Mastering the Art of Node Package Management

Mastering the Art of Node Package Management

Harnessing the Power of NPM, Yarn, and PNPM to Revolutionize Your Workflow

Introduction

Before we deep dive into the world of Node package manager, we need to understand and know what is a package manager.

In simple words, a package manager is a system or set of tools used to automate installing, upgrading, configuring, and using software or applications.

A package manager is not just limited to Node.js, in fact, the OS which we use on a daily basis also uses package managers. E.g.

For MacOS we use the brew package manager. Similarly for Ubuntu, we use the apt-get package manager, and for Windows, the package manager we use is Winget or Chocolatey.

A brief history of Node Package Managers

Node.js comes with a default package manager NPM i.e. Node Package Manager. NPM is the world's largest software registry and hosts more than a million packages that are used by javascript developers daily.

There are other package managers too such as Yarn introduced by Meta, in 2016. Then we have PNPM i.e. Performant Node Package Manager released in 2017.

Together with npm, yarn, and pnpm there were a few more node package managers introduced like tink and ied but later on, was discontinued.

All about the package.json file

The package.json file is a fundamental part of every Node.js project or application and is used by all package managers including NPM, Yarn, and PNPM. The file serves as the manifest of your project and contains metadata about the project and its dependencies.

Here is an example of what a package.json file might look like

{
  "name": "my-node-project",
  "version": "1.0.0",
  "description": "A sample Node.js project",
  "main": "index.js",
  "scripts": {
    "start": "node index.js",
    "test": "jest"
  },
  "dependencies": {
    "express": "^4.17.13"
  },
  "devDependencies": {
    "@types/express": "^4.17.13"
  },
  "keywords": [],
  "author": "",
  "license": "ISC"
}

Here are some of the common properties you will see in a package.json file

  • name: The name of your project and the application.

  • version: The current version of the project.

  • description: A short description of the project.

  • main: The main entry point of your project. Usually, it is the first file that is executed for the application.

  • scripts: It is an object which holds all the script commands that are part of the application's lifecycle such as starting the application, building, testing, etc.

  • dependencies: These are the packages that are required for your application to execute. These are installed using npm install --save <package_name> E.g. express

  • devDependencies: Some packages are required for development purposes only. These are installed using npm i --save-dev <package_name> for e.g types@express

  • There are a few more fields in the package.json file like keywords, author and license etc.

NPM (Node Package Manager)

NPM manages all the packages and modules for Node.js and consists of the command line client npm. It gets installed into the system with the installation of Node.js. The required packages and modules in the Node.js project are installed, uninstalled, and removed using NPM.

Key Features

  • Package installation and management: Easily install, update, and remove packages with simple commands.

  • Dependency resolution: Automatically resolves and installs package dependencies.

  • npm scripts: Run predefined scripts to automate tasks, such as building, testing, and deploying your application.

  • Semantic versioning: Manage package versions using semantic versioning, making it easy to control and update dependencies.

  • Security and auditing: Scanning projects for vulnerabilities and automatically applying patches with npm audit.

Examples

To install, update or remove a package using NPM, simply run the following commands:

# For installing a package
npm install <package_name>

# For updating a package
npm update <package_name>

# To removing a package
npm uninstall <package_name>

# To install all dependencies
npm install

Yarn

If you are looking for fast, reliable, and secure dependency management, yarn is the ultimate choice.

Installation

To install Yarn, we can use npm which comes as the default Node.js package manager. Though they are a few alternatives too for installing Yarn. Let's find out them below.

  • Using npm: Installing yarn package globally allows us to use it across different projects via the command line.

      npm install --global yarn
    
  • For macOS: we can install it via Brew or curl. Let us check the commands to be used.

      # Using brew package manager
      brew install yarn
    
      # Using shell scripts like Curl
      curl -o- -L https://yarnpkg.com/install.sh | bash
    
  • For Windows: You can install it by executing a .msi file, Link available here, or by using a package manager like Chocolatey.

      choco install yarn
    

All about the yarn.lock file

The file yarn.lock is created or updated whenever dependencies are added. By using a lock file and a deterministic installation algorithm, Yarn can ensure that the structure of the node_modules directory is the same in every environment, whether it's your local development machine or a production server.

Key Features

  • Fast & Efficient: Parallel downloads with offline caching and selective version inclusion makes managing packages efficient

  • Deterministic installs: yarn lock files ensures consistent dependency installations across different environments

  • Workspaces: Easily manages multiple packages in a single repository.

  • Improved Security: Enforces strict SSL & checksums which ensures the integrity of downloaded packages.

  • Compatibility: Yarn is compatible with the NPM registry, thus allowing access to millions of NPM packages.

Examples

To install a package using Yarn, run the following command:

# To add a new package 
yarn add <package_name>

# To update an already installed package
yarn upgrade <package_name>

# To remove a package
yarn remove <package_name>

# To install all dependencies for a project
yarn install

PNPM (Performant Node Package Manager)

In simple words, PNPM is a fast, disk-space-efficient package manager.

Installation

  • Using npm: To install PNPM, we can use npm which comes as the default Node.js package manager.

      npm install --global pnpm
    
  • @pnpm/exe is packaged with Node.js into an executable, so it may be used on a system with no Node.js installed.

      npm install -g @pnpm/exe
    
  • For macOS: we can install it via Brew. Let us check the commands to be used. Using the brew package manager:

      brew install pnpm
    
  • For Windows: You can install using a package manager like Chocolatey or Winget.

      # Using Chocolately
      choco install pnpm
    
      # Using winget
      winget install pnpm
    

All about the pnpm-lock file

Like other package managers, PNPM also creates a lock file pnpm-lock.yaml when you install packages. This file ensures that every install results in the exact same dependency tree, across all environments.

Key Features

  • Efficient package storage: Uses a global package store, saving disk space and reducing installation times.

  • Strict Dependency management: Prevents the accidental use of packages that are not explicitly listed in your project's dependencies.

  • Workspaces: Supports mono-repos and simplifies dependency management for multi-package projects.

  • Content addressable caches: Ensures packages are immutable and cacheable, improving performance and security.

    When using npm, if you have 100 projects using a dependency, you will have 100 copies of that dependency saved on disk. With this, the dependency will be stored in a content-addressable store.

    content addressable cache

  • Compatibility: Compatible with the NPM registry, and use most npm-compatible tools.

Examples

To install, update or delete a package using PNPM, run the following command:

# To add a new package 
pnpm add <package_name>

# To update an already installed package
pnpm update <package_name>

# To remove a package
pnpm remove <package_name>

# To install all dependencies for a project
pnpm install

Choosing the right package manager

There's no one-size-fits-all solution when it comes to package managers. The choice depends on your project's requirements and your personal preferences. Here are some guidelines to help you decide:

  • If you prioritize compatibility and the support of a vast ecosystem, NPM is a reliable choice.

  • If speed, security, and offline capabilities are important to you, consider Yarn.

  • If disk space and installation efficiency are your main concerns, PNPM might be the best option.

Feature Comparison

FeatureNPMYarnPNPM
Workspace Support✔️✔️✔️
Hoisted node_modules✔️ (by default)✔️✔️
Isolated node_modules✔️✔️✔️ (by default)
Managing node.js versions✔️
Autoinstalling peers✔️✔️
Lock filepackage-lock.jsonyarn.lockpnpm-lock.yaml
Patching dependencies✔️✔️
Dynamic package execution✔️ via npx✔️ via yarn dlx✔️ via pnpm dlx
Content addressable storage✔️
Zero-Installs✔️
CLI available✔️✔️✔️

Conclusion

Javascript package managers have expanded to offer developers a wide range of choices beyond NPM. While NPM remains the default for many, Yarn and PNPM are also widely used, each bringing its own unique advantages.

Choosing between NPM, Yarn, and PNPM should be based on the specific needs of your project or team.

I hope you have learned something new as I did. If so, kindly like and share the article and also follow me to read more exciting articles.

References