Comparison between npm deps and pnpm deps

pnpm.io/benchmarks

pnpm is a fast, disk space-efficient package manager.

npm was my package. Although I saw a lot of posts that yarn is faster and useful than npm, I just wanted to use a default manager. And recently, I've heard of a new package manager from a colleague. "pnpm is faster than even yarn and has an interesting structure for it" he said. I thought that it might've been time to move on to another package manager.

pnpm takes advantage of symbolic links for saving storage, connecting packages without installing, and preventing accessing arbitrary packages, etc.

I don't have enough knowledge to explain well about pnpm. There are good explanations in pnpm.io.

After reading the document, I just wanted to check my own how npm and pnpm are different when installing other versions of dependencies that are already installed.

I'm going to show you the test that I've done with a package express.

npm

npm install express

There are many dependencies that related to express in node_modules.

One of the dependencies is debug, and many packages has debug as a dependency.

...
 "body-parser": {
      "version": "1.20.0",
      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.0.tgz",
      "integrity": "sha512-DfJ+q6EPcGKZD1QWUjSpqp+Q7bDQTsQIF4zfUAtZ6qk+H/3/QRhg9CEp39ss+/T2vw0+HaidC0ecJj/DRLIaKg==",
      "requires": {
...
        "debug": "2.6.9",
...
      }
    },
...
 "express": {
      "version": "4.18.1",
      "resolved": "https://registry.npmjs.org/express/-/express-4.18.1.tgz",
      "integrity": "sha512-zZBcOX9TfehHQhtupq57OF8lFZ3UZi08Y97dwFCkD8p9d/d2Y3M+ykKcwaMDEL+4qyUolgBDX6AblpR3fL212Q==",
      "requires": {
...
        "debug": "2.6.9",
...
    "finalhandler": {
      "version": "1.2.0",
      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz",
      "integrity": "sha512-5uXcUVftlQMFnWC9qu/svkWv3GTd2PfUhK/3PLkYNAe7FbqJMt3515HaxE6eRL74GdsriiwujiawdaB1BpEISg==",
      "requires": {
        "debug": "2.6.9",
...
      }
    },
...
      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
    },
    "send": {
      "version": "0.18.0",
      "resolved": "https://registry.npmjs.org/send/-/send-0.18.0.tgz",
      "integrity": "sha512-qqWzuOjSFOuqPjFe4NOsMLafToQQwBSOEpS+FwEt3A2V3vKubTquT3vmLTQpFgMXp8AlFWFuP1qKaJZOtPpVXg==",
      "requires": {
        "debug": "2.6.9",
...
      },
...

As you can see, they don't have debug.

debug is in node_modules. They have the same version of debug, it makes sense.

in this case, what will it be going on if I install another version of debug in my project?

I installed debug@2.6.8, and the version of debug in node_modules has changed 2.6.8 from 2.6.9, because my project needs 2.6.8.

So, where is debug@2.6.9?

Each packages have debug@2.6.9.

pnpm

Let's do the same process with pnpm!

pnpm add express

I have .pnpm and express in node_modules, it looks clean.

in .pnpm, there are actual versions of packages.

Actually, express in node_modules is a link. look up the below image.

https://pnpm.io/motivation

And, the packages that have debug as a dependency already have debug in their node_modules as a link file.

If I install debug@2.6.8.

debug@2.6.8 has been installed in .pnpm, and a link file has been added in node_modules, and it doesn't make any changes in packages like body-parser, send.

Conclusion

I haven't used pnpm in my projects yet though, I can't wait to use this package manager, it looks nice and interesting, and actually, pnpm has more powerful features. You will find them in their docs.

I hope it will be helpful for someone.

Happy Coding!