A package manager is a tool that automatically handles a project’s dependencies in a variety of ways. For example, with the help of a package manager we can install, uninstall, update, and upgrade packages, configure project settings, run scripts, and so on. All the hard and tedious work is done by the package manager, leaving to us only the fun part — the coding itself.

What is NPM?

NPM stands for the Node Package Manager.

NPM does two things:

1. It serves as an online platform. An NPM registry where people, including you, can create, upload, publish, and share tools (Node.js packages). These packages are open source. Everyone can search and use the tools published on this online platform (NPM registry).

2. It is the command-line tool. It helps you interact with the online platform I just mentioned. A few things you can do with the command-line tool include installing and uninstalling packages.

What is Yarn?

Yarn is a JavaScript package manager created by Facebook. Yarn stands for Yet Another Resource Negotiator. It provides similar functionalities as NPM. It is an alternative to NPM when installing, uninstalling, and managing package dependencies from the NPM registry or GitHub repositories.

Installation

As I noted above, npm comes preinstalled with Node, so there’s no need to install npm manually.

In contrast, Yarn needs to be installed explicitly. First, we need to install Yarn globally:

Installing project dependencies

When we run npm install, the dependencies are installed sequentially, one after another. The output logs in the terminal are informative but a bit hard to read.

To install the packages with Yarn, we run the yarn command. Yarn installs packages in parallel, which is one of the reasons it’s quicker than npm. If you’re using Yarn 1, you’ll see that the yarn output logs are clean, visually distinguishable and brief. They’re also ordered in a tree form for easy comprehension. But this is changed in versions 2 and 3, where the logs aren’t so intuitive and human-readable.

So far, we’ve seen that npm and Yarn have different commands for installing packages. In the next section, we’ll explore more commands.

Comparing npm and Yarn Commands

npm and Yarn share many commands, but there are also many non-identical commands. Let’s first explore some of the identical commands:

• npm init | yarn init: create a new package
• npm run | yarn run: run a script defined in the package.json
• npm test | yarn test: test a package
• npm publish | yarn publish: publish a package
• npm cache clean | yarn cache clean: remove all data from the cache folder

These commands make switching between two managers easy, but there are some non-identical commands that can cause confusion. Let’s see what they are in the next list:

• npm install | yarn: install dependencies
• npm install [package] | yarn add [package]: install a package
• npm install --save-dev [package] | yarn add - -dev [package]: install a package as a development dependency
• npm uninstall [package] | yarn remove [package]: uninstall a package
• npm uninstall --save-dev [package] | yarn remove [package]: uninstall a development dependency package
• npm update | yarn upgrade: update the dependencies
• npm update [package] | yarn upgrade [package]: update a package

Yarn has also some unique commands which don’t have npm equivalents. For example, the why command displays the reason why a package is needed: it may be a dependency, a native module, or a project dependency.

Speed and Performance

Whenever Yarn or npm need to install a package, they carry out a series of tasks. In npm, these tasks are executed per package and sequentially, meaning it will wait for a package to be fully installed before moving on to the next. In contrast, Yarn executes these tasks in parallel, increasing performance.

When you install a package, these two package managers save offline cache. You can then install a package you installed before from the memory cache even when you are offline.

Yarn has a well-managed offline cache. You install an offline package with Zero times, a concept called Zero installs.

Zero installs stores the cache in your project directory. When you push commands such as yarn install or yarn add <package name>, Yarn will create a .pnp.cjs file. This file consists of a dependency hierarchy used by Node.js to load your project packages. Thus, you can access them almost at zero time.

Generating a Lock File

In package.json, the file where both npm and Yarn keep track of the project’s dependencies, version numbers aren’t always exact. Instead, you can define a range of versions. This way, you can choose a specific major and minor version of a package, but allow npm to install the latest patch that might fix some bugs.

In an ideal world of semantic versioning, patched releases won’t include any breaking changes. But unfortunately, this isn’t always the case. The strategy employed by npm may result in two machines ending up with the same package.json file, but having different versions of a package installed — which will possibly introduce bugs.

To avoid package version mismatches, an exact installed version is pinned down in a package lock file. Every time a module is added, npm and Yarn create (or update) a package-lock.json and yarn.lock file respectively. This way, you can guarantee another machine installs the exact same package, while still having a range of allowed versions defined in package.json .

Security Comparisonrity

You download stuff from the NPM registry without necessarily knowing what you’re downloading. However, these package managers perform a security check on each install.

Yarn checks behind the scenes and make sure that you’re not downloading rogue scripts or stuff that can conflict with your project dependencies. Security is one of Yarn’s core features.

In the past, NPM was very fragile and didn’t provide a secure installation process. This allowed other packages to get included on the fly, resulting in possible security systems vulnerabilities. It has since then greatly improved on the security checks with its recent updates.

Ease of use

One thing to consider before choosing a package manager would be the to see which interface is user friendly. This includes how the command line terminal looks after running commands such as npm install or yarn add.

NPM and Yarn have different command-line interfaces. They are both user-friendly and have a good user experience. This is evident when using a command such as npm init and yarn init. They both have an interactive guide that helps users to initialize a Node.js project.

NPM vs Yarn new updates

Yarn and NPM are continually updating to improve on their current features, as well as adding new features such as NPX and PnP.

NPX

NPX stands for Node Package Executor. It is a new addition to NPM version 5.2.0 or higher. NPX helps you to execute one-off commands. With NPX, you can execute packages from the NPM registry without installing them to your project dependencies.

There are more features that you can benefit from using NPX. Check this guide to learn more about NPX.

Running scripts remotely

The npx command is used to run scripts from ./node_modules/.bin. It also allows you to execute packages from the npm registry without installing them in your project dependencies. For example, you can create a new React app by running the following:

In Yarn, you can achieve the same result by using the equivalent dlx command:

yarn dlx create-react-app my-app

Yarn2 (Berry)

Yarn introduced Yarn2, nicknamed Berry. This new Yarn version has exciting features such as Plug’n’Play, Constraints, Offline installation, Zero install, Workspaces, and Yarn Dlx (the new Yarn NPX).

The most significant additions here are:

1. Plug’n’Play - This is an alternative installation strategy. Instead of generating a node_modules directory and leaving the resolution to Node.js, Plug’n’Play generates a single pnp.js file and lets Yarn tell us where to find our packages.

This means

• No more node_modules.
• Reduced package installation time up to 70%.
• Plug’n’Play will warn you when you forget to list your dependency.
• Faster project booting time.

Check this guide to learn more about Plug’n’Play.

2. Constraints - Constraints offer a way to specify generic rules using prologue (a declarative programming language) to manage the dependencies in your project. This allows you to write rules and ensure that there are no conflicting dependencies in your repository.

3. Improved Workspaces - Workspaces allows you to create a mono repository to manage the dependencies across multiple projects. This allows multiple projects to cross-reference each other. Changes applied to one project repository are applied to the others.

Yarn2 differs a lot from Yarn1. Check this migration guide on how to switch from Yarn1 to Yarn2.

Licenses

Yarn is packed with a built-in license checker that can be useful in different scenarios when you’re developing applications.

Which Package Manager to Choose

We’ve covered the various similarities and differences of npm and Yarn, but we haven’t established which is better and which one we should choose. As ever, the answer depends on our desires and requirements.

As a general guide, let me conclude with the following advice:

• Choose npm if you’re happy with your current workflow, you don’t want to install an additional tool, and you don’t have a lot of disk space.

• Choose Yarn if you want some great features such as Plug’n’Play, you need some functionality that’s missing in npm, and you have enough disk space.

If you still find it hard to make a clear decision between npm and Yarn, then you can check pnpm, which tries to combine the best from both package managers and is the third big fish in the package management pool.

Conclusion

These two package managers are great at managing and maintaining your project dependencies tree. They are reliable, and they have a great and supportive JavaScript community. With the added features, NPM is almost identical to Yarn.

There are not many comparisons to be drawn between the two. You can use Yarn pretty much in every case that you would NPM. It is meant to be a drop-in replacement.

The choice between the two may depend on personal preference, performance (package installations speed), community support, or ease of use.

And finally, don’t overthink it. Just choose one and move to the fun part: creating great apps!

Hope you have found this article helpful when making a choice between Yarn and NPM.