NPM and Yarn are package managers that help to manage a project's dependencies. A dependency is, as it sounds, something that a project depends on, a piece of code that is required to make the project work properly. We need them because managing the project's dependencies is a difficult task and it quickly becomes tedious, and out of hand when the project grows. By managing the dependencies, we mean to include, un-include, and update them.
Table of Content
Both npm and yarn are popular package managers in the Node.js ecosystem.
NPM
It is a package manager for the JavaScript programming language. It is the default package manager for the JavaScript runtime environment Node.js. It consists of a command-line client, also called npm, and an online database of public and paid-for private packages called the npm registry.
YARN
It stands for Yet Another Resource Negotiator and it is a package manager just like npm. It was developed by Facebook and is now open-source. The intention behind developing yarn(at that time) was to fix performance and security concerns with npm.
The differences between npm and yarn are explained below:
Installation procedure
- npm: npm is installed with Node automatically.
- yarn: To install yarn npm have to be installed.
npm install yarn --globalThe lock file
- npm: NPM generates a ‘package-lock.json’ file. The package-lock.json file is a little more complex due to a trade-off between determinism and simplicity. Due to this complexity, the package-lock will generate the same node_modules folder for different npm versions. Every dependency will have an exact version number associated with it in the package-lock file.
- yarn: Yarn generates a ‘yarn.lock’ file. Yarn lock files help in easy merge. The merges are predictable as well, because of the design of the lock file.
Output log
- install: The npm creates massive output logs of npm commands. It is essentially a dump of stack trace of what npm is doing.
- add: The yarn output logs are clean, visually distinguishable and brief. They are also ordered in a tree form for understandability.
Installing global dependencies
- npm: To install a global package, the command template for npm is:
npm install -g package_name@version_number - yarn: To install a global package, the command template for yarn is:
yarn global add package_name@version_number
The 'why' command:
- npm: npm yet doesn't has a 'why' functionality built in.
- yarn: Yarn comes with a 'why' command that tells why a dependency is present in the project. For example, it is a dependency, a native module, or a project dependency.
License Checker:
- npm: npm doesn't has a license checker that can give a handy description of all the licenses that a project is bound with, due to installed dependencies.
- yarn: Yarn has a neat license checker. To see them, run
yarn licenses list
Fetching packages
- npm: npm fetches dependencies from the npm registry during every ‘npm install‘ command.
- Yarn: yarn stores dependencies locally, and fetches from the disk during a ‘yarn add‘ command (assuming the dependency(with the specific version) is present locally).
Commands changed in yarn after npm
| command | npm | yarn |
|---|---|---|
| Install dependencies | npm install | yarn |
| Install package | npm install package_name npm install package_name@version_number | yarn add package_name yarn add package_name@version_number |
| Uninstall package | npm uninstall package_name | yarn remove package_name |
| Install dev package | npm install package_name --save-dev | yarn add package_name --dev |
| Update dev package | npm update package_name npm update package_name@version_number | yarn upgrade package_name yarn upgrade package_name@version_number |
| View package | npm view package_name | yarn info package_name |
| Global install package | npm install -g package_name | yarn global add package_name |
Commands same for npm and yarn:
| npm | yarn |
|---|---|
| npm init | yarn init |
| npm run [script] | yarn run [script] |
| npm list | yarn list |
| npm test | yarn test |
| npm link | yarn link |
| npm login or logout | yarn login or logout |
| npm publish | yarn publish |
Difference between NPM and Yarn
| Feature | npm | Yarn |
|---|---|---|
Installation Speed | Generally slower | Faster due to parallel installations |
Dependency Resolution | Less consistent | Deterministic and consistent |
Offline Mode | Limited | Full support |
Security | Basic checks | Enhanced checks |
Default Lockfile | package-lock.json | yarn.lock |
Install dependencies | npm install | yarn install |
Install package | npm install package_name@version_number | yarn add package_name@version_number |
View package | npm view package_name | yarn info package_name |
Conclusion
Yarn offers faster installations, robust offline support, and strong workspace management, making it ideal for large projects. NPM, however, is more widely adopted, comes pre-installed with Node.js, and has improved performance and security features in recent versions.