The package managers npm and yarn: main differences

In the past we had only npm but it had so many issues with resolving dependencies and caching that another tool, Yarn, has born. Usually it was using local cache to resolve dependencies and it was crucial for example while running CI jobs which are almost always ran in same environment and high bandwidth is costly as you pay for data in cloud services. That means in old npm versions when you ran npm install and you had lets in deps

We need them because managing the project’s dependencies is a difficult task and it quickly becomes tedious, and out of hand when the project grows. By managing the dependencies, we mean to include, un-include, and update them.

npm: It is a package manager for the JavaScript programming language. It is the default package manager for the JavaScript runtime environment Node.js. It consists of a command-line client, also called npm, and an online database of public and paid-for private packages called the npm registry.

yarn: It stands for Yet Another Resource Negotiator and it is a package manager just like npm. It was developed by Facebook and is now open-source. The intention behind developing yarn(at that time) was to fix performance and security concerns with npm.

The differences between npm and yarn are explained below:

Installation procedure

• npm: npm is installed with Node automatically.
   
• yarn: To install yarn npm have to be installed.

  npm install yarn --global
  

The lock file

• npm: NPM generates a ‘package-lock.json’ file. The package-lock.json file is a little more complex due to a trade-off between determinism and simplicity. Due to this complexity, the package-lock will generate the same node_modules folder for different npm versions. Every dependency will have an exact version number associated with it in the package-lock file.
   
• yarn: Yarn generates a ‘yarn.lock’ file. Yarn lock files help in easy merge. The merges are predictable as well, because of the design of the lock file.

yarn was built on the top of npm packages and https://www.npmjs.com/ that means they are both using NPM registry for resolving packages. so if you run npm install [email protected] or yarn add [email protected] you will get very same result

Output log

• install: The npm creates massive output logs of npm commands. It is essentially a dump of stack trace of what npm is doing.
   
• add: The yarn output logs are clean, visually distinguishable and brief. They are also ordered in a tree form for understandability.

Installing global dependencies

• npm: To install a global package, the command template for npm is:

  npm install -g [email protected]_number
  

• yarn: To install a global package, the command template for yarn is:

  yarn global add [email protected]_number
  

On every new build both dependencies were again downloaded from internet. Yarn uses yarn.lock underneath and it is comparing your package.json file with yarn.lock and determines which packages needs to be fetched additionally to only incrementally install new dependencies

The ‘why’ command

• npm: npm yet doesn’t has a ‘why’ functionality built in.
• yarn: Yarn comes with a ‘why’ command that tells why a dependency is present in the project. For example, it is a dependency, a native module, or a project dependency.

Multithreading

yarn offers parallel installation of packages which are not dependent in threads. It can lower installation time to 1/10 of time from npm install

License Checker

• npm: npm doesn’t has a license checker that can give a handy description of all the licenses that a project is bound with, due to installed dependencies.
• yarn: Yarn has a neat license checker. To see them, run

  yarn licenses list
  

Fetching packages

• npm: npm fetches dependencies from the npm registry during every ‘npm install‘ command.
   
• Yarn: yarn stores dependencies locally, and fetches from the disk during a ‘yarn add‘ command (assuming the dependency(with the specific version) is present locally).

Commands changed in yarn after npm

Commands same for npm and yarn:

Luigi Nori

He has been working on the Internet since 1994 (practically a mummy), specializing in Web technologies makes his customers happy by juggling large scale and high availability applications, php and js frameworks, web design, data exchange, security, e-commerce, database and server administration, ethical hacking. He happily lives with @salvietta150x40, in his (little) free time he tries to tame a little wild dwarf with a passion for stars.