parameter to the RenderList method. It’s a neat concept, and probably really useful in certain scenarios. I’m just not sure I’ve run into the perfect use case for it yet. :)