npm Alternatives: yarn and pnpm

While npm is the default package manager for Node.js, alternatives like Yarn and pnpm offer different features and performance characteristics.

Why Consider Alternatives?

Speed - Faster installation times
Disk space - More efficient storage
Features - Workspaces, plug'n'play
Security - Different security models

Yarn

Yarn was created by Facebook in 2016 to address npm's shortcomings at the time.

Installing Yarn

# Using npm
npm install -g yarn

# Using corepack (recommended)
corepack enable
corepack prepare yarn@stable --activate

Basic Commands

npm	Yarn
`npm install`	`yarn` or `yarn install`
`npm install pkg`	`yarn add pkg`
`npm install -D pkg`	`yarn add -D pkg`
`npm uninstall pkg`	`yarn remove pkg`
`npm run script`	`yarn script`
`npm init`	`yarn init`

Yarn Features

Workspaces - Built-in monorepo support:

{
  "workspaces": [
    "packages/*"
  ]
}

Plug'n'Play (PnP) - Skip node_modules entirely:

yarn set version berry
yarn config set nodeLinker pnp

Offline Cache - Install packages offline from cache.

Yarn Lock File

Yarn uses yarn.lock:

lodash@^4.17.0:
  version "4.17.21"
  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz"
  integrity sha512-v2kDE...

pnpm

pnpm (performant npm) is known for speed and disk efficiency.

Installing pnpm

# Using npm
npm install -g pnpm

# Using corepack
corepack enable
corepack prepare pnpm@latest --activate

# Standalone install
curl -fsSL https://get.pnpm.io/install.sh | sh -

Basic Commands

npm	pnpm
`npm install`	`pnpm install`
`npm install pkg`	`pnpm add pkg`
`npm install -D pkg`	`pnpm add -D pkg`
`npm uninstall pkg`	`pnpm remove pkg`
`npm run script`	`pnpm script`

pnpm's Secret: Content-Addressable Storage

Instead of copying packages to each project, pnpm:

Stores all packages in a global store
Creates hard links to the store
Drastically reduces disk usage

Traditional (npm/yarn):
project-a/node_modules/lodash/  (full copy)
project-b/node_modules/lodash/  (full copy)
project-c/node_modules/lodash/  (full copy)

pnpm:
~/.pnpm-store/lodash-4.17.21/   (single copy)
project-a/node_modules/.pnpm/   (hard links)
project-b/node_modules/.pnpm/   (hard links)
project-c/node_modules/.pnpm/   (hard links)

pnpm Lock File

pnpm uses pnpm-lock.yaml:

lockfileVersion: '6.0'
dependencies:
  lodash:
    specifier: ^4.17.0
    version: 4.17.21
packages:
  /lodash@4.17.21:
    resolution: {integrity: sha512-v2kDE...}

Comparison Table

Feature	npm	Yarn	pnpm
Speed	Good	Fast	Fastest
Disk Usage	High	High	Low
Lock File	package-lock.json	yarn.lock	pnpm-lock.yaml
Workspaces	Yes	Yes	Yes
Plug'n'Play	No	Yes	No
Strict	No	No	Yes

Practice: Command Comparison

When to Use Which

Use npm When

You want the standard, official tool
You're following tutorials (most use npm)
You don't need special features
Project is small to medium

Use Yarn When

You need Plug'n'Play (PnP)
You're in a Facebook-like ecosystem
You want yarn workspaces syntax
Team already uses Yarn

Use pnpm When

Disk space is a concern
You have many projects with shared dependencies
You want strict dependency resolution
Speed is critical

Corepack: The Future

Corepack is a tool that manages package managers:

# Enable corepack
corepack enable

# Set package manager for project
corepack use pnpm@8.x

# This adds to package.json:
{
  "packageManager": "pnpm@8.12.0"
}

Now anyone cloning the project uses the right package manager.

Migrating Between Package Managers

From npm to pnpm

# Remove npm lock file
rm package-lock.json

# Install with pnpm
pnpm install

From npm to Yarn

rm package-lock.json
yarn

Import Lock Files

# pnpm can import from npm
pnpm import

# Yarn can import from npm
yarn import

Monorepo Support

All three support workspaces:

{
  "workspaces": ["packages/*"]
}

# npm
npm install

# yarn
yarn

# pnpm
pnpm install

Key Takeaways

npm - Standard, widely used, reliable
Yarn - Fast, good DX, Plug'n'Play
pnpm - Fastest, disk-efficient, strict
Corepack - Pin package manager version
All three are production-ready

What's Next?

Let's learn how to publish your own packages to npm.

npm Alternatives: yarn and pnpm

While npm is the default package manager for Node.js, alternatives like Yarn and pnpm offer different features and performance characteristics.

Why Consider Alternatives?

Speed - Faster installation times
Disk space - More efficient storage
Features - Workspaces, plug'n'play
Security - Different security models

Yarn

Yarn was created by Facebook in 2016 to address npm's shortcomings at the time.

Installing Yarn

# Using npm
npm install -g yarn

# Using corepack (recommended)
corepack enable
corepack prepare yarn@stable --activate

Basic Commands

npm	Yarn
`npm install`	`yarn` or `yarn install`
`npm install pkg`	`yarn add pkg`
`npm install -D pkg`	`yarn add -D pkg`
`npm uninstall pkg`	`yarn remove pkg`
`npm run script`	`yarn script`
`npm init`	`yarn init`

Yarn Features

Workspaces - Built-in monorepo support:

{
  "workspaces": [
    "packages/*"
  ]
}

Plug'n'Play (PnP) - Skip node_modules entirely:

yarn set version berry
yarn config set nodeLinker pnp

Offline Cache - Install packages offline from cache.

Yarn Lock File

Yarn uses yarn.lock:

lodash@^4.17.0:
  version "4.17.21"
  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz"
  integrity sha512-v2kDE...

pnpm

pnpm (performant npm) is known for speed and disk efficiency.

Installing pnpm

# Using npm
npm install -g pnpm

# Using corepack
corepack enable
corepack prepare pnpm@latest --activate

# Standalone install
curl -fsSL https://get.pnpm.io/install.sh | sh -

Basic Commands

npm	pnpm
`npm install`	`pnpm install`
`npm install pkg`	`pnpm add pkg`
`npm install -D pkg`	`pnpm add -D pkg`
`npm uninstall pkg`	`pnpm remove pkg`
`npm run script`	`pnpm script`

pnpm's Secret: Content-Addressable Storage

Instead of copying packages to each project, pnpm:

Stores all packages in a global store
Creates hard links to the store
Drastically reduces disk usage

Traditional (npm/yarn):
project-a/node_modules/lodash/  (full copy)
project-b/node_modules/lodash/  (full copy)
project-c/node_modules/lodash/  (full copy)

pnpm:
~/.pnpm-store/lodash-4.17.21/   (single copy)
project-a/node_modules/.pnpm/   (hard links)
project-b/node_modules/.pnpm/   (hard links)
project-c/node_modules/.pnpm/   (hard links)

pnpm Lock File

pnpm uses pnpm-lock.yaml:

lockfileVersion: '6.0'
dependencies:
  lodash:
    specifier: ^4.17.0
    version: 4.17.21
packages:
  /lodash@4.17.21:
    resolution: {integrity: sha512-v2kDE...}

Comparison Table

Feature	npm	Yarn	pnpm
Speed	Good	Fast	Fastest
Disk Usage	High	High	Low
Lock File	package-lock.json	yarn.lock	pnpm-lock.yaml
Workspaces	Yes	Yes	Yes
Plug'n'Play	No	Yes	No
Strict	No	No	Yes

Practice: Command Comparison

When to Use Which

Use npm When

You want the standard, official tool
You're following tutorials (most use npm)
You don't need special features
Project is small to medium

Use Yarn When

You need Plug'n'Play (PnP)
You're in a Facebook-like ecosystem
You want yarn workspaces syntax
Team already uses Yarn

Use pnpm When

Disk space is a concern
You have many projects with shared dependencies
You want strict dependency resolution
Speed is critical

Corepack: The Future

Corepack is a tool that manages package managers:

# Enable corepack
corepack enable

# Set package manager for project
corepack use pnpm@8.x

# This adds to package.json:
{
  "packageManager": "pnpm@8.12.0"
}

Now anyone cloning the project uses the right package manager.

Migrating Between Package Managers

From npm to pnpm

# Remove npm lock file
rm package-lock.json

# Install with pnpm
pnpm install

From npm to Yarn

rm package-lock.json
yarn

Import Lock Files

# pnpm can import from npm
pnpm import

# Yarn can import from npm
yarn import

Monorepo Support

All three support workspaces:

{
  "workspaces": ["packages/*"]
}

# npm
npm install

# yarn
yarn

# pnpm
pnpm install

Key Takeaways

npm - Standard, widely used, reliable
Yarn - Fast, good DX, Plug'n'Play
pnpm - Fastest, disk-efficient, strict
Corepack - Pin package manager version
All three are production-ready

What's Next?

Let's learn how to publish your own packages to npm.