When to use Yarn over NPM? What are the differences?

UPDATE: March 2018 (bit late...)

Since version 5, npm

  • generates a 'lockfile' called package-lock.json that fixes your entire dependency tree much the same way the yarn (or any other) locking mechanism does,
  • A tool has been made
  • --save is now implied for npm i
  • Better network and cache usage

npm 5.7.0 further introduced the npm ci command to install dependencies more quickly in a continuous integration environment by only installing packages found in the package-lock.json (reporting an error if the package-lock.json and package.json are not synchronized).

Personally, I still use npm.


Original

I am loathe to quote directly from docs, but they do a great job of explaining why, concisely enough that I don't see how to further summarize the ideas.

Largely:

  1. You always know you're getting the same thing on every development machine

  2. It paralellizes operations that npm does not, and

  3. It makes more efficient use of the network.

  4. It may make more efficient use of other system resources (such as RAM) as well.

What are people's production experiences with it? Who knows, it's an infant to the general public.

TL;DR from Yehuda Katz:

From the get-go, the Yarn lockfile guarantees that repeatedly running yarn on the same repository results in the same packages.

Second, Yarn attempts to have good performance, with a cold cache, but especially with a warm cache.

Finally, Yarn makes security a core value.

Nice blog post

“NPM vs Yarn Cheat Sheet” by Gant Laborde

Slightly longer version from the project:

Fast: Yarn caches every package it downloads so it never needs to again. It also parallelizes operations to maximize resource utilization so install times are faster than ever.

Reliable: Using a detailed, but concise, lockfile format, and a deterministic algorithm for installs, Yarn is able to guarantee that an install that worked on one system will work exactly the same way on any other system.

Secure: Yarn uses checksums to verify the integrity of every installed package before its code is executed.

And from the README.md:

  • Offline Mode: If you've installed a package before, you can install it again without any internet connection.
  • Deterministic: The same dependencies will be installed the same exact way across every machine regardless of install order.
  • Network Performance: Yarn efficiently queues up requests and avoids request waterfalls in order to maximize network utilization.
  • Multiple Registries: Install any package from either npm or Bower and keep your package workflow the same.
  • Network Resilience: A single request failing won't cause an install to fail. Requests are retried upon failure.
  • Flat Mode: Resolve mismatching versions of dependencies to a single version to avoid creating duplicates.
  • More emojis. 🐈

Trying to give a better overview for beginners.

npm has been historically (2010) the most popular package manager for JavaScript. If you want to use it for managing the dependencies of your project, you can type the following command:

npm init

This will generate a package.json file. It contains all the dependencies of the project.

Then

npm install

would create a directory node_modules and download the dependencies (that you added to the package.json file) inside it.

It will also create a package-lock.json file. This file is used to describe the tree of dependecies that was generated. It allows developpers to install exectly the same dependencies. For example, you could imagine a developper upgrading a dependency to v2 and then v3 while another one directly upgrading to v3.

npm installs dependencies in a non-deterministically way meaning the two developper could have a different node_modules directory resulting into different behaviours. **npm has suffered from bad reputation as for example in February 2018: an issue was discovered in version 5.7.0 in which running sudo npm on Linux systems would change the ownership of system files, permanently breaking the operating system.

To resolve those problems and others, Facebook introduced a new package manager (2016): Yarn a faster, more securely, and more reliably package manager for JavaScript.

You can add Yarn to a project by typing:

yarn init

This will create a package.json file. Then, install the dependencies with:

yarn install

A folder node_modules will be generated. Yarn will also generate a file called yarn.lock. This file serve the same purpose as the package-lock.json but is instead constructed using a deterministic and reliable algorithm thus leading to consistant builds.

If you started a project with npm, you can actually migrate to Yarn easily. yarn will consume the same package.json. See Migrating from npm for more details.

However, npm has been improved with each new releases and some projects still uses npm over yarn.


What is PNPM?

pnpm uses hard links and symlinks to save one version of a module only ever once on a disk. When using npm or Yarn for example, if you have 100 projects using the same version of lodash, you will have 100 copies of lodash on disk. With pnpm, lodash will be saved in a single place on the disk and a hard link will put it into the node_modules where it should be installed.

As a result, you save gigabytes of space on your disk and you have a lot faster installations! If you'd like more details about the unique node_modules structure that pnpm creates and why it works fine with the Node.js ecosystem, read this small article: Why should we use pnpm?

How to install PNPM?

npm install -g pnpm

How to install npm package using PNPM?

pnpm install -g typescript // or your desired package

Benefits of PNPM over Yarn and NPM

Here is progress-bar showing installation time taken by NPM, YARN and PNPM (shorter-bar is better) enter image description here

Click for Complete check Benchmark

for more details, visit https://www.npmjs.com/package/pnpm


npm:

  1. The package manager for JavaScript. npm is the command-line interface to the npm ecosystem. It is battle-tested, surprisingly flexible, and used by hundreds of thousands of JavaScript developers every day.
  2. NPM generates a correct lock file whereas a Yarn lock file could be corrupt in some cases and has to be fixed with yarn-tools

Yarn:

  1. A new package manager for JavaScript. Yarn caches every package it downloads so it never needs to again. It also parallelizes operations to maximize resource utilization so install times are faster than ever.
  2. Yarn doesn't support login with a password (while NPM does)