Need advice about which tool to choose?Ask the StackShare community!
GitHub vs npm: What are the differences?
Key Differences between GitHub and npm
1. Open-source repository hosting: GitHub is a web-based platform that provides version control and collaboration for developers to host and review code, while npm is a package manager for JavaScript that allows developers to discover and reuse code packages.
2. Purpose and functionality: GitHub focuses on enabling collaboration and version control for software development projects, including source code management, issue tracking, and pull request workflows. On the other hand, npm is primarily used for dependency management, allowing developers to install, publish, and manage reusable packages within their projects.
3. Community and user base: GitHub has a larger and more diverse community of developers, making it a popular platform for open-source projects and collaboration. npm, on the other hand, is widely adopted within the JavaScript ecosystem and is the default package manager for Node.js.
4. Repository types: GitHub hosts repositories that can contain various types of files, including source code, documentation, and multimedia files. In contrast, npm deals specifically with JavaScript packages and dependencies, providing a centralized registry for developers to publish and consume packages.
5. Version control systems: GitHub supports both Git and Subversion (via GitHub SVN), allowing developers to choose their preferred version control system. npm, on the other hand, is built on top of Git and uses Git repositories for package version control.
6. Package management features: While GitHub allows developers to manage dependencies using Git submodules or a package manager like npm, it lacks some of the advanced features provided by npm, such as version semver range resolution, package locking, and automatic dependency resolution.
In Summary, GitHub is primarily focused on hosting and collaboration for repositories, while npm is a package manager specifically designed for JavaScript dependency management.
From a StackShare Community member: “I’m a freelance web developer (I mostly use Node.js) and for future projects I’m debating between npm or Yarn as my default package manager. I’m a minimalist so I hate installing software if I don’t need to- in this case that would be Yarn. For those who made the switch from npm to Yarn, what benefits have you noticed? For those who stuck with npm, are you happy you with it?"
We use Yarn because it allows us to more simply manage our node_modules. It also simplifies commands and increases speed when installing modules. Our teams module download time was cut in half after switching from NPM to Yarn. We now require all employees to use Yarn (to prevent errors with package-lock.json and yarn.lock).
I use npm since new version is pretty fast as well (Yarn may be still faster a bit but the difference isn't huge). No need for other dependency and mainly Yarn sometimes do not work. Sometimes when I want to install project dependencies I got error using Yarn but with npm everything is installed correctly.
I use npm because I also mainly use React and TypeScript. Since several typings (from DefinitelyTyped) depend on the React typings, Yarn tends to mess up which leads to duplicate libraries present (different versions of the same type definition), which hinders the Typescript compiler. Npm always resolves to a single version per transitive dependency. At least that's my experience with both.
p.s.
I am not sure about the performance of the latest version of npm, whether it is different from my understanding of it below. Because I use npm very rarely when I had the following knowledge.
------⏬
I use Yarn because, first, yarn is the first tool to lock the version. Second, although npm also supports the lock version, when you use npm to lock the version, and then use package-lock.json on other systems, package-lock.json Will be modified. You understand what I mean, when you deploy projects based on Git...
As far as I know Yarn is a super module of NPM. But it still needs npm to run.
Yarn was developed by Facebook's guys to fix some npm issues and performance.
If you use the last version of npm most of this problem does not exist anymore.
You can choose the option which makes you more confortable. I like using yarn because I'm used to it.
In the end the packages will be the same. Just try both and choose the one you feel more confortable. :)
We tend to stick to npm, yarn is only a fancy alternative, not 10x better. Using a self -hosted private repository (via sinopia/npm-mirror) make package locking (mostly) pointless.
I am a minimalist too. I once had issues with installing Nuxt.js using NPM so I had to install Yarn but I also found that the Dev experience was much better
I use Yarn because it process my dependencies way faster, predictable deps resolution order, upgrade-interactive is very handy + some Yarn specific features (workspaces, Plug’n’Play alternative installation strategy) ...
I use npm because its packaged with node installation and handles npm tokens in CI/CD tools for private packages/libraries.
Yarn made it painless for the team to sync on versions of packages that we use on the project <3
I use Yarn because it outputs nice progress messages with cute emoji and installs packages quickly if the package is cached. Also, Yarn creates yarn.lock
file which makes the developer use the consistent environment.
You should use whichever had the best DX (developer experience) for your team. If you are doing a massive front-end project, consider yarn if not only because it makes it a snap to go from zero to ready. What some people say about npm
being more stable or easier for smaller projects is highly true as well. (not to mention, you sometimes have to install yarn) But, note that official NodeJS Docker images ship with both npm and yarn. If you want to use yarn, put package-lock=false
and optionally save-exact=true
in your project's .npmrc
file. Compare whether you prefer the ergonomics of yarn global add
over npm install -g
or see fewer meaningless warnings for the specific set of dependencies you leverage.
I use npm because its the official package manager for Node. It's reliability, security and speed has increased over time so the battle is over!
I use npm because it has a lot of community support and the performance difference with alternative tool is not so significant for me.
Do you review your Pull/Merge Request before assigning Reviewers?
If you work in a team opening a Pull Request (or Merge Request) looks appropriate. However, have you ever thought about opening a Pull/Merge Request when working by yourself? Here's a checklist of things you can review in your own:
- Pick the correct target branch
- Make Drafts explicit
- Name things properly
- Ask help for tools
- Remove the noise
- Fetch necessary data
- Understand Mergeability
- Pass the message
- Add screenshots
- Be found in the future
- Comment inline in your changes
Read the blog post for more detailed explanation for each item :D
What else do you review before asking for code review?
Using an inclusive language is crucial for fostering a diverse culture. Git has changed the naming conventions to be more language-inclusive, and so you should change. Our development tools, like GitHub and GitLab, already supports the change.
SourceLevel deals very nicely with repositories that changed the master branch to a more appropriate word. Besides, you can use the grep linter the look for exclusive terms contained in the source code.
As the inclusive language gap may happen in other aspects of our lives, have you already thought about them?
One of the magic tricks git performs is the ability to rewrite log history. You can do it in many ways, but git rebase -i
is the one I most use. With this command, It’s possible to switch commits order, remove a commit, squash two or more commits, or edit, for instance.
It’s particularly useful to run it before opening a pull request. It allows developers to “clean up” the mess and organize commits before submitting to review. If you follow the practice 3 and 4, then the list of commits should look very similar to a task list. It should reveal the rationale you had, telling the story of how you end up with that final code.
Out of most of the VCS solutions out there, we found Gitlab was the most feature complete with a free community edition. Their DevSecops offering is also a very robust solution. Gitlab CI/CD was quite easy to setup and the direct integration with your VCS + CI/CD is also a bonus. Out of the box integration with major cloud providers, alerting through instant messages etc. are all extremely convenient. We push our CI/CD updates to MS Teams.
Gitlab as A LOT of features that GitHub and Azure DevOps are missing. Even if both GH and Azure are backed by Microsoft, GitLab being open source has a faster upgrade rate and the hosted by gitlab.com solution seems more appealing than anything else! Quick win: the UI is way better and the Pipeline is way easier to setup on GitLab!
As we have to build the application for many different TV platforms we want to split the application logic from the device/platform specific code. Previously we had different repositories and it was very hard to keep the development process when changes were done in multiple repositories, as we had to synchronize code reviews as well as merging and then updating the dependencies of projects. This issues would be even more critical when building the project from scratch what we did at Joyn. Therefor to keep all code in one place, at the same time keeping in separated in different modules we decided to give a try to monorepo. First we tried out lerna which was fine at the beginning, but later along the way we had issues with adding new dependencies which came out of the blue and were not easy to fix. Next round of evolution was yarn workspaces, we are still using it and are pretty happy with dev experience it provides. And one more advantage we got when switched to yarn workspaces that we also switched from npm to yarn what improved the state of the lock file a lot, because with npm package-lock file was updated every time you run npm install
, frequent updates of package-lock file were causing very often merge conflicts. So right now we not just having faster dependencies installation time but also no conflicts coming from lock file.
This was no real choice - we switched the moment Yarn was available, and never looked back. Yarn is the only reasonable frontend package manager that's actually being developed. They even aim to heal the node_modules madness with v2! Npm is just copying its ideas on top of introducing massive bugs with every change.
At DeployPlace we use self-hosted GitLab, we have chosen GitLab as most of us are familiar with it. We are happy with all features GitLab provides, I can’t imagine our life without integrated GitLab CI. Another important feature for us is integrated code review tool, we use it every day, we use merge requests, code reviews, branching. To be honest, most of us have GitHub accounts as well, we like to contribute in open source, and we want to be a part of the tech community, but lack of solutions from GitHub in the area of CI doesn’t let us chose it for our projects.
Pros of GitHub
- Open source friendly1.8K
- Easy source control1.5K
- Nice UI1.3K
- Great for team collaboration1.1K
- Easy setup867
- Issue tracker504
- Great community486
- Remote team collaboration482
- Great way to share451
- Pull request and features planning442
- Just works147
- Integrated in many tools132
- Free Public Repos121
- Github Gists116
- Github pages112
- Easy to find repos83
- Open source62
- It's free60
- Easy to find projects60
- Network effect56
- Extensive API49
- Organizations43
- Branching42
- Developer Profiles34
- Git Powered Wikis32
- Great for collaboration30
- It's fun24
- Clean interface and good integrations23
- Community SDK involvement22
- Learn from others source code20
- Because: Git16
- It integrates directly with Azure14
- Newsfeed10
- Standard in Open Source collab10
- Fast8
- It integrates directly with Hipchat8
- Beautiful user experience8
- Easy to discover new code libraries7
- Smooth integration6
- Cloud SCM6
- Nice API6
- Graphs6
- Integrations6
- It's awesome6
- Quick Onboarding5
- Remarkable uptime5
- CI Integration5
- Hands down best online Git service available5
- Reliable5
- Free HTML hosting4
- Version Control4
- Simple but powerful4
- Unlimited Public Repos at no cost4
- Security options4
- Loved by developers4
- Uses GIT4
- Easy to use and collaborate with others4
- IAM3
- Nice to use3
- Ci3
- Easy deployment via SSH3
- Good tools support2
- Leads the copycats2
- Free private repos2
- Free HTML hostings2
- Easy and efficient maintainance of the projects2
- Beautiful2
- Never dethroned2
- IAM integration2
- Very Easy to Use2
- Easy to use2
- All in one development service2
- Self Hosted2
- Issues tracker2
- Easy source control and everything is backed up2
- Profound1
Pros of npm
- Best package management system for javascript647
- Open-source382
- Great community327
- More packages than rubygems, pypi, or packagist148
- Nice people matter112
- As fast as yarn but really free of facebook6
- Audit feature6
- Good following4
- Super fast1
- Stability1
Sign up to add or upvote prosMake informed product decisions
Cons of GitHub
- Owned by micrcosoft53
- Expensive for lone developers that want private repos37
- Relatively slow product/feature release cadence15
- API scoping could be better10
- Only 3 collaborators for private repos8
- Limited featureset for issue management3
- GitHub Packages does not support SNAPSHOT versions2
- Does not have a graph for showing history like git lens2
- No multilingual interface1
- Takes a long time to commit1
- Expensive1
Cons of npm
- Problems with lockfiles5
- Bad at package versioning and being deterministic5
- Node-gyp takes forever3
- Super slow1