Need advice about which tool to choose?Ask the StackShare community!
NPM vs Yarn - Help me decide
By Introduction
Developers are usually caught in a dilemma when choosing between package managers to use in building and managing project dependencies. Two popular package managers in the ecosystem are NPM (Node package manager) and Yarn (package manager created by Facebook). We’ll be looking at these package managers side by side considering the following features:
At the end of this article, you’ll be able to decide which package manager to use when building your project.
Performance
Performance has been a bone of contention when comparing these two stacks, NPM ( Node package manager) and Yarn (dependency manager created by Facebook). It was believed since it’s introduction, that Yarn had better performance as opposed to NPM. In recent times, NPM (version 6.4.1 ) has bridged the gap with Yarn (version 1.9.4) in terms of performance. In this section of this article, we’ll compare the performance of these stacks and also their CLI syntax, offline capabilities and ability to install packages in parallel.
Module installation speed
This is where we’ll put package installation speeds to the test using a benchmark performed by appleboy.
In this benchmark, we’ll be performing speed test with the latest version of Node v10.11.0 at the time of this writing. You can perform these tests yourself by cloning this repository. The result of the test is stated in the table below:
| test case | npm install | npm ci | yarn |
|---|---|---|---|
| install without cache (without node_modules) | 3m40s | 3m10s | 1m1s |
| install with cache (without node_modules) | 1m1s | 18s | 2s |
| install with cache (with node_modules) | 54s | 21s | 2s |
| install without internet (with node_modules) | - | - | 2s |
Yes! You saw that. Yarn installs without internet while NPM doesn’t. With those results, we don’t need a mother confessor to decide which of the package managers are faster.
CLI syntax Let’s examine the CLI syntax provided by NPM and Yarn. Note that some commands appear in both package managers but do not necessarily do the same thing.
| Yarn | NPM |
|---|---|
yarn: This command is used to install all the packages in a package.json file. |
npm install: This is used by NPM to install packages from the package.json file. |
yarn run: This command is used to run script object specified in the package.json file. |
npm run: npm run is an alias for the command npm run-script, which does the same thing thing as its Yarn equivalent. |
yarn add [package]: This command is used to install a package |
npm install [package]: This installs a package from NPM. |
yarn remove [package]: This command is used to remove a package. |
npm uninstall [package]: This is the NPM equivalent for removing or uninstalling packages. |
yarn version: This command is used to update the version of your application using semantic versioning. |
npm version: This command lists the version of your application, Node, NPM as well as other Node dependencies. |
yarn upgrade: This command upgrade all the packages in the package.json file. |
NPM has an equivalent but is an installed package. [npm-upgrade](https://www.npmjs.com/package/npm-upgrade). |
yarn self-update: This command is used to update Yarn to the latest available version. At the time of this writing, this command is not yet available. |
NPM has no equivalent command as at the time of this writing. |
Let’s look at a few of the differences between NPM and Yarn’s CLI syntax in detail:
yarn versionvsnpm version: These commands are the same but yield different outputs. Yarn’s use of theversionkeyword is in terms of updating the tag of application in semver (semantic versioning) format, whereas NPM displays a list portraying the version of the current project, Node, NPM, and other dependencies.yarn upgradevsnpm-upgrade: Theupgradekeyword, updates all the packages specified in thepackage.jsonfile for Yarn. NPM doesn’t have an equivalent CLI command but has a global utility module which is installed by runningnpm i -g npm-upgrade, which is used to update all the packages inpackage.jsonby runningnpm-upgrade.
Offline download
Yarn’s offline download feature is one cool feature. How does it work? packages installed using Yarn are installed on the user disk. Although many may condemn this practice, it boycotts the overhead of having to send HTTP requests to get packages which have been installed before. That way, without internet, yarn or yarn add [package_name] installs your packages. NPM, on the other, hand needs the internet to make those HTTP packages to get previously installed packages which many people may like because it doesn’t populate their local disk with packages they may only use one-time.
Parallel Installation
Parallel installation is another cool feature exhibited by yarn out of the box. Yarn installs packages in a parallel manner. That is if I have to install five packages and package 2 is taking forever to install, Yarn goes over to package 3 or 4 or 5 it basically installs the packages side by side, unlike the serial manner which NPM uses. Parallel installation is one of the reasons why Yarn triumphs in speed battle with NPM.
Security
Yarn uses a checksum to verify the integrity of packages installed before any code is executed. What is a checksum? A checksum basically is a string of characters created by applying a mathematical algorithm to the contents of a file. It is used to check whether or not two files are the same. How does it work? Anytime a package is installed and is about to be executed, an integrity check is done by using the package’s checksum. NPM, on the other hand, performs integrity checks via SHA-1 (Secure Hash Algorithm) specified in the package-lock.json file. An SHA-1 string is appended on each package block in the package-lock.json and integrity check is performed using the integrity key, which looks like:
...
"wordwrap": {
"version": "0.0.3",
"resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-0.0.3.tgz",
"integrity": "sha1-o9XabNXAvAAI03I0u68b7WMFkQc="
}
...
License checks
Yarn comes with a handy license checker right out of the box, just in case you’ll want to view licenses for your installed packages. The command yarn licenses list will in alphabetical order list all of the packages which were installed by the yarn or yarn install command and also give you the license (as well as URL to the source code) associated with each package. NPM, on the other hand, doesn’t have a handy license checker out of the box. There are a few open source packages which perform this function, one of which is a license-checker by davglass. Let’s examine both commands:
yarn licenses list
yarn licenses v0.14.0
├─ abab@1.0.3
│ ├─ License: ISC
│ └─ URL: git+https://github.com/jsdom/abab.git
├─ abbrev@1.0.9
│ ├─ License: ISC
│ └─ URL: http://github.com/isaacs/abbrev-js
├─ acorn-globals@1.0.9
│ ├─ License: MIT
│ └─ URL: https://github.com/ForbesLindesay/acorn-globals.git
├─ acorn@2.7.0
│ ├─ License: MIT
│ └─ URL: https://github.com/ternjs/acorn.git
├─ align-text@0.1.4
│ ├─ License: MIT
│ └─ URL: git://github.com/jonschlinkert/align-text.git
├─ amdefine@1.0.0
│ ├─ License: BSD-3-Clause AND MIT
│ └─ URL: https://github.com/jrburke/amdefine.git
├─ ansi-escapes@1.4.0
│ ├─ License: MIT
│ └─ URL: https://github.com/sindresorhus/ansi-escapes.git
├─ ansi-regex@2.0.0
│ ├─ License: MIT
│ └─ URL: https://github.com/sindresorhus/ansi-regex.git
...
After installing the license-checker package from GitHub. Run license-checker.
PS: Both commands should be run inside the root directory of your project.
The output is like so:
├─ cli@0.4.3
│ ├─ repository: http://github.com/chriso/cli
│ └─ licenses: MIT
├─ glob@3.1.14
│ ├─ repository: https://github.com/isaacs/node-glob
│ └─ licenses: UNKNOWN
├─ graceful-fs@1.1.14
│ ├─ repository: https://github.com/isaacs/node-graceful-fs
│ └─ licenses: UNKNOWN
├─ inherits@1.0.0
│ ├─ repository: https://github.com/isaacs/inherits
│ └─ licenses: UNKNOWN
├─ jshint@0.9.1
│ └─ licenses: MIT
├─ lru-cache@1.0.6
│ ├─ repository: https://github.com/isaacs/node-lru-cache
│ └─ licenses: MIT
├─ lru-cache@2.0.4
│ ├─ repository: https://github.com/isaacs/node-lru-cache
│ └─ licenses: MIT
├─ minimatch@0.0.5
│ ├─ repository: https://github.com/isaacs/minimatch
│ └─ licenses: MIT
├─ minimatch@0.2.9
│ ├─ repository: https://github.com/isaacs/minimatch
│ └─ licenses: MIT
├─ sigmund@1.0.0
│ ├─ repository: https://github.com/isaacs/sigmund
│ └─ licenses: UNKNOWN
└─ yui-lint@0.1.1
├─ licenses: BSD
└─ repository: http://github.com/yui/yui-lint
Support
NPM is an open source dependency manager created by Isaac Z. Schlueter to meet up with the shortcomings of similar packages such as PEAR. Yarn on the order hand was developed by Facebook to meet up with the shortcomings of NPM. There’s a lot of developer traffic tending towards Yarn reasons being that Yarn is quite faster than NPM. Like shown above on this page, Yarn which is fairly young has more stars compared to NPM as at the time of this writing. These two packages are now well aware of themselves, with Yarn being able to be installed using NPM. Yarn, on the other hand, can install packages from the package-lock.json by using the [yarn import](https://yarnpkg.com/en/docs/cli/import) command. Which will help migrate projects relying on package-lock.json to Yarn. To know more, you can visit the [yarn-import](https://yarnpkg.com/en/docs/cli/import#toc-motivation) documentation.
From Yarn’s blog:
This feature is one of the first fruits of a continuing collaboration between the maintainers of the two package managers. We feel strongly about the two tools being aware of each other and providing an easy transition path between them…
NPM installs all and every package from npmjs.com which hinders accessibility in the event that one goes down, Yarn, on the other hand, installs from multiple repositories npmjs.com as well as Bower. While this doesn’t guarantee everyday availability but it reduces the probability of unavailability to the barest minimum.
In the spirit of open sourcing, Listed below are links to their individual repositories, PRs would be welcomed in any of the repositories.
Ease of use
Ease of use or user-friendliness is the last feature we’ll be looking at in this article. In this section, we’ll be looking at two criteria (CLI and user experience), which we’ll use to examine the user-friendliness of these package managers.
CLI (Command Line Interface)
Yes! you read that right. I mean, it’s CLI why would UI be a criterion. Let’s take a look at how the terminal looks like when we’re running a simple npm install **** or yarn command.
npm install
yarn
Both installations were done with the same package.json file. We can see that NPM and Yarn have different CLIs. NPM generates noise during installation which can be silenced by using the -s flag to run it in silent mode.
User experience
Both package managers have good user experience, like in the case of initializing a new project directory using yarn init or npm init. Where they both provide an interactive mode helping the user set up a new project.
Yarn comes out of the box like stated above in performance section with an upgrade command yarn upgrade which helps to update all the dependencies in the project. This command also has an interactive feature which can be used by running yarn upgrade-interactive [--latest] which outputs like so:
[1/? Choose which packages to update. (Press <space> to select, <a> to toggle all, <i> to inverse selection) devDependencies
❯◯ autoprefixer 6.7.7 ❯ 7.0.0 https://github.com/postcss/autoprefixer#readme
◯ webpack 2.4.1 ❯ 2.5.1 https://github.com/webpack/webpack
dependencies
◯ bull 2.2.6 ❯ 3.0.0-alpha.3 https://github.com/OptimalBits/bull#readme
◯ fs-extra 3.0.0 ❯ 3.0.1 https://github.com/jprichardson/node-fs-extra
◯ socket.io 1.7.3 ❯ 1.7.4 https://github.com/socketio/socket.io#readme
◯ socket.io-client 1.7.3 ❯ 1.7.4 https://github.com/Automattic/socket.io-client#readme
NPM, on the other hand, exhibits this same level of user experience just that this feature doesn’t come out of the box but with a package called npm-upgrade.
This package can be installed by running this command npm i -g upgrade. After installing, typing npm-upgrade in your project directory and hitting the Enter key will yield the following output:
npm vs Yarn: What are the differences?
What is npm? The package manager for JavaScript. npm is the command-line interface to the npm ecosystem. It is battle-tested, surprisingly flexible, and used by hundreds of thousands of JavaScript developers every day.
What is Yarn? A new package manager for JavaScript. Yarn caches every package it downloads so it never needs to again. It also parallelizes operations to maximize resource utilization so install times are faster than ever.
npm and Yarn belong to "Front End Package Manager" category of the tech stack.
"Best package management system for javascript" is the primary reason why developers consider npm over the competitors, whereas "Incredibly fast" was stated as the key factor in picking Yarn.
npm and Yarn are both open source tools. Yarn with 36.1K GitHub stars and 2.21K forks on GitHub appears to be more popular than npm with 17.2K GitHub stars and 3.17K GitHub forks.
reddit, Instacart, and Starbucks are some of the popular companies that use npm, whereas Yarn is used by StackShare, Docplanner, and BrightMachine. npm has a broader approval, being mentioned in 2604 company stacks & 2586 developers stacks; compared to Yarn, which is listed in 609 company stacks and 507 developer stacks.
What is npm?
What is Yarn?
Need advice about which tool to choose?Ask the StackShare community!
Why do developers choose npm?
- Open-source378
Why do developers choose Yarn?
Sign up to add, upvote and see more prosMake informed product decisions
What are the cons of using npm?
What are the cons of using Yarn?
- 13
What companies use Yarn?
Sign up to get full access to all the companiesMake informed product decisions
What tools integrate with npm?
What tools integrate with Yarn?
Sign up to get full access to all the tool integrationsMake informed product decisions
Zulip
I have mixed feelings on the Yarn/npm/Node.js ecosystem. We use it for Zulip, because you basically have to in order to have a modern JavaScript toolchain. And I like that Yarn lets us pin dependency versions out of the box for predictability in our production releases; we have to do significant work for the Python version of this feature.
But one also deals with broken third-party dependencies uploaded to npm way too often (even ignoring the malicious packages issues that have gotten a lot of press of late). And one mostly has to use nvm in order to pin a specific version of node itself in a maintainable way, and nvm is a mess.
We use Yarn because at the time we decided to adopt it, npm had some missing features and issues. We like the speed and determinism provided by Yarn. We could probably use npm at this point, but we have no real reason to switch from Yarn. If you have a convincing argument to switch from npm to Yarn please leave a comment on this decision!
So when starting a new project you generally have your go to tools to get your site up and running locally, and some scripts to build out a production version of your site. Create React App is great for that, however for my projects I feel as though there is to much bloat in Create React App and if I use it, then I'm tied to React, which I love but if I want to switch it up to Vue or something I want that flexibility.
So to start everything up and running I clone my personal Webpack boilerplate - This is still in Webpack 3, and does need some updating but gets the job done for now. So given the name of the repo you may have guessed that yes I am using Webpack as my bundler I use Webpack because it is so powerful, and even though it has a steep learning curve once you get it, its amazing.
The next thing I do is make sure my machine has Node.js configured and the right version installed then run Yarn. I decided to use Yarn because when I was building out this project npm had some shortcomings such as no .lock file. I could probably move from Yarn to npm but I don't really see any point really.
I use Babel to transpile all of my #ES6 to #ES5 so the browser can read it, I love Babel and to be honest haven't looked up any other transpilers because Babel is amazing.
Finally when developing I have Prettier setup to make sure all my code is clean and uniform across all my JS files, and ESLint to make sure I catch any errors or code that could be optimized.
I'm really happy with this stack for my local env setup, and I'll probably stick with it for a while.
p.s.
I am not sure about the performance of the latest version of npm, whether it is different from my understanding of it below. Because I use npm very rarely when I had the following knowledge.
------⏬
I use Yarn because, first, yarn is the first tool to lock the version. Second, although npm also supports the lock version, when you use npm to lock the version, and then use package-lock.json on other systems, package-lock.json Will be modified. You understand what I mean, when you deploy projects based on Git...
I use npm because I also mainly use React and TypeScript. Since several typings (from DefinitelyTyped) depend on the React typings, Yarn tends to mess up which leads to duplicate libraries present (different versions of the same type definition), which hinders the Typescript compiler. Npm always resolves to a single version per transitive dependency. At least that's my experience with both.
FeaturePeek
I think our #Frontend stack is pretty standard – but we have taken some deviations from a typical modern stack:
Flow (JS) instead of TypeScript. Flow was an easy choice 2+ years ago, as both flow and React were (and still are) maintained by Facebook. Today, it seems that the JavaScript community has settled on TypeScript as the winner. For new projects, I'd choose TS, but I don't see the point in migrating an existing project from flowtype to TS, when the end result will be roughly the same. Sure, memory usage is a bit high, and every now and then I have to kill some zombie processes, but our text editors (Sublime Text), CI scripts, and Babel are already set up to take advantage of the type safety that flow offers. When/if the React team writes React itself in TS, then I'll take a closer look – until then, flow works for us.
Yarn instead of npm. When yarn debuted, we never looked back. Now npm has pretty much caught up with speed and lockfiles, but yarn gives me confidence that my dependency installs are deterministic. Really interested in the plug-n-play (PnP) feature that removes the need for a node_modules folder, but haven't implemented this yet.
From a StackShare Community member: “I’m a freelance web developer (I mostly use Node.js) and for future projects I’m debating between npm or Yarn as my default package manager. I’m a minimalist so I hate installing software if I don’t need to- in this case that would be Yarn. For those who made the switch from npm to Yarn, what benefits have you noticed? For those who stuck with npm, are you happy you with it?"
npmUtilize npm private module to package shared library for different React / React Native clients. Shareable code goes here. Basically deliver Redux Store with Firebase integration and business logic in a library. Each React app utilizes this while delivering a device/target specific UI.
npmIf you're using Node or Gulp, you can't help but use NPM in some form or another. Fortunately that's never a bad thing with the massive package repository and glowing ecosystem making it a breeze to work with.
YarnYarn is a wonderful alternative to the built-in npm command-line interface. Dependency installation is crazy fast, because it caches every package and performs operations in parallel.
YarnI prefer yarn instead of npm.
Both npm and yarn work great.
I don’t see any overwhelming reason to choose one over another.
I just like yarn, that’s it.
npmWe manages all of our packages, including Angular JS through npm. It is a very quick way of downloading / installing packages into your project.
npmModule is published as bpost on the npm registry. Tasks for the module are also defined as npm run tasks with commit hooks for git
npmIt's the front-end version of Composer, so is pretty essential to pull in packages that can be tracked and kept up to date.
YarnWe use it in every JS project. Blazing fast package manager for node.js. Easy to use in Docker containers
YarnUsed in Coolfront Mobile and "Charlie" (flat rate search engine) as packaging mechanism.
YarnWe tend to stick to npm, yarn is only a fancy alternative, not 10x better.