The Package Managers Npm and Yarn: Main Differences

by Luigi Nori Date: 19-08-2020 javascript package manager


npm and yarn are package managers that help to manage a project’s dependencies. A dependency is, as it sounds, something that a project depends on, a piece of code that is required to make the project work properly.

In the past we had only npm but it had so many issues with resolving dependencies and caching that another tool, Yarn, has born. Usually it was using local cache to resolve dependencies and it was crucial for example while running CI jobs which are almost always ran in same environment and high bandwidth is costly as you pay for data in cloud services. That means in old npm versions when you ran npm install and you had lets in deps

We need them because managing the project’s dependencies is a difficult task and it quickly becomes tedious, and out of hand when the project grows. By managing the dependencies, we mean to include, un-include, and update them.

npm: It is a package manager for the JavaScript programming language. It is the default package manager for the JavaScript runtime environment Node.js. It consists of a command-line client, also called npm, and an online database of public and paid-for private packages called the npm registry.

yarn: It stands for Yet Another Resource Negotiator and it is a package manager just like npm. It was developed by Facebook and is now open-source. The intention behind developing yarn(at that time) was to fix performance and security concerns with npm.

The differences between npm and yarn are explained below:

Installation procedure

 
  • npm: npm is installed with Node automatically.
     
  • yarn: To install yarn npm have to be installed.
    npm install yarn --global
    

The lock file

  • npm: NPM generates a ‘package-lock.json’ file. The package-lock.json file is a little more complex due to a trade-off between determinism and simplicity. Due to this complexity, the package-lock will generate the same node_modules folder for different npm versions. Every dependency will have an exact version number associated with it in the package-lock file.
     
  • yarn: Yarn generates a ‘yarn.lock’ file. Yarn lock files help in easy merge. The merges are predictable as well, because of the design of the lock file.

yarn was built on the top of npm packages and https://www.npmjs.com/ that means they are both using NPM registry for resolving packages. so if you run npm install [email protected] or yarn add [email protected] you will get very same result

Output log

  • install: The npm creates massive output logs of npm commands. It is essentially a dump of stack trace of what npm is doing.
     
  • add: The yarn output logs are clean, visually distinguishable and brief. They are also ordered in a tree form for understandability.

Installing global dependencies

  • npm: To install a global package, the command template for npm is:
    npm install -g [email protected]_number
    
  • yarn: To install a global package, the command template for yarn is:
    yarn global add [email protected]_number
    

On every new build both dependencies were again downloaded from internet. Yarn uses yarn.lock underneath and it is comparing your package.json file with yarn.lock and determines which packages needs to be fetched additionally to only incrementally install new dependencies

The ‘why’ command

  • npm: npm yet doesn’t has a ‘why’ functionality built in.
  • yarn: Yarn comes with a ‘why’ command that tells why a dependency is present in the project. For example, it is a dependency, a native module, or a project dependency.

Multithreading

yarn offers parallel installation of packages which are not dependent in threads. It can lower installation time to 1/10 of time from npm install

License Checker

  • npm: npm doesn’t has a license checker that can give a handy description of all the licenses that a project is bound with, due to installed dependencies.
  • yarn: Yarn has a neat license checker. To see them, run
    yarn licenses list
    

Fetching packages

  • npm: npm fetches dependencies from the npm registry during every ‘npm install‘ command.
     
  • Yarn: yarn stores dependencies locally, and fetches from the disk during a ‘yarn add‘ command (assuming the dependency(with the specific version) is present locally).

Commands changed in yarn after npm

command npm yarn
Install dependencies npm install yarn
Install package npm install package_name
npm install [email protected]_number
yarn add package_name
yarn add [email protected]_number
Uninstall package npm uninstall package_name yarn remove package_name
Install dev package npm install package_name –save-dev yarn add package_name –dev
Update dev package npm update package_name
npm update [email protected]_number
yarn upgrade package_name
yarn upgrade [email protected]_number
View package npm view package_name yarn info package_name
Global install package npm install -g package_name yarn global add package_name

Commands same for npm and yarn:

npm yarn
npm init yarn init
npm run [script] yarn run [script]
npm list yarn list
npm test yarn test
npm link yarn link
npm login or logout yarn login or logout
npm publish yarn publish
 
by Luigi Nori Date: 19-08-2020 javascript package manager hits : 437  
 
Luigi Nori

Luigi Nori

He has been working on the Internet since 1994 (practically a mummy), specializing in Web technologies makes his customers happy by juggling large scale and high availability applications, php and js frameworks, web design, data exchange, security, e-commerce, database and server administration, ethical hacking. He happily lives with @salvietta150x40, in his (little) free time he tries to tame a little wild dwarf with a passion for stars.

 
 
 

Related Posts