NPM vs YARN vs PNPM - full comparison

NPM vs YARN vs PNPM - full comparison

Learn the difference between main JS dependency managers in one article.

·

5 min read

Let's discuss the difference between the most popular dependency managers in the JavaScript world and their main features.

In case you like to consume information in a form of a video, feel free to watch it here

So, the most popular tools are:

  • NPM - Node Package Manager, the default package manager for node
  • YARN - Yet Another Resource Navigator, which was created to improve some performance and security issues in NPM

  • PNPM - Performant NPM

Currently, all of them have pretty similar feature sets, but still there are some differences:

Installation of the dependency manager

NPM is installed by default, YARN and PNPM you need to install by yourself

npm install -g yarn
npm install -g pnpm

Different locking mechanisms.

We need locking to ensure that all environments are the same, so we make a file with the description of all installed packages for the project and their versions.

In NPM we have package-lock.json. There we have all the installed packages and their versions + dependencies.

In YARN we have yarn.lock and in PNPM we have pnpm-lock.yaml

Installing new packages.

NPM installs packages from the online registry and installs one after another (sequentially).

YARN tries to install it from the cache on the local machine and if the cache is empty, then it will go online. It can also install dependencies in parallel.

PNPM - there is one storage for all packages, so you do not need to download the same dependency for each project.

Security & licensing

NPM, YARN and PNPM are currently equal in terms of security and they give the same notes about the same packages.

But for licensing in YARN we have an additional tool

yarn licenses list

It will add output to the console about licenses for all the packages

And for PNPM we have similar command

 pnpm licenses

Output log

Currently, in YARN & PNPM you will get a shorter and cleaner output in most cases.

Workspaces

All package managers do support workspaces. Workspaces help you to properly link to the packages that are located in the same repository (aka monorepos).

Performance

Performance depends on your project and what you do with it. There are many different tests and what is usually you can see - PNPM is usually faster while NPM is the slowest in most cases. But overall very often the speed difference is not something that will save you a lot of time.

Also, it is worth mentioning the most distinguishing points about each dependency manager.

YARN

In YARN they have main priority on workspaces and plug&play + some features that are in test at the moment

Plug'n'Play

In this install mode which is used by default starting from Yarn 2.0, Yarn generates a single .pnp.cjs file instead of the usual node_modules folder containing copies of various packages.

The .pnp.cjs file contains various maps: one linking package names and versions to their location on the disk and another one linking package names and versions to their list of dependencies. With these lookup tables, Yarn can instantly tell Node where to find any package it needs to access, as long as they are part of the dependency tree, and as long as this file is loaded within your environment.

The generated .pnp.cjs file can be committed to your repository as part of the Zero-Installs effort, removing the need to run yarn install in the first place.

Mainly it makes YARN somewhat similar to PNPM - it now tries to link all files not in node_modules, but get all the files from its cache. Now all the files should be located in one folder and YARN does the management of this cache by itself

By default, it uses 'local cache' for each repo, so you can include this .yarn/cache folder into your repo and then it should work as a 'zero install' repo (no need for yarn install at all).

If you don't want to use local cache you can set enableGlobalCache:true in the settings file.

Why you can include 'cache' in your repo? YARN creates just one file for each dependency, so it significantly reduces the number of files and their size compared to node_modules.

PNPM

At the same time in PNPM, one of the main advantages is the disk space.

There is one storage for all packages, so you do not need to download the same dependency for each project.

When you update an already installed dependency it will download only updated files and not the whole package.

You will have access only to direct dependencies from node_modules. For example, NPM & YARN V1 flatly added all dependencies into the node_modules folder. With PNPM you will have access only to direct dependencies.

Support for aliases. It lets you install packages with custom names. Can be useful if you create your own fork and publish it into NPM registry. So, you can install your fork with the original name and there is no need to refactor already written code. Or you may want to install 2 versions of the same library then you can install them with different names.

Support for tab completion without plugins.

Full feature comparison of NPM, YARN and PNPM can be found on the official site of PNPM, also there is a comparison for performance.

In terms of commands, all these tools are pretty similar.

npm install 
yarn 
pnpm install 

npm install name 
yarn add name 
pnpm add name

npm uninstall name 
yarn remove name 
pnpm remove name  

npm update 
yarn upgrade 
pnpm update 

npm list 
yarn list 
pnpm list 

npm run name 
yarn name 
pnpm name 

npx command 
yarn dlx command 
pnpm dlx command 

npm exec 
yarn exec command 
pnpm exec command 

npm init name 
yarn create name 
pnpm create name

In summary, I would say that in most cases it doesn't matter which tool you will choose. Performance can vary depending on your project, but usually, PNPM and YARN are better, in other things you should look at the list of features for each tool and choose what has the needed features for your project.

And what about you? Which one do you use and why? I assume, that if you don't care about the speed of package installation, you can use NPM. If some long time ago you decided to switch from NPM to YARN, you are still using it. And if you are new to the JavaScript world or you were impressed by the speed of PNPM - you are working with it now. Am I right? Let me know in the comments :)