DEV Community

loading...
Cover image for NPM or Yarn? Find the right package manager for you

NPM or Yarn? Find the right package manager for you

harshhhdev profile image Harsh Singh ・3 min read

For a long time, I was confused on which package manager I should be using. I just went ahead and used NPM for a while, since that was simply what most people used. I never really bothered to look into what Yarn is, and never bothered to really switch to it, or try it out.

So, before we get started, let's give a brief overview of each.

Yarn

Yarn is a package manager which corrects the cons of NPM. Yarn still uses the same registry as NPM, so you can download all the same packages. Similar to NPM, you can also download from GitHub.

image

NPM

NPM stands for Node Package Manager, and it is the default package manager for Node. It has its own registry with a very large number of packages and modules. It has a registry for both public and private use, along with offering distribution for your your own packages.

image

Which one should I use?

So, let's break straight to the point. Which package manager should I be using?

So, we are going to break down aspects of NPM and Yarn, and help you decide for yourself which one is better.

Security

Security is one of the main reasons why Yarn was developed by a team at Facebook. Back when Yarn was released, NPM had some security shortcomings which drove some developers away. Yarn addressed these security concerns and was regarded to be most secure.

Now, with the release of NPM 6 many of these security risks were fixed. While installing a module with known vulnerabilities, NPM will alert you. The command npm audit has also been added to fix some common concerns with security.

In my opinion, this is a neck to neck race but Yarn comes out on top. Yarn has features such which you can use to verify the licenses, etc. of modules you download, while NPM does not.

Performance

This is another reason why Yarn was developed. Back when Yarn was released NPM also had performance issues. In NPM 6, the team at NPM has done a commendable job matching up speeds with Yarn, although Yarn still remains the winner here by a slim margin.

image

Popularity

A main concern for people who, for example maintain large open-source projects will prefer to use something which is more popular.

NPM is the winner here. There is a much higher quantity of packages installed from NPM than from Yarn.

image

CLI Experience

A CLI should also provide a good experience while using it. In my opinion, Yarn is also the winner here. When you use a command, say, install a pacakage the output is much more cleaner, and more organised in Yarn as compared to NPM.

image

image

For the commands when we use the CLI, it depends on preference completely but I'll have to give this one to Yarn as well. The CLI commands are just simpler, and have less words as compared to NPM.

image

Support

NPM and Yarn both have a variety of support for technologies, but the biggest concern is raised with React Native which is not supported by Yarn 2 out of the box. Yarn 2 also does not support node_modules out of the box either, and in my opinion the clear winner here is either Yarn 1 or NPM.

To conclude

To suit your needs, feel free to use whatever you want. I personally will conclude that Yarn 1 is better than NPM, although I will prefer to use NPM over Yarn 2 (Berry).

The reason I will say that Yarn 2 is lacking behind NPM is the fact that it is quite different from NPM, and it when people want to contribute to my open-source projects, telling then to use the non-default tool might not be the smartest idea.

There are a few problems with Yarn 2 brings up for many people, and I will advocate to all that they use Yarn 1.

Discussion (12)

pic
Editor guide
Collapse
ashr1 profile image
Ash

Have you ever tried pnpm?
It's amazingly quicker over npm/yarn, but it defaults not to "hoist".

Collapse
patarapolw profile image
Pacharapol Withayasakpunt

I was a PNPM convert for a while, and now I am back to Yarn 1.

  • No need to clean cache
  • No need for shamefully-hoist=true
  • Better support

And yes, NPM sucks (never tried NPM 7, though).

Collapse
harshhhdev profile image
Harsh Singh Author

Agreed, Yarn 1 still is advantent over PNPM. It depends on what you need though, at the end of the day.

Collapse
harshhhdev profile image
Harsh Singh Author

I have heard about it yes. The reason I didn't include it was because nobody really uses it, to be honest.

But I have heard of it yep, and I've heard primarily good things about it too :)

Collapse
xeho91 profile image
xeho91

"... it was because nobody really uses it..."

npmjs.com/package/pnpm

"Weekly Downloads: 101,350"

...

Thread Thread
harshhhdev profile image
Harsh Singh Author

That's still much lower than with Yarn or NPM. Yarn 1 or NPM have advantages such as community adoption which at the moment PNPM does not.

Collapse
rxliuli profile image
rxliuli

Let me just say the result: yarn

Collapse
harshhhdev profile image
Collapse
jackent2b profile image
Jayant Khandelwal

Nicely framed buddy!

Collapse
harshhhdev profile image
Collapse
olivierjm profile image
Olivier JM Maniraho

You have a typo in the title pacakge ==> package

Collapse
harshhhdev profile image
Harsh Singh Author

😅 thanks so much for pointing it out 👍