NPM vs YARN vs PNPM - full comparison
Learn the difference between main JS dependency managers in one article.
Let's discuss the difference between the most popular dependency managers in the JavaScript world and their main features.
In case you like to consume information in a form of a video, feel free to watch it here
So, the most popular tools are:
- NPM - Node Package Manager, the default package manager for node
YARN - Yet Another Resource Navigator, which was created to improve some performance and security issues in NPM
PNPM - Performant NPM
Currently, all of them have pretty similar feature sets, but still there are some differences:
Installation of the dependency manager
NPM is installed by default, YARN and PNPM you need to install by yourself
npm install -g yarn
npm install -g pnpm
Different locking mechanisms.
We need locking to ensure that all environments are the same, so we make a file with the description of all installed packages for the project and their versions.
In NPM we have package-lock.json
. There we have all the installed packages and their versions + dependencies.
In YARN we have yarn.lock
and in PNPM we have pnpm-lock.yaml
Installing new packages.
NPM installs packages from the online registry and installs one after another (sequentially).
YARN tries to install it from the cache on the local machine and if the cache is empty, then it will go online. It can also install dependencies in parallel.
PNPM - there is one storage for all packages, so you do not need to download the same dependency for each project.
Security & licensing
NPM, YARN and PNPM are currently equal in terms of security and they give the same notes about the same packages.
But for licensing in YARN we have an additional tool
yarn licenses list
It will add output to the console about licenses for all the packages
And for PNPM we have similar command
pnpm licenses
Output log
Currently, in YARN & PNPM you will get a shorter and cleaner output in most cases.
Workspaces
All package managers do support workspaces. Workspaces help you to properly link to the packages that are located in the same repository (aka monorepos).
Performance
Performance depends on your project and what you do with it. There are many different tests and what is usually you can see - PNPM is usually faster while NPM is the slowest in most cases. But overall very often the speed difference is not something that will save you a lot of time.
Also, it is worth mentioning the most distinguishing points about each dependency manager.
YARN
In YARN they have main priority on workspaces and plug&play + some features that are in test at the moment
Plug'n'Play
In this install mode which is used by default starting from Yarn 2.0, Yarn generates a single .pnp.cjs
file instead of the usual node_modules
folder containing copies of various packages.
The .pnp.cjs
file contains various maps: one linking package names and versions to their location on the disk and another one linking package names and versions to their list of dependencies. With these lookup tables, Yarn can instantly tell Node where to find any package it needs to access, as long as they are part of the dependency tree, and as long as this file is loaded within your environment.
The generated .pnp.cjs
file can be committed to your repository as part of the Zero-Installs effort, removing the need to run yarn install in the first place.
Mainly it makes YARN somewhat similar to PNPM - it now tries to link all files not in node_modules
, but get all the files from its cache. Now all the files should be located in one folder and YARN does the management of this cache by itself
By default, it uses 'local cache' for each repo, so you can include this .yarn/cache
folder into your repo and then it should work as a 'zero install' repo (no need for yarn install
at all).
If you don't want to use local cache you can set enableGlobalCache:true
in the settings file.
Why you can include 'cache' in your repo? YARN creates just one file for each dependency, so it significantly reduces the number of files and their size compared to node_modules
.
PNPM
At the same time in PNPM, one of the main advantages is the disk space.
There is one storage for all packages, so you do not need to download the same dependency for each project.
When you update an already installed dependency it will download only updated files and not the whole package.
You will have access only to direct dependencies from node_modules
. For example, NPM & YARN V1 flatly added all dependencies into the node_modules
folder. With PNPM you will have access only to direct dependencies.
Support for aliases. It lets you install packages with custom names. Can be useful if you create your own fork and publish it into NPM registry. So, you can install your fork with the original name and there is no need to refactor already written code. Or you may want to install 2 versions of the same library then you can install them with different names.
Support for tab completion without plugins.
Full feature comparison of NPM, YARN and PNPM can be found on the official site of PNPM, also there is a comparison for performance.
In terms of commands, all these tools are pretty similar.
npm install
yarn
pnpm install
npm install name
yarn add name
pnpm add name
npm uninstall name
yarn remove name
pnpm remove name
npm update
yarn upgrade
pnpm update
npm list
yarn list
pnpm list
npm run name
yarn name
pnpm name
npx command
yarn dlx command
pnpm dlx command
npm exec
yarn exec command
pnpm exec command
npm init name
yarn create name
pnpm create name
In summary, I would say that in most cases it doesn't matter which tool you will choose. Performance can vary depending on your project, but usually, PNPM and YARN are better, in other things you should look at the list of features for each tool and choose what has the needed features for your project.
And what about you? Which one do you use and why? I assume, that if you don't care about the speed of package installation, you can use NPM. If some long time ago you decided to switch from NPM to YARN, you are still using it. And if you are new to the JavaScript world or you were impressed by the speed of PNPM - you are working with it now. Am I right? Let me know in the comments :)