When comparing Yarn vs NPM, the Slant community recommends Yarn for most people. In the question“What are the best front-end package managers?” Yarn is ranked 1st while NPM is ranked 2nd. The most important reason people chose Yarn is:
One of the most important aspects of Yarn is determinism (predictability). The lock file ensures that the same dependencies will always be installed in the same way and order regardless of the machine for a given repository.
Specs
Ranked in these QuestionsQuestion Ranking
Pros
Pro The same results will be yielded every time yarn is run in a repository
One of the most important aspects of Yarn is determinism (predictability). The lock file ensures that the same dependencies will always be installed in the same way and order regardless of the machine for a given repository.
Pro Can tell you why a package was installed
yarn why <query>
can tell you why a package was installed and what other packages depend on it.
Pro Good network performance
Yarn efficiently queues up requests and avoids request waterfalls in order to maximize network utilization.
Pro Offline mode
If you've installed a package before, you can install it again without any internet connection.
Pro Flat Mode
Resolve mismatching versions of dependencies to a single version to avoid creating duplicates.
Pro Multiple registries
Install any package from either npm or Bower and keep your package workflow the same.
Pro Network resilience
A single request failing won't cause an install to fail. Requests are retried upon failure.
Pro Good documentation
It looks like it has good documentation.
Pro Security is put at the forefront
Even though it's still in its early stages of development, security is one of the core values on which Yarn is built. It uses checksums to verify the integrity of every package before executing its code. This also helps avoiding errors related to faulty caching or captive portals.
Further steps are also being taken to improve the security of Yarn which will be implemented in the future.
Pro Built by the community for the community
Even though it's backed by Facebook, Yarn is built as a community project first and foremost. It's completely open source and hosted on Github. It's released under a standard open source client and has its own GitHub organization and set up to work under the same governance model that other successful projects have used in the past, such as Rust and Ember.
All of this means that both existing and new contributors will always work together to improve the product and introduce new features while also keeping in mind suggestions coming from the community.
Pro Backed by Facebook and Google
Was created in a collaboration of Facebook with Exponent, Google and Tilde.
Pro Compatible with any CLI
NPM is compatible with any CLI the developer wants to use.
Pro Plenty of helpful NPM modules/plugins
NPM has a strong community that has developed plenty of libraries and plugins that are useful to developers.
Pro Very concise configuration
NPM scripts require fewer lines of code to run a given task. This is true even when it's for running build processes. Using Unix pipes lots of tasks can be reduced to one-liners.
Pro Does not need any wrapper modules
With other task runners, you need to install wrapper modules for tools you may already have installed. When using NPM that's not necessary, to use the tools you need, just install them directly through NPM.
Pro Part of node.js distribution
Pro You're most likely using NPM already
Pro Uncomplicated package management system
When it works...
Cons
Con Takes up disk space
Yarn adds to your disk space usage since it stores dependencies locally.
Con Custom tasks require additional keyword 'run'
Only a few standard tasks support being executed without the run
keyword (e.g., npm start
vs npm run customtask
)
Con Not a build system, only a task runner
It is supposed to be used for running gulp, webpack or whatever. But it is not supposed to be used as a build system.
Con Passing parameters is awkward
In order to pass additional parameters to npm you must add them after --
(e.g., npm run build -- --custom='foo'
).
Con Badly documented
Less than bare minimum official documentation leaves users in the dark without taking often expensive external courses. Even the --help text has unpluggable gaps. One official source notes the documentation isn't adequate yet nothing has been done to fix this.
Con Lot of issues with authentication and random node problems
Unable to recover from common depencies conflicts consistantly. Error messages are not always helpful to debugging. Doesn't account well for users with different versions of node.
Con Does not run well with Windows
Since a lot of projects that use NPM as a build tool most of the time make use of Bash scripts as well. This means that open source projects that run the command npm run
may run into issues when used in a Windows environment.
Con Doesn't allow you to create build process with complicated logic on its own
In complex heterogeneous app you will quickly migrate to gulp, webpack or whatever leaving to NPM only simple task running responsibility.