NPM vs YARN vs PNPM - full comparison
Learn the difference between main JS dependency managers in one article.
In case you like to consume information in a form of a video, feel free to watch it here
So, the most popular tools are:
- NPM - Node Package Manager, the default package manager for node
YARN - Yet Another Resource Navigator, which was created to improve some performance and security issues in NPM
PNPM - Performant NPM
Currently, all of them have pretty similar feature sets, but still there are some differences:
Installation of the dependency manager
NPM is installed by default, YARN and PNPM you need to install by yourself
npm install -g yarn
npm install -g pnpm
Different locking mechanisms.
We need locking to ensure that all environments are the same, so we make a file with the description of all installed packages for the project and their versions.
In NPM we have
package-lock.json. There we have all the installed packages and their versions + dependencies.
In YARN we have
yarn.lock and in PNPM we have
Installing new packages.
NPM installs packages from the online registry and installs one after another (sequentially).
YARN tries to install it from the cache on the local machine and if the cache is empty, then it will go online. It can also install dependencies in parallel.
PNPM - there is one storage for all packages, so you do not need to download the same dependency for each project.
Security & licensing
NPM, YARN and PNPM are currently equal in terms of security and they give the same notes about the same packages.
But for licensing in YARN we have an additional tool
yarn licenses list
It will add output to the console about licenses for all the packages
And for PNPM we have similar command
Currently, in YARN & PNPM you will get a shorter and cleaner output in most cases.
All package managers do support workspaces. Workspaces help you to properly link to the packages that are located in the same repository (aka monorepos).
Performance depends on your project and what you do with it. There are many different tests and what is usually you can see - PNPM is usually faster while NPM is the slowest in most cases. But overall very often the speed difference is not something that will save you a lot of time.
Also, it is worth mentioning the most distinguishing points about each dependency manager.
In YARN they have main priority on workspaces and plug&play + some features that are in test at the moment
In this install mode which is used by default starting from Yarn 2.0, Yarn generates a single
.pnp.cjs file instead of the usual
node_modules folder containing copies of various packages.
.pnp.cjs file contains various maps: one linking package names and versions to their location on the disk and another one linking package names and versions to their list of dependencies. With these lookup tables, Yarn can instantly tell Node where to find any package it needs to access, as long as they are part of the dependency tree, and as long as this file is loaded within your environment.
.pnp.cjs file can be committed to your repository as part of the Zero-Installs effort, removing the need to run yarn install in the first place.
Mainly it makes YARN somewhat similar to PNPM - it now tries to link all files not in
node_modules, but get all the files from its cache. Now all the files should be located in one folder and YARN does the management of this cache by itself
By default, it uses 'local cache' for each repo, so you can include this
.yarn/cache folder into your repo and then it should work as a 'zero install' repo (no need for
yarn install at all).
If you don't want to use local cache you can set
enableGlobalCache:true in the settings file.
Why you can include 'cache' in your repo? YARN creates just one file for each dependency, so it significantly reduces the number of files and their size compared to
At the same time in PNPM, one of the main advantages is the disk space.
There is one storage for all packages, so you do not need to download the same dependency for each project.
When you update an already installed dependency it will download only updated files and not the whole package.
You will have access only to direct dependencies from
node_modules. For example, NPM & YARN V1 flatly added all dependencies into the
node_modules folder. With PNPM you will have access only to direct dependencies.
Support for aliases. It lets you install packages with custom names. Can be useful if you create your own fork and publish it into NPM registry. So, you can install your fork with the original name and there is no need to refactor already written code. Or you may want to install 2 versions of the same library then you can install them with different names.
Support for tab completion without plugins.
Full feature comparison of NPM, YARN and PNPM can be found on the official site of PNPM, also there is a comparison for performance.
In terms of commands, all these tools are pretty similar.
npm install name
yarn add name
pnpm add name
npm uninstall name
yarn remove name
pnpm remove name
npm run name
yarn dlx command
pnpm dlx command
yarn exec command
pnpm exec command
npm init name
yarn create name
pnpm create name
In summary, I would say that in most cases it doesn't matter which tool you will choose. Performance can vary depending on your project, but usually, PNPM and YARN are better, in other things you should look at the list of features for each tool and choose what has the needed features for your project.