NPM vs Yarn vs Pnpm
Hi all, in this blog we are going to learn some differences between npm, yarn and pnpm. I guess everyone is aware of all these package managers.
Let's first understand what exactly is package manager just in a brief.
npm (Node Package Manager) is the first package manager. It was released in 2010. It comes prebuilt with NodeJS. You don't have to download it explicitly. Earlier before npm, developers had to manually download the dependencies and manage them in their projects. But it became difficult to manage them as projects grew. That's where npm came in and helped developers easily manage the dependencies under a single folder named node_modules in your project. Over time, the tool evolved to include features like versioning, dependency resolution, and a package publishing system.
In 2015, NPM was acquired by Joyent, the company that created Node.js. This acquisition brought additional resources to the NPM project and helped it become a critical part of the Node.js ecosystem.
In 2016, NPM faced a significant security incident where a malicious package was published to the repository. The package was able to steal sensitive information from developers who installed it, highlighting the importance of package security. Since then, NPM has implemented additional security measures, including two-factor authentication and automatic vulnerability scanning.
Why other package managers came in the market?
On October 2016, Facebook announced a collaborative effort with Google and a few others to develop a new package manager that would solve the issues with consistency, security, and performance problems that npm had at the time. They named the alternative Yarn, which stands for Yet Another Resource Negotiator.
Yarn's architectural design is almost similar to npm, but it's much faster than npm as it parallelly installs all the packages and their dependencies. But still from the disk efficiency parameter it's not good as its using the same underlying structure as npm.
That's where pnpm helps. Let's understand that in the next section.
Pnpm and its benefits
Version 1 of pnpm was released in 2017 by Zoltan Kochan. It is a drop-in replacement for npm, so if you have an npm project, you can use pnpm right away!
It solved the major problem that yarn and npm both face is the flat dependency structure in node_modules meaning it stores all the dependencies and interdependencies in node_modules in a flat hierarchy. The main problem with this is disk storage fills up as for every project flat node_modules will be created and also it takes time to install all of these again and again for every project
pnpm solves this problem using content addressable storage (single source of truth) where it keeps all the dependencies folders at a single place. It uses hard links and symbolic links. In node_modules pnpm only keeps the parent dependencies or the main dependencies which your project depends on and all the other interdependencies will be stored as symbolic links (which means a reference to the files in content addressable storage)
So because of all these pnpm installs packages much faster and uses less disk space in comparison to npm and yarn
All these were some differences between yarn, npm and pnpm. Let me know in the comments which one you use and what you like most about that package manager.
Have a nice day