NPM vs Yarn

February 28, 2021

Alt-Text

What is NPM (Node Package Manager) ?

npm commonly known as node package manager, initially released in 2010, is a tremendously popular package manager among JavaScript developers. It is the default package that is automatically installed whenever you install Node.js on your system.

It consists of three components: the website to manage various aspects of your npm experience, Command Line Interface (CLI) to interact with npm via the terminal, and registry to access an extensive public database of JavaScript software.

What is Yarn ?

yarn was released by facebook in 2016, an another package manager for the JS programing language. The main motive of facebook to build a package manager with optimized performance and security, that were the shortcomings of NPM.

Making a Comparison

  • Installation

    • NPM: Installing Node will give you the access to run and utilize npm. Download Node from the given link Download Node.
    • Yarn: To install yarn package manager paste the following code in your command line.
npm install yarn

  • Popularity

As a developer alway prefer to choose the utility or library that has a huge open source community support. I am saying this for two reasons: Firstly, you will get regular updates and bug fixes, that will protect your application and optimise application scalability. Secondly, This could save your lot of time by assisting you directly for any implementations.

Google Trends

yarn_vs_npm


  • Dependencies

The yarn core team do not recommend installing it using npm package, so you can visit these installation options to do as recommended.

Both have similar ways to maintaining their dependencies. hey both provide the package.json file that exists at the root of the project’s working directory. This file keeps all the relevant metadata associated with the project. It assists in managing the project’s dependencies version, scripts, and more.

Yarn introduced new feature to make a smooth transition from npm to yarn by importing package-lock.json


  • Performance

Yarn wins, yarn is a clear winner in terms of performance, but npm is v5 to v6 showed a bridging gap between performance issues. but still yarn is at the top.

alt


  • Security

While Yarn was initially regarded to be more secure, the npm team has made commendable comebacks with the introduction of significant security improvements.

With npm v6, security is built-in. If you try installing code with a known security vulnerability, npm will automatically issue a warning. Also, a new command, npm audit, has been introduced to assist you in recursively assessing your dependency tree to identify anomalies.

Procedure to follow if npm returns error in package

npm audit fix

or

npm audit fix --force

  • Updating packages

To upgrade an Existing packages to latest version of packges inside the appliation. Do the Following steps:

How to update Yarn dependency packages

yarn upgrade

particular package updation

yarn upgrade [package-name]

The script will read the package meta data from package-lock.json or yarn.lock file.


  • CLI (Commands)

    • Type npm to see npm list of commands.
    • type yarn to see yarn list of commands.

Conclusion

Please choose wisely, by reading the above comparisons. Ultimately, your choice between npm vs. Yarn will depend on your requirements, tastes, and preferences.

Happy Coding!


© 2021, Utkarsh Yadav . All Rights Reserved