Elaborate on package manager yarn and NPM

devpoint 2021-10-14 06:11:10

 Elaborate on the package manager yarn and npm

in the past , A simple text editor is enough for developers to create and manage most projects . But since then ,WEB There have been earth shaking changes , Now , Even a fairly simple project , There are often hundreds of scripts with complex nested dependencies , Without automation tools , These scripts can't be managed orderly at all , Then you need the package manager .

Package manager is a tool that automatically handles project dependencies in various ways . for example , With the help of the package manager , Can install 、 uninstall 、 Update and upgrade packages , Configure project settings 、 Run scripts, etc . All the complex and tedious work is done by the package manager , Let developers focus on coding .

npm yes Node Package manager , It's on 2010 Released in , Open the web A new era of development . Before that , Project dependency libraries are manually downloaded and managed ,npm It's a WEB Development has moved to a higher stage .

npm There are three main things to do :

  • One for management npm Experience all aspects of the website
  • Used to access a wide range of JavaScript Registry of Baogong database
  • Used to communicate with... Through the terminal npm Interactive command line interface (CLI)

However , Most people talk about npm when , Usually refers to the last CLI Tools . It acts as the default package manager with each new package Node Version released together .

yarn Representing another resource negotiator .yarn Package manager is npm An alternative to , from Facebook On 2016 year 10 Published in .yarn The initial goal is to deal with npm The shortcomings of , Such as performance and security issues .yarn It was quickly positioned as a safe 、 Fast 、 reliable JavaScript Dependency management tool .

however npm The team learned a lesson , And quickly fill the gap by realizing the missing function npm The blank of .

Let's look at a timeline :

  • 2010 year : Released support Node Of npm.
  • 2016 year :Yarn Release . It shows more than npm Better performance . It also generates yarn.lock file , Make sharing and precision replication easier and predictable .
  • 2017 year :NPM 5 Release . It provides automatically generated package locks package-lock.json Document response yarn.lock.
  • 2018 year :NPM 6 The release of improved security . Now? ,npm Security vulnerabilities are checked before installing dependencies .
  • 2020 year :Yarn 2 and npm 7 Release . Both packages have great new features .
  • 2021 year :Yarn 3 Various improvements have been released .

Now , These two kinds of package managers are neck and neck in the package management competition , Provides similar features and functions . But there are still some differences , Help you choose to use .

Installation comparison

from npm and yarn The installation process begins to compare .

Install package manager

As mentioned above ,npm Is pre installed in Node Medium , Therefore, manual installation is generally not required npm.

contrary ,yarn Explicit installation is required , First , Global installation required yarn:

npm install -g yarn

then , You can set the required version in the project , Use it on a per project basis . By running... In the root directory of the project yarn set version Command to set the required version :

yarn set version berry

berry Is the version number to be set . If you want to update to the latest version , function :

yarn set version latest

Use yarn, You can use different versions for each project . And yes npm To achieve the same needs , You need to install nvm(Node Version Manager ).

Installation project dependency

Now? , Let's see how to install project dependencies . When running npm install when , Dependencies are installed in turn , The terminal will output detailed installation logs , But reading is not good .

Use yarn Installation package , function yarn command .yarn Is a parallel installation package , It's also better than that npm One of the reasons for being fast . If in use yarn 1, Will see yarn The output installation log is relatively concise , Reading is also better . For ease of reading , They are arranged in a tree . But this is in the version 2 And version 3 Change in , The logs are not so intuitive and readable .

up to now , Already seen npm and yarn There are different installation package commands .

Command comparison

npm and yarn Many commands are the same , But there are many different commands . Let's look at the same command first :

  • npm init | yarn init: Create a new package
  • npm run | yarn run: function package.json Script defined in
  • npm test | yarn test: Test a package
  • npm publish | yarn publish: Release a package
  • npm cache clean | yarn cache clean: Remove all data from the cache folder

These commands make it easy to switch between two managers , But there are some different commands that can cause confusion .

  • npm install | yarn: Installation dependency
  • npm install [package] | yarn add [package]: Install a package
  • npm install --save-dev [package] | yarn add --dev [package]: Install packages as development dependencies
  • npm uninstall [package] | yarn remove [package]: Uninstall a package
  • npm uninstall --save-dev [package] | yarn remove [package]: Uninstall the development dependency package
  • npm update | yarn upgrade: Updated dependencies
  • npm update [package] | yarn upgrade [package]: Update package

yarn There are also some unique commands , These orders are in npm There is no same . for example ,why The command shows why a package is needed : It may be a dependency 、 A local module or a project dependency .

Speed and performance

whenever yarn or npm When the package needs to be installed , They all perform a series of tasks . stay npm in , These tasks are installed one by one in package order , This means that it will wait for a package to be fully installed , Then move on to the next . by comparison ,yarn Is to perform these tasks in parallel , Significant improvement in performance .

Although both managers provide caching mechanisms , but yarn Seems to be doing better . By implementing zero installation mode , It can install packages in almost a short time . It caches each package and saves it on disk , So the next time you install this package , You don't even need an Internet connection , Because the package is installed offline from disk .

Even though yarn There are some advantages , but yarn and npm The speed in their latest version is quite , So now it's equal .

Security comparison

Yes npm One of the main criticisms of is in terms of security , Former npm The version has several serious security vulnerabilities . However, from the version 6 Start ,npm Audit the package during installation and show if any vulnerabilities have been found . You can run... On installed packages npm audit To perform this check manually , If any vulnerabilities are found ,npm Will give corresponding safety suggestions . If a security vulnerability is found , Can run npm audit fix To fix package vulnerabilities .

In terms of security ,yarn and npm Encrypted hash algorithm is used to ensure the integrity of the package .

Functional comparison

Just like the command described above , Some features are npm and yarn Common , But there are some differences , Here are the main differences .

Generated lock file

stay package.json In file ,npm and yarn In which the dependencies of the project are tracked , The version number is not always accurate , contrary , You can define a series of versions . such , You can select the major version and minor version of a package , But allow npm The installation may fix some bug The latest patch .

In the ideal state of semantic version control , The patch version will not contain any destructive changes . But the display is always different from the ideal , This is not the case in the real situation .npm The adopted strategy may cause two machines to operate at the same time package.json End of file , But different versions of the package are installed , This buried the possibility of bug The problem of .

To avoid package version mismatch , The exact installed version is fixed in the package lock file , Every time you add a module ,npm and yarn Create separate ( Or update ) One package-lock.json and yarn.lock file .

Use the workspace

A workspace is allowed to have a monorepo To manage dependencies across multiple projects , This means that there is a single top-level root package , It contains several sub packages called workspaces .

Run the script remotely

npx Command for from ./node_modules/.bin Run script . It also allows from npm Execute package in registry , Instead of installing them in project dependencies . for example , You can create a new... By running the following command React Applications :

npx create-react-app my-app

stay yarn in , Equivalent... Can be used dlx Command gets the same result :

yarn dlx create-react-app my-app

The following is an introduction to yarn Unique features .

Zero installation

Zero installation caches the data stored in the project directory .yarn In the folder . When using yarn or yarn add <package> When ordered ,yarn Will create a .pnp.cjs file , This file contains Node The dependency hierarchy used to load the project package . therefore , They can be accessed almost at zero time .

Plug and play

Plug and play is another installation strategy ,yarn No generation node_modules Directory and leave the parsing to Node, Instead, generate a single .pnp.cjs file , This file maps packages to their location on disk and their dependency list . This feature can lead to faster project startup 、 Better optimization of dependency trees 、 Faster installation time , Of course, there is no need for node_modules Folder .


yarn Includes a built-in license checker , It can be used in different scenarios when developing applications .

Choose which package manager

As discussed above npm and yarn Various similarities and differences between , But it has not been determined which is better , Which one to choose , But it's still that sentence , The right team or project is the most important .

Here is a recommended suggestion :

  • choice npm : If you are satisfied with the current workflow , Don't want to install additional tools , And not much disk space .
  • choice yarn : If you want some great features , For example, plug and play , Need some npm Missing features in , And have enough disk space

If it's still hard to npm and yarn Make a clear decision between , Then don't care , Any one can basically meet the requirements of project development .


The package manager is useful for modern applications web Development is very important , This article compares the two most popular package managers on the market , They all have their own advantages and disadvantages , Choose the one that best suits the project .

Please bring the original link to reprint ,thank
Similar articles