Skip to main content

Package Manager

In Node.js, commonly used package managers include npm, Yarn and pnpm. Each package manager has its own unique functions and advantages. The following details their characteristics, usage methods, common commands, and the difference between production dependencies and development dependencies.

npm (Node Package Manager)

Overview

npm is the default package manager for Node.js and the most popular package management tool. It allows developers to download, install, update and manage dependency packages in Node.js projects.

Installation and initialization

The Node.js installation package comes with npm, so no additional installation is required.

Initialize a new Node.js project:

npm init

Or quick initialization (with default settings):

npm init -y

Common commands

  • Install package

Install and save to dependencies:

npm install package-name

Install and save to devDependencies:

npm install package-name --save-dev
  • Uninstall package
npm uninstall package-name
  • Update package
npm update package-name
  • Globally installed package
npm install -g package-name
  • View globally installed packages
npm list -g --depth=0
  • View the packages in the project
npm list --depth=0
  • Check outdated packages
npm outdated

Configuration file

The package.json file contains basic information about the project, a list of dependent packages, and other configurations.

Yarn

Overview

Yarn is a new package management tool jointly developed by Facebook, Google, Exponent, and Tilde. It is compatible with npm and provides some improvements, such as faster installation speed, more reliable installation process, and better dependency management.

Installation and initialization

You can install Yarn through npm:

npm install -g yarn

Initialize a new Node.js project:

yarn init

Common commands

  • Install package

Install and save to dependencies:

yarn add package-name

Install and save to devDependencies:

yarn add package-name --dev
  • Uninstall package
yarn remove package-name
  • Update package
yarn upgrade package-name
  • Global installation package
yarn global add package-name
  • View globally installed packages
yarn global list
  • View packages in the project
yarn list --depth=0
  • Check for outdated packages
yarn outdated

Configuration files

The package.json file also applies to Yarn. In addition, Yarn will also generate a yarn.lock file to lock the version of the dependency package to ensure that everyone in the team installs the same dependency version.

pnpm

Overview

pnpm is a fast and efficient package manager. It is compatible with npm and Yarn, and uses hard links and symbolic links to reduce disk space usage and installation time.

Installation and initialization

You can install pnpm through npm:

npm install -g pnpm

Initialize a new Node.js project:

pnpm init

Common commands

  • Install package

Install and save to dependencies:

pnpm add package-name

Install and save to devDependencies:

pnpm add package-name --save-dev
  • Uninstall package
pnpm remove package-name
  • Update package
pnpm update package-name
  • Global installation package
pnpm add -g package-name
  • View globally installed packages
pnpm list -g --depth=0
  • View the packages in the project
pnpm list --depth=0
  • Check outdated packages
pnpm outdated

Configuration files

package.json files also apply to pnpm. pnpm also generates a pnpm-lock.yaml file to lock the version of the dependent package.

Production dependencies and development dependencies

In Node.js projects, dependent packages are usually divided into production dependencies (dependencies) and development dependencies (devDependencies).

Production dependencies (dependencies)

Production dependencies are dependent packages required by the project at runtime. These packages are essential to the core functionality of the project and are usually included in the dependencies field.

Install and save to production dependencies:

npm install package-name
yarn add package-name
pnpm add package-name

Development Dependencies

Development dependencies are dependency packages that are only used in the development environment, such as test frameworks, build tools, and development servers. These packages will not be used in the production environment and are usually included in the devDependencies field.

Install and save to development dependencies:

npm install package-name --save-dev
yarn add package-name --dev
pnpm add package-name --save-dev

Configuration file example

Dependency configuration in package.json:

{
  "name": "my-project",
  "version": "1.0.0",
  "dependencies": {
    "express": "^4.17.1"
  },
  "devDependencies": {
    "jest": "^26.6.3"
  }
}

Comparison

Speed

  • npm: comes with Node.js, but is slightly slower to install than Yarn and pnpm.

  • Yarn: uses parallel installation and caching mechanisms, usually faster than npm.

  • pnpm: reduces disk space and installation time through hard links and symbolic links, and is the fastest.

Security

  • npm: No mandatory verification in the default configuration.
  • Yarn: By default, the checksum of each package is checked to ensure that the downloaded package has not been tampered with.
  • pnpm: Also has high security, and ensures consistency through version lock files.

Dependency Management

  • npm and Yarn: Use package-lock.json and yarn.lock files to lock the versions of dependent packages.
  • pnpm: Use pnpm-lock.yaml files and manage dependencies through a unique hard link mechanism.

Command comparison

Functionnpm commandYarn commandpnpm command
Initialize projectnpm inityarn initpnpm init
Install dependenciesnpm installyarnpnpm install
Add dependenciesnpm install package-nameyarn add package-namepnpm add package-name
Delete dependenciesnpm uninstall package-nameyarn remove package-namepnpm remove package-name
Update dependenciesnpm update package-nameyarn upgrade package-namepnpm update package-name
Install dependencies globallynpm install -g package-nameyarn global add package-namepnpm add -g package-name
View global dependenciesnpm list -g --depth=0yarn global listpnpm list -g --depth=0
View local dependenciesnpm list --depth=0yarn list --depth=0pnpm list --depth=0
Check outdated dependenciesnpm outdatedyarn outdatedpnpm outdated

Conclusion

npm, Yarn, and pnpm are the three most commonly used package managers in Node.js, each with its own advantages and disadvantages. npm is the default package manager for Node.js, which is widely used and supported by the community. Yarn provides some improvements, such as faster installation speed and better dependency management. pnpm has become a strong competitor with efficient disk usage and faster installation speed. Developers can choose a suitable package manager based on project requirements and team habits. Understanding the difference between production dependencies and development dependencies will help better manage project dependencies and environments.

Loading Comments...