NPM or Yarn? My thoughts
20 December, 2020
For a long time, I was confused on which package manager I should be using. I just went ahead and used NPM for a while, since that was simply what most people used. I never really bothered to look into what Yarn is, and never bothered to really switch to it, or try it out.
So, before we get started, let's give a brief overview of each.
Yarn is a package manager which corrects the cons of NPM. Yarn still uses the same registry as NPM, so you can download all the same packages. Similar to NPM, you can also download from GitHub.
NPM stands for Node Package Manager, and it is the default package manager for Node. It has its own registry with a very large number of packages and modules. It has a registry for both public and private use, along with offering distribution for your your own packages.
So, let's break straight to the point. Which package manager should I be using?
We are going to break down aspects of NPM and Yarn, and help you decide for yourself which one is better.
Security is one of the main reasons why Yarn was developed by a team at Facebook. Back when Yarn was released, NPM had some security shortcomings which drove some developers away. Yarn addressed these security concerns and was regarded to be most secure.
Now, with the release of NPM 6 many of these security risks were fixed. While installing a module with known vulnerabilities, NPM will alert you. The command
npm audit has also been added to fix some common concerns with security.
In my opinion, this is a neck to neck race but Yarn comes out on top. Yarn has features such which you can use to verify the licenses, etc. of modules you download, while NPM does not.
This is another reason why Yarn was developed. Back when Yarn was released NPM also had performance issues. In NPM 6, the team at NPM has done a commendable job matching up speeds with Yarn, although Yarn still remains the winner here by a slim margin.
A main concern for people who, for example maintain large open-source projects will prefer to use something which is more popular.
NPM is the winner here. There is a much higher quantity of packages installed from NPM than from Yarn.
A CLI should also provide a good experience while using it. In my opinion, Yarn is also the winner here. When you use a command, say, install a pacakage the output is much more cleaner, and more organised in Yarn as compared to NPM.
For the commands when we use the CLI, it depends on preference completely but I'll have to give this one to Yarn as well. The CLI commands are just simpler, and have less words as compared to NPM.
NPM and Yarn both have a variety of support for technologies, but the biggest concern is raised with React Native which is not supported by Yarn 2 out of the box. Yarn 2 also does not support node_modules out of the box either, and in my opinion the clear winner here is either Yarn 1 or NPM.
To suit your needs, feel free to use whatever you want. I personally will conclude that Yarn 1 is better than NPM, although I will prefer to use NPM over Yarn 2 (Berry).
The reason I will say that Yarn 2 is lacking behind NPM is the fact that it is quite different from NPM, and it when people want to contribute to my open-source projects, telling then to use the non-default tool might not be the smartest idea.
Anyways, that's all for today. Hopefully you found some value in this post. Until next time. 👋