YARN vs. NPM

Justin Dumadag
May 17, 2018 · 4 min read

Inspired by the latest (May 2018 if you’re reading this at a later time) viral trend of Yanni vs Laurel this blog is going to explain the differences between NPM and Yarn. The first few labs in React we were told to use the NPM install and start CLI commands. While in lecture my instructor had recommended us to install Yarn. So while I am in the first week of learning React and the only thing I am certain they do is that NPM takes a really long time to install on my Mac, I decided to learn what both of these are and familiarize myself with them and provide a small summary in their differences.

What is NPM and Yarn?

Both NPM and Yarn are both package managers. Package Managers is essentially a way to automate the process of installing, upgrading, configuring or removing software.

Upon further research I learned that Yarn was created by Facebook as an alternative to NPM. They created Yarn to solve the problems they were having while using NPM particularly the problems with consistency, security and speed. Yarn has the same feature set while operating faster, more securely and most importantly more reliable.

With the introduction of Yarn it overtook NPM as the preferred manager. Using GitHub’s star counter, Yarn is nearly double that of NPM.

Speed

In terms of installation speed Yarn trumps NPM. Many have done benchmark tests and Yarn edges out NPM in every aspect. This is due to the fact that Yarn installs multiple packages at once compared to NPM which installs one at a time.

Speed Trial of Yarn vs. NPM

Security

Another reason Facebook developed Yarn was NPM’s security issues. NPM allowed packages to run code on installation. NPM will run code from dependencies automatically and on the fly. While this feature has its conveniences, it raised a few security concerns.

How Yarn is different in NPM is that Yarn only installs from your yarn.lock or package.json files. Yarn.lock ensures that the same package is installed throughout all devices, this reduces the possibility of bugs from having different versions installed. Facebook had problems with the consistency with NPM when installing dependencies across different users and machines. Yarn can also be run offline to install packages if you have already installed them in the past (NPM needs an internet connection to install packages.)

NPM vs Yarn Cheat Sheet. https://shift.infinite.red/npm-vs-yarn-cheat-sheet-8755b092e5cc

NPM Version 5.0

With their newest release if npm 5 many of the shortcomings of NPM were addressed.

  • NPM 5 introduced the package-lock.json file for better versioning control.
  • NPM 5 is now much faster, but Yarn still edges them out in terms of speed.
  • Now supports offline installation for previously downloaded packages.

Conclusion

Both NPM and Yarn are great tools in managing your projects dependencies. There are a lot of improvements Yarn has over npm from faster speeds and stronger security. Many say that if you are already familiar with NPM that a jump to Yarn isn’t really necessary, especially with the release of version 5. Personally I will favor Yarn over NPM mainly because of the speed and that the instructors here at Flatiron prefer Yarn over NPM. But it all boils down to a matter of preference.

Justin Dumadag

Written by

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade