Node.js package managers: NPM and Yarn

Node.js is an increasingly popular and widely used JavaScript runtime nowadays. One of the important aspects of Node.js is to manage the dependencies among software artefacts. Better dependency management would advocate modularisation and decoupling of software components. Since the dawn of Node.js, several package managers have been developed, notably, npm, anymod (formerly component), volo, ringojs, bower, yarn, pnpm, to name but a few.

In this post, we shall walk through the two tools that have been seemingly living up to the high expectation of a majority of JavaScript developers and communities, npm and yarn. pnpm is an improvement that performs sometimes better than npm and yarn. The great advantage of using pnpm is that we just replace the command npm by pnpm and keep the rest intact. Bower is a powerful tool that supports not only JS but also various types of Web resources including HTML, CSS, fonts, images. Nevertheless, the core Bower developers and maintainers had recently recommended the users to switch to yarn.

• npm seems to be the de facto package management included with Node.js. When Node.js is installed, npm will also be available and ready to use as well. This is one among many reasons why npm is well-known and widely used by JS developers.
• yarn was originally developed by Facebook to overcome existing problems of existing package management tools. Some notable yarn’s features are deterministic model (producing the same result when repeating), flat mode (resolving mismatching versions of dependencies to a single version to avoid duplicate), security first, offline mode, network performance, and so forth. Nevertheless, recent versions of npm also improve significantly by learning and incorporate several good features from yarn.

Walking Through

In this part, we will go through a typical development workflow that each tool provides with basic steps and some commonly used options.

0. Installing and Upgrading

NPM

As mentioned above, npm is available wherever Node.js is installed. So, the only thing to do is to upgrade npm

npm install npm@latest -g
# you can also use the alias 'i'
npm i npm@latest -g

Yarn

Yarn can be installed via npm but this method is not recommended due to security reason.

npm install --g yarn

macOS users can install Yarn using Homebrew.

# installing
brew update && brew install yarn
# upgrading
brew upgrade yarn

There are also concrete instructions for Linux and Windows users, too.

1. Starting New Projects

NPM

npm init [-f|--force] [-y|--yes]

npm init will ask you a number of questions and create an initial configuration file package.json. In case you do not want to answer the questions one by one, you can use any option -f, --force, -y or --yes to skip all questions and get a default package.json in the current directory.

Yarn

yarn init [-y | --yes] [-p | --private]

This command is totally similar to npm init and the outcome will be package.json. The only difference is -p or --private to set "private": true.

2. Getting Information

NPM

# display a particular package's information
npm view eslint
npm info eslint
# search for a package/name
npm search eslint
# list installed packages
npm ls

Yarn

Yarn developers deliberately do not add support for searching packages like npm as explained here.

# display a particular package's information
yarn info eslint
# list installed packages
yarn list

Yarn provodes a nice command for showing why a certain package was installed.

yarn why eslint

3. Installing Dependencies

Both npm and yarn provide several options to add dependencies ranging from registered packages, tarballs, to git repositories. Please note that, npm and yarn also support manipulating global package repositories, i.e. installed packages that are available to the whole working system instead of local projects. In most of the case, we can use the option -g for npm and the command global for yarn. Thus, in the following steps, we mainly concentrate on local repositories.

NPM

# install all dependencies defined in package.json
npm install
# add a registered package and record it in 'dependencies' 
npm install eslint
# add an exact version
npm install eslint@3.0.0
# add and record in 'devDependencies'
npm install --save-dev eslint
# add a git repos
npm install git@github.com:eslint/eslint.git

Yarn

# install all dependencies defined in package.json
yarn install
# add a registered package
yarn add eslint
# add an exact version
yarn add eslint@3.0.0
# add to dev dependencies
yarn add --dev eslint
# add a git repos
yarn add git@github.com:eslint/eslint.git

4. Upgrading Packages

NPM

# check outdated packages
npm outdated
# upgrade all to the latest versions w.r.t version ranges in 'package.json' (since 2.6.1 default to top level packages)
npm update
# upgrade a specific package
npm update eslint

Yarn

# check outdated packages
yarn outdated
# upgrade all
yarn upgrade
# upgrade all and ignore version ranges in 'package.json'
yarn upgrade --latest
# upgrade a specific package
yarn upgrade eslint
# upgrade packages match a pattern
yarn upgrade --pattern eslint

5. Removing Packages

NPM

npm uninstall eslint

Yarn

yarn remove eslint

6. Running Commands

NPM

npm allows users to define executable scripts in package.json under the section

"scripts" : { "test" : "..." }

then use npm run script-name to execute the predefined scripts.

npm run test

Nevertheless, npm provides a short form for executing testing scripts as well.

npm test

Yarn

Similar to npm, yarn users can execute scripts with yarn run script-name and yarn test for testing.

yarn run start
yarn test

So far, we have walked through some basic steps of a typical development workflow, ranging from initialisation to inquiring and manipulating packages. Apart from that, both npm and yarn also go extra length with many more different functionality. Backing by very strong and active communities, your development projects will surely in safe hands when choosing either of them.