npm and yarn are package managers that help to manage a project’s dependencies. A dependency is, as it sounds, something that a project depends on, a piece of code that is required to make the project work properly.
In the past we had only npm but it had so many issues with resolving dependencies and caching that another tool, Yarn, has born. Usually it was using local cache to resolve dependencies and it was crucial for example while running CI jobs which are almost always ran in same environment and high bandwidth is costly as you pay for data in cloud services. That means in old npm versions when you ran npm install and you had lets in deps
We need them because managing the project’s dependencies is a difficult task and it quickly becomes tedious, and out of hand when the project grows. By managing the dependencies, we mean to include, un-include, and update them.
npm: It is a package manager for the JavaScript programming language. It is the default package manager for the JavaScript runtime environment Node.js. It consists of a command-line client, also called npm, and an online database of public and paid-for private packages called the npm registry.
yarn: It stands for Yet Another Resource Negotiator and it is a package manager just like npm. It was developed by Facebook and is now open-source. The intention behind developing yarn(at that time) was to fix performance and security concerns with npm.
The differences between npm and yarn are explained below:
Installation procedure
- npm: npm is installed with Node automatically.
- yarn: To install yarn npm have to be installed.
npm install yarn --global
The lock file
- npm: NPM generates a ‘package-lock.json’ file. The package-lock.json file is a little more complex due to a trade-off between determinism and simplicity. Due to this complexity, the package-lock will generate the same node_modules folder for different npm versions. Every dependency will have an exact version number associated with it in the package-lock file.
- yarn: Yarn generates a ‘yarn.lock’ file. Yarn lock files help in easy merge. The merges are predictable as well, because of the design of the lock file.
yarn was built on the top of npm packages and https://www.npmjs.com/ that means they are both using NPM registry for resolving packages. so if you run npm install [email protected]. or yarn add [email protected]. you will get very same result
Output log
- install: The npm creates massive output logs of npm commands. It is essentially a dump of stack trace of what npm is doing.
- add: The yarn output logs are clean, visually distinguishable and brief. They are also ordered in a tree form for understandability.
Installing global dependencies
- npm: To install a global package, the command template for npm is:
npm install -g package_name@version_number
- yarn: To install a global package, the command template for yarn is:
yarn global add package_name@version_number
On every new build both dependencies were again downloaded from internet. Yarn uses yarn.lock underneath and it is comparing your package.json file with yarn.lock and determines which packages needs to be fetched additionally to only incrementally install new dependencies
The ‘why’ command
- npm: npm yet doesn’t has a ‘why’ functionality built in.
- yarn: Yarn comes with a ‘why’ command that tells why a dependency is present in the project. For example, it is a dependency, a native module, or a project dependency.
Multithreading
yarn offers parallel installation of packages which are not dependent in threads. It can lower installation time to 1/10 of time from npm install
License Checker
- npm: npm doesn’t has a license checker that can give a handy description of all the licenses that a project is bound with, due to installed dependencies.
- yarn: Yarn has a neat license checker. To see them, run
yarn licenses list
Fetching packages
- npm: npm fetches dependencies from the npm registry during every ‘npm install‘ command.
- Yarn: yarn stores dependencies locally, and fetches from the disk during a ‘yarn add‘ command (assuming the dependency(with the specific version) is present locally).
Commands changed in yarn after npm
| command | npm | yarn |
|---|---|---|
| Install dependencies | npm install | yarn |
| Install package | npm install package_name npm install package_name@version_number |
yarn add package_name yarn add package_name@version_number |
| Uninstall package | npm uninstall package_name | yarn remove package_name |
| Install dev package | npm install package_name –save-dev | yarn add package_name –dev |
| Update dev package | npm update package_name npm update package_name@version_number |
yarn upgrade package_name yarn upgrade package_name@version_number |
| View package | npm view package_name | yarn info package_name |
| Global install package | npm install -g package_name | yarn global add package_name |
Commands same for npm and yarn:
| npm | yarn |
|---|---|
| npm init | yarn init |
| npm run [script] | yarn run [script] |
| npm list | yarn list |
| npm test | yarn test |
| npm link | yarn link |
| npm login or logout | yarn login or logout |
| npm publish | yarn publish |