A package manager is a tool that allows you to install, update, and uninstall packages (or modules) needed by your project.
You can use and share code with other developers through a reliable package manager, allowing you to use other people’s code in your project (and vice versa).
These days, software developers rely on package managers to get the dependencies required by the project they are working on.
npm and Yarn are package managers used for developing JavaScript software.
Yarn was first released back in 2016, 6 years after the first release of npm in 2010. It was developed to address some serious bugs in the implementation of npm.
One example is the introduction of the lock file by Yarn. After you install packages, Yarn automatically generates a yarn.lock
file used to keep track of the exact version installed.
npm doesn’t have a lock file to keep track of the exact version installed back then. You need to run npm shrinkwrap
to generate an npm-shrinkwrap.json
Later on, npm follows the lead of Yarn by automatically generating a package-lock.json
file after installation.
Back then, Yarn is considered better than npm. But today, npm has adopted many Yarn features that make it a great and comparable package manager to Yarn.
That being said, they still have some differences, as you will see in this article.
There are 5 point of differences between npm and Yarn that we will learn:
- Install speed and reliability
- Different commands between npm and Yarn
- Offline cache
- Yarn Plug’n’Play feature
- Yarn Zero Install feature
Let’s start exploring the differences between npm and Yarn.
Install speed and reliability
npm install dependencies for your project sequentially, while Yarn installs the dependencies concurrently.
This means that Yarn will execute installation faster when you have many dependencies.
npm use the npm install
command to install packages, while yarn install
command is used in Yarn.
Yarn guarantees that an install that works now will continue to work in the future. npm version update may break your installation process.
For example, when npm replaced SHA-1 with SHA-512 for integrity check in v5, many installations failed with EINTEGRITY error.
Although this won’t be a problem when you use the latest version of npm, some developers may still prefer Yarn over npm.
Different commands between npm and Yarn
The following table provides an overview of the commands used in npm and Yarn:
Command | npm | Yarn |
---|---|---|
Run initialize | npm init | yarn init |
Run install | npm install | yarn install / yarn |
Adding new dependency | npm install [package] | yarn add [package] |
Adding new dev dependency | npm install --save-dev [package] | yarn add --dev [package] |
Uninstall dependency | npm uninstall [package] | yarn remove [package] |
Update dependency | npm update [package] | yarn upgrade [package] |
Global install | npm install -g [package] | yarn global add [package] |
Global uninstall | npm uninstall -g [package] | yarn global remove [package] |
Run start script | npm start | yarn start |
Run test script | npm test | yarn test |
Run other script | npm run [script] | yarn run [script] |
Run remote package | npx | yarn dlx |
Check package license | npx | yarn dlx |
Most of the commands between npm and Yarn are identical, with few differences here and there.
Offline cache
In the past, npm doesn’t have any offline cache. Yarn introduced the idea of storing an offline cache for installed packages.
Today, both npm and Yarn check the offline cache to install your packages before downloading them from the registry.
Since Yarn v2, the cache is configured to be local to your project under the .yarn/cache
folder. This is done so that you can add the cache to your repository.
However, you can still enable Yarn global cache with the enableGlobalCache
option:
enableGlobalCache: true
In npm, there’s only the global cache and no local cache.
Plug’n’Play
npm install dependencies for your project locally under the node_modules
folder.
When you run the project with Node.js, it’s up to Node to find the packages your project needed from the node_modules
folder.
Yarn used to follow the same strategy until the release of Plug’n’Play (PnP) in Yarn v2.
Plug’n’Play essentially lets Yarn to ditch the node_modules
folder. The strategy goes as follows:
- Yarn install your dependencies under the
.yarn
folder, which also serves as the offline cache - Yarn generates a single
pnp.cjs
file that maps the dependencies used in your project
When you run the project, Yarn will help Node find the packages using that pnp.cjs
file.
You need to run your project using yarn node
instead of just node
:
# 👇 imports will not work with PnP
node index.js
# 👇 this one ok
yarn node index.js
The PnP feature is faster because you only need to generate a single pnp.cjs
file instead of the giant node_modules
folder.
You can learn more about it here: Yarn PnP feature
Yarn Zero Install feature
The Zero Install is not a feature of Yarn, but more of an outcome from using Yarn’s offline cache and Plug n Play feature.
Because you can commit the pnp.cjs
file and .yarn
folder, Yarn is able to run your application as soon as you clone the project in another environment.
The dependencies required by your project are already inside the .yarn/cache
folder, and Yarn knows how to fetch them using the pnp.cjs
file.
This means you don’t need to run yarn install
anymore. You can just yarn start
after cloning the project.
But isn’t this the same as committing the node_modules
folder?
No, because Yarn cache is very optimized to make Zero Install work.
To give you an idea, a 1.2GB node_modules
folder is compressed to 139MB of Yarn cache.
Yarn cache keep exactly one zip file for each package required in your project.
By contrast, node_modules
has all the files unarchived and installed as-is.
Conclusion: which package manager you need to use?
npm comes bundled with Node.js installation, and it should be enough to handle most of your projects.
Yarn is more of an alternative to npm suited for large projects. It has many interesting features that are convenient when you work on a large project with many members.
The installation of dependencies using Yarn is guaranteed to work in the future, and the combination of the offline cache and Plug n Play features allows you to have Zero Install required for your project.
npm may catch up with Yarn in terms of performance one day, but Yarn has produced great innovations that made the developer experience better.