Yarn vs npm : Which Package Manager Should You Choose?
A package manager is a tool that automatically handles a project’s dependencies in a variety of ways. For example, with the help of a package manager we can install, uninstall, update, and upgrade packages, configure project settings, run scripts, and so on. All the hard and tedious work is done by the package manager, leaving to us only the fun part — the coding itself.
What is NPM?
NPM stands for the Node Package Manager.
NPM does two things:
It serves as an online platform. An NPM registry where people, including you, can create, upload, publish, and share tools (Node.js packages). These packages are open source. Everyone can search and use the tools published on this online platform (NPM registry).
It is the command-line tool. It helps you interact with the online platform I just mentioned. A few things you can do with the command-line tool include installing and uninstalling packages.
What is Yarn?
As I noted above, npm comes preinstalled with Node, so there’s no need to install npm manually.
In contrast, Yarn needs to be installed explicitly. First, we need to install Yarn globally:
npm install -g yarn
Installing project dependencies
When we run
npm install, the dependencies are installed sequentially, one after another. The output logs in the terminal are informative but a bit hard to read.
To install the packages with Yarn, we run the
yarn command. Yarn installs packages in parallel, which is one of the reasons it’s quicker than npm. If you’re using Yarn 1, you’ll see that the yarn output logs are clean, visually distinguishable and brief. They’re also ordered in a tree form for easy comprehension. But this is changed in versions 2 and 3, where the logs aren’t so intuitive and human-readable.
So far, we’ve seen that npm and Yarn have different commands for installing packages. In the next section, we’ll explore more commands.
Comparing npm and Yarn Commands
npm and Yarn share many commands, but there are also many non-identical commands. Let’s first explore some of the identical commands:
yarn init: create a new package
yarn run: run a script defined in the
yarn test: test a package
yarn publish: publish a package
npm cache clean|
yarn cache clean: remove all data from the cache folder
These commands make switching between two managers easy, but there are some non-identical commands that can cause confusion. Let’s see what they are in the next list:
yarn: install dependencies
npm install [package]|
yarn add [package]: install a package
npm install --save-dev [package]|
yarn add - -dev [package]: install a package as a development dependency
npm uninstall [package]|
yarn remove [package]: uninstall a package
npm uninstall --save-dev [package]|
yarn remove [package]: uninstall a development dependency package
yarn upgrade: update the dependencies
npm update [package]|
yarn upgrade [package]: update a package
Yarn has also some unique commands which don’t have npm equivalents. For example, the
why command displays the reason why a package is needed: it may be a dependency, a native module, or a project dependency.
Speed and Performance
Whenever Yarn or npm need to install a package, they carry out a series of tasks. In npm, these tasks are executed per package and sequentially, meaning it will wait for a package to be fully installed before moving on to the next. In contrast, Yarn executes these tasks in parallel, increasing performance.
When you install a package, these two package managers save offline cache. You can then install a package you installed before from the memory cache even when you are offline.
Yarn has a well-managed offline cache. You install an offline package with Zero times, a concept called
Zero installs stores the cache in your project directory. When you push commands such as
yarn install or
yarn add <package name>, Yarn will create a
.pnp.cjs file. This file consists of a dependency hierarchy used by Node.js to load your project packages. Thus, you can access them almost at
Generating a Lock File
package.json, the file where both npm and Yarn keep track of the project’s dependencies, version numbers aren’t always exact. Instead, you can define a range of versions. This way, you can choose a specific major and minor version of a package, but allow npm to install the latest patch that might fix some bugs.
In an ideal world of semantic versioning, patched releases won’t include any breaking changes. But unfortunately, this isn’t always the case. The strategy employed by npm may result in two machines ending up with the same
package.json file, but having different versions of a package installed — which will possibly introduce bugs.
To avoid package version mismatches, an exact installed version is pinned down in a package lock file. Every time a module is added, npm and Yarn create (or update) a
yarn.lock file respectively. This way, you can guarantee another machine installs the exact same package, while still having a range of allowed versions defined in
You download stuff from the NPM registry without necessarily knowing what you’re downloading. However, these package managers perform a security check on each install.
Yarn checks behind the scenes and make sure that you’re not downloading rogue scripts or stuff that can conflict with your project dependencies. Security is one of Yarn’s core features.
In the past, NPM was very fragile and didn’t provide a secure installation process. This allowed other packages to get included on the fly, resulting in possible security systems vulnerabilities. It has since then greatly improved on the security checks with its recent updates.
Ease of use
One thing to consider before choosing a package manager would be the to see which interface is user friendly. This includes how the command line terminal looks after running commands such as
npm install or
NPM and Yarn have different command-line interfaces. They are both user-friendly and have a good user experience. This is evident when using a command such as
npm init and
yarn init. They both have an interactive guide that helps users to initialize a Node.js project.
NPM vs Yarn new updates
Yarn and NPM are continually updating to improve on their current features, as well as adding new features such as
NPX stands for Node Package Executor. It is a new addition to NPM version
5.2.0 or higher. NPX helps you to execute one-off commands. With NPX, you can execute packages from the NPM registry without installing them to your project dependencies.
There are more features that you can benefit from using NPX. Check this guide to learn more about NPX.
Running scripts remotely
npx command is used to run scripts from
./node_modules/.bin. It also allows you to execute packages from the npm registry without installing them in your project dependencies. For example, you can create a new React app by running the following:
npx create-react-app my-app
In Yarn, you can achieve the same result by using the equivalent
yarn dlx create-react-app my-app
Yarn introduced Yarn2, nicknamed Berry. This new Yarn version has exciting features such as Plug’n’Play, Constraints, Offline installation, Zero install, Workspaces, and Yarn Dlx (the new Yarn NPX).
The most significant additions here are:
- Plug’n’Play - This is an alternative installation strategy. Instead of generating a
node_modulesdirectory and leaving the resolution to Node.js, Plug’n’Play generates a single
pnp.jsfile and lets Yarn tell us where to find our packages.
- No more
- Reduced package installation time up to 70%.
- Plug’n’Play will warn you when you forget to list your dependency.
- Faster project booting time.
Check this guide to learn more about Plug’n’Play.
Constraints - Constraints offer a way to specify generic rules using prologue (a declarative programming language) to manage the dependencies in your project. This allows you to write rules and ensure that there are no conflicting dependencies in your repository.
Improved Workspaces - Workspaces allows you to create a
monorepository to manage the dependencies across multiple projects. This allows multiple projects to cross-reference each other. Changes applied to one project repository are applied to the others.
Yarn2 differs a lot from Yarn1. Check this migration guide on how to switch from Yarn1 to Yarn2.
Yarn is packed with a built-in license checker that can be useful in different scenarios when you’re developing applications.
Which Package Manager to Choose
We’ve covered the various similarities and differences of npm and Yarn, but we haven’t established which is better and which one we should choose. As ever, the answer depends on our desires and requirements.
As a general guide, let me conclude with the following advice:
Choose npm if you’re happy with your current workflow, you don’t want to install an additional tool, and you don’t have a lot of disk space.
Choose Yarn if you want some great features such as Plug’n’Play, you need some functionality that’s missing in npm, and you have enough disk space.
If you still find it hard to make a clear decision between npm and Yarn, then you can check pnpm, which tries to combine the best from both package managers and is the third big fish in the package management pool.
There are not many comparisons to be drawn between the two. You can use Yarn pretty much in every case that you would NPM. It is meant to be a drop-in replacement.
The choice between the two may depend on personal preference, performance (package installations speed), community support, or ease of use.
And finally, don’t overthink it. Just choose one and move to the fun part: creating great apps!
Hope you have found this article helpful when making a choice between Yarn and NPM.