DEV Community

Cover image for npm v/s yarn v/s pnpm

npm v/s yarn v/s pnpm

Ashutosh Kumar on April 24, 2023

Ready to talk package managers? You know, those tools that make your life as a developer so much easier (or sometimes, more frustrating)? Well, we'...
Collapse
 
zirkelc profile image
Chris Cook

All three packager manager support lockfiles (package-lock.json, yarn.lock, pnpm-lock.yaml) and install dependencies according to that. I cannot see any reason to favor Yarn over the others?

Collapse
 
renzhamin profile image
renzhamin

npm's dependency resolution is inferior compared to yarn. I was working in a react project, after installing some packages, it suddenly became irreproducible on other devices, npm install or npm clean-install just wouldn't work. Tried out yarn and it worked out just fine

Collapse
 
raxraj profile image
Ashutosh Kumar

@renzhamin This happened multiple times with me as well. when it comes to using private GitHub Repo based packages. It's resolution is too slow and often fails on different platforms.

Collapse
 
tnolte profile image
Tim Nolte

It's probably because you were using npm wrong. If you want consistency in the versions installed you need to use npm ci and not npm install.

Collapse
 
raxraj profile image
Ashutosh Kumar

I do wanna agree, choosing a package manager won't make much of a great difference but I prefer yarn. Also beleive me when I say, I didn't mean Yarn is the only package manager which supports lockfiles. I meant it's package resolution through the lockfile is much faster.

Thanks for making it clear though.

Collapse
 
gutem profile image
Gutem

You CLEARLY don't know what you're talking about.

1 - it's VERY tendentious to promote YARN.

2 - you should always use a lockfile to handle dependencies to keep EXACTLY the same package versions (have you ever heard about The 12 Factor App?!?).

3 - yarn check is deprecated since Fev/2019 (github.com/yarnpkg/rfcs/pull/106). Actually, you shouldn't be using yarn v1 anymore.

4 - yarn check never was implemented to be a security feature. It's a feature to verify if the installation was done successfully (github.com/yarnpkg/rfcs/pull/106#p...). This is how would it be in a secure way: docs.npmjs.com/about-registry-sign...

5 - Yarn audit USES the npm's audit database (github.com/yarnpkg/yarn/blob/158d9...). yarn does this in a very ineffective way, by the way, if compared with npm way, cause the uses only the database and npm really checks for version, integrity and signing.

npm ALWAYS checks for integrity when installing packages. Ask apologies to your readers, update the post summing up the yarn install + yarn check --integrity times to have a more real case approach.

And, please, RTFM before shitpostting.

Collapse
 
raxraj profile image
Ashutosh Kumar

Really Sorry My man, Just trying to do better.

Collapse
 
equiman profile image
Camilo Martinez • Edited

If some of you need to use different package managers, I recommend looking at the swpm Switch Package Manager project.

You always write the same command no matter the Package Manager and it will translate the command according to the Package Manager used on the project.

Supports: npm, yarn, pnpm and bun

Collapse
 
raxraj profile image
Ashutosh Kumar

Goddamn I was waiting for your comment. Wherever there is a conversation about package manager I see this. Guys this swpm can be really helpful. :)

Collapse
 
uzitech profile image
Tony Brix

I created nstl a while ago that is similar to swpm.

Collapse
 
equiman profile image
Camilo Martinez

This comic speak with the wise of the universe. 😅

Image description

Collapse
 
cule219 profile image
Stefan

However, if you use Yarn, it will always install the latest matching version, even if you delete the lockfile

This should be the case with NPM too, if you delete the lockfile it should install the latest version.
On the other hand, if you want consistency, having a 3.0.1 version(fe) installed locally and then CI installs 3.1.1 even though lockfile specifies 3.0.1 is def inconsistent.

Collapse
 
holiq profile image
Holiq Ibrahim

is the yarn described v1 or v3/berry?

Collapse
 
raxraj profile image
Ashutosh Kumar • Edited

dev.to/raxraj/why-upgrade-to-yarn-...

@holiq I just published this one. I'll be glad if you take a look on that.

Collapse
 
holiq profile image
Holiq Ibrahim

Thanks mate!

Collapse
 
raxraj profile image
Ashutosh Kumar

I was taking about yarn v1

Collapse
 
holiq profile image
Holiq Ibrahim

Can you compare it with yarn v3/berry too?

Thread Thread
 
raxraj profile image
Ashutosh Kumar

Sure Can do!.. I will get on it today.

Collapse
 
dannystyleart profile image
Dániel Sebestyén

I have to admit Yarn has good features.

Regarding lockfiles, all 3 supports the feature.
It is often overlooked like your example of the 'no more reproducible state of installation', npm can install the same state using the ci command, and pnpm by providing the --frozen-lockfile option to install command.

It's an other discussion that Yarn behaves like this by default.

Also regarding the offline mode, each can cache the downloaded packages, tough sure they handle them with different approach.

One key differentiator that I'm missing here tough is the workspaces feature. For that I'm sure Yarn has a solid lead and in fact most of the points the author made here are serving this feature.

Collapse
 
raxraj profile image
Ashutosh Kumar

@dannystyleart Great points!!

Collapse
 
ramim profile image
Rami Mustaklem • Edited

Apparently you haven't used PNPM, and missed a few cons for yarn. Here is my take on why I use pnpm over yarn and npm.

Collapse
 
raxraj profile image
Ashutosh Kumar

Awesome article, I guess I need give pnpm a serious try.

Collapse
 
fruntend profile image
fruntend

Сongratulations 🥳! Your article hit the top posts for the week - dev.to/fruntend/top-10-posts-for-f...
Keep it up 👍

Collapse
 
raxraj profile image
Ashutosh Kumar

Awesome. Thanks for writing about this

Collapse
 
agiksetiawan profile image
Agik Setiawan

Love to yarn

Collapse
 
raxraj profile image
Ashutosh Kumar

Yarn and knit! lol

Collapse
 
sentientmachin3 profile image
Davide Bianchi

Your analysis is nice, however I think some points are missing:

  • caching
  • storage consumption
  • monorepos support
Collapse
 
raxraj profile image
Ashutosh Kumar

I agree! Thanks. I would love to be more comprehensive next time.

Collapse
 
abhic7 profile image
Abhishek Chotaliya

use of yarn feels simple and commands also feel natural

Collapse
 
raxraj profile image
Ashutosh Kumar

As I said your codebase and your brain will thank you.

Collapse
 
multivoltage profile image
Diego Tonini

Speed can be very different also using different version of npm. So please, maybe you can write some about version used