dev-resources.site
for different kinds of informations.
Mastering the Art of Node Package Management
Introduction
Before we deep dive into the world of Node package manager, we need to understand and know what is a package manager.
In simple words, a package manager is a system or set of tools used to automate installing, upgrading, configuring, and using software or applications.
A package manager is not just limited to Node.js, in fact, the OS which we use on a daily basis also uses package managers. E.g.
For MacOS we use the brew
package manager. Similarly for Ubuntu, we use the apt-get
package manager, and for Windows, the package manager we use is Winget
or Chocolatey
.
A brief history of Node Package Managers
Node.js comes with a default package manager NPM i.e. Node Package Manager. NPM is the world's largest software registry and hosts more than a million packages that are used by javascript developers daily.
There are other package managers too such as Yarn introduced by Meta, in 2016. Then we have PNPM i.e. Performant Node Package Manager released in 2017.
Together with npm
, yarn
, and pnpm
there were a few more node package managers introduced like tink
and ied
but later on, was discontinued.
All about the package.json file
The package.json
file is a fundamental part of every Node.js project or application and is used by all package managers including NPM, Yarn, and PNPM. The file serves as the manifest of your project and contains metadata about the project and its dependencies.
Here is an example of what a package.json
file might look like
{
"name": "my-node-project",
"version": "1.0.0",
"description": "A sample Node.js project",
"main": "index.js",
"scripts": {
"start": "node index.js",
"test": "jest"
},
"dependencies": {
"express": "^4.17.13"
},
"devDependencies": {
"@types/express": "^4.17.13"
},
"keywords": [],
"author": "",
"license": "ISC"
}
Here are some of the common properties you will see in a package.json
file
name
: The name of your project and the application.version
: The current version of the project.description
: A short description of the project.main
: The main entry point of your project. Usually, it is the first file that is executed for the application.scripts
: It is an object which holds all the script commands that are part of the application's lifecycle such as starting the application, building, testing, etc.dependencies
: These are the packages that are required for your application to execute. These are installed usingnpm install --save <package_name>
E.g.express
devDependencies
: Some packages are required for development purposes only. These are installed usingnpm i --save-dev <package_name>
for e.gtypes@express
There are a few more fields in the
package.json
file likekeywords
,author
andlicense
etc.
NPM (Node Package Manager)
NPM manages all the packages and modules for Node.js and consists of the command line client npm
. It gets installed into the system with the installation of Node.js. The required packages and modules in the Node.js project are installed, uninstalled, and removed using NPM.
Key Features
Package installation and management : Easily install, update, and remove packages with simple commands.
Dependency resolution : Automatically resolves and installs package dependencies.
npm scripts : Run predefined scripts to automate tasks, such as building, testing, and deploying your application.
Semantic versioning : Manage package versions using semantic versioning, making it easy to control and update dependencies.
Security and auditing : Scanning projects for vulnerabilities and automatically applying patches with
npm audit
.
Examples
To install, update or remove a package using NPM, simply run the following commands:
# For installing a package
npm install <package_name>
# For updating a package
npm update <package_name>
# To removing a package
npm uninstall <package_name>
# To install all dependencies
npm install
Yarn
If you are looking for fast, reliable, and secure dependency management, yarn
is the ultimate choice.
Installation
To install Yarn, we can use npm
which comes as the default Node.js package manager. Though they are a few alternatives too for installing Yarn. Let's find out them below.
Using
npm
: Installingyarn
package globally allows us to use it across different projects via the command line.For macOS: we can install it via
Brew
orcurl
. Let us check the commands to be used.For Windows: You can install it by executing a .msi file, Link available here, or by using a package manager like Chocolatey.
All about the yarn.lock
file
The file yarn.lock
is created or updated whenever dependencies are added. By using a lock file and a deterministic installation algorithm, Yarn
can ensure that the structure of the node_modules
directory is the same in every environment, whether it's your local development machine or a production server.
Key Features
Fast & Efficient : Parallel downloads with offline caching and selective version inclusion makes managing packages efficient
Deterministic installs: yarn lock files ensures consistent dependency installations across different environments
Workspaces : Easily manages multiple packages in a single repository.
Improved Security : Enforces strict SSL & checksums which ensures the integrity of downloaded packages.
Compatibility : Yarn is compatible with the NPM registry, thus allowing access to millions of NPM packages.
Examples
To install a package using Yarn, run the following command:
# To add a new package
yarn add <package_name>
# To update an already installed package
yarn upgrade <package_name>
# To remove a package
yarn remove <package_name>
# To install all dependencies for a project
yarn install
PNPM (Performant Node Package Manager)
In simple words, PNPM is a fast, disk-space-efficient package manager.
Installation
Using
npm
: To install PNPM, we can use npm which comes as the default Node.js package manager.@pnpm/exe
is packaged with Node.js into an executable, so it may be used on a system with no Node.js installed.For macOS: we can install it via Brew. Let us check the commands to be used. Using the brew package manager:
For Windows: You can install using a package manager like Chocolatey or Winget.
All about the pnpm-lock
file
Like other package managers, PNPM also creates a lock file pnpm-lock.yaml
when you install packages. This file ensures that every install results in the exact same dependency tree, across all environments.
Key Features
Efficient package storage : Uses a global package store, saving disk space and reducing installation times.
Strict Dependency management : Prevents the accidental use of packages that are not explicitly listed in your project's dependencies.
Workspaces : Supports mono-repos and simplifies dependency management for multi-package projects.
Content addressable caches : Ensures packages are immutable and cacheable, improving performance and security.
Compatibility : Compatible with the NPM registry, and use most npm-compatible tools.
Examples
To install, update or delete a package using PNPM, run the following command:
# To add a new package
pnpm add <package_name>
# To update an already installed package
pnpm update <package_name>
# To remove a package
pnpm remove <package_name>
# To install all dependencies for a project
pnpm install
Choosing the right package manager
There's no one-size-fits-all solution when it comes to package managers. The choice depends on your project's requirements and your personal preferences. Here are some guidelines to help you decide:
If you prioritize compatibility and the support of a vast ecosystem, NPM is a reliable choice.
If speed, security, and offline capabilities are important to you, consider Yarn.
If disk space and installation efficiency are your main concerns, PNPM might be the best option.
Feature Comparison
Feature | NPM | Yarn | PNPM |
---|---|---|---|
Workspace Support | ✔️ | ✔️ | ✔️ |
Hoisted node_modules
|
✔️ (by default) | ✔️ | ✔️ |
Isolated node_modules
|
✔️ | ✔️ | ✔️ (by default) |
Managing node.js versions | ❌ | ❌ | ✔️ |
Autoinstalling peers | ✔️ | ❌ | ✔️ |
Lock file | package-lock.json | yarn.lock | pnpm-lock.yaml |
Patching dependencies | ❌ | ✔️ | ✔️ |
Dynamic package execution | ✔️ via npx
|
✔️ via yarn dlx
|
✔️ via pnpm dlx
|
Content addressable storage | ❌ | ❌ | ✔️ |
Zero-Installs | ❌ | ✔️ | ❌ |
CLI available | ✔️ | ✔️ | ✔️ |
Conclusion
Javascript package managers have expanded to offer developers a wide range of choices beyond NPM. While NPM remains the default for many, Yarn and PNPM are also widely used, each bringing its own unique advantages.
Choosing between NPM, Yarn, and PNPM should be based on the specific needs of your project or team.
I hope you have learned something new as I did. If so, kindly like and share the article and also follow me to read more exciting articles.
References
Featured ones: