Guide to NPM and Yarn
This article is going to be a simple and beginners perspective on package managers, helpings everyone to learn about the technology.
Package Manager
Introduction
A package manager or package-management system is a collection of software tools that automates the process of installing, upgrading, configuring, and removing computer programs for a computer in a consistent manner.
A package manager deals with packages, distributions of software and data in archive files. Packages contain metadata, such as the software's name, description of its purpose, version number, vendor, checksum (preferably a cryptographic hash function), and a list of dependencies necessary for the software to run properly. Upon installation, metadata is stored in a local package database. Package managers typically maintain a database of software dependencies and version information to prevent software mismatches and missing prerequisites. They work closely with software repositories, binary repository managers, and app stores.
Package managers are designed to eliminate the need for manual installs and updates. This can be particularly useful for large enterprises whose operating systems typically consist of hundreds or even tens of thousands of distinct software packages.
History
Early package managers, from around 1994, had no automatic dependency resolution but could already drastically simplify the process of adding and removing software from a running system.
By around 1995, beginning with CPAN, package managers began doing the work of downloading packages from a repository, automatically resolving its dependencies and installing them as needed, making it much easier to install, uninstall and update software from a system.
Purpose
A software package is an archive file containing a computer program as well as necessary metadata for its deployment. The computer program can be in source code that has to be compiled and built first. Package metadata includes package description, package version, and dependencies (other packages that need to be installed beforehand).
Package managers are charged with the task of finding, installing, maintaining or uninstalling software packages upon the user's command. Typical functions of a package management system include:
Working with file archivers to extract package archives.
Ensuring the integrity and authenticity of the package by verifying their checksums and digital certificates, respectively.
Looking up, downloading, installing, or updating existing software from a software repository or app store.
Grouping packages by function to reduce user confusion.
Managing dependencies to ensure a package is installed with all packages it requires, thus avoiding dependency hell.
NPM
Introduction
NPM basically, stands for Node Package Manager. It is a piece of code that is managed by the Package Manager.
NPM is the world's largest software registry. Open-source developers from every continent use npm to share and borrow packages and many organizations use npm to manage private development as well.
This package manager is used, for accessing or reusing someone else's open-source code managed by NPM by installing it into our project.
Features
NPM is a package manager that manages the 3rd Party Open source code which we can use in our project.
Before using NPM modules, we need to initialize NPM locally using
npm initon your command line in the root of your project folder.Install any NPM package by using the command
npm install <package name>We can install the NPM package globally using the
-gflagAlso, the package can be made development dependent using the
--save-devflag.
Basic Commands
To build projects using NPM, developers need to install Node js on their local computers.
Installation: To download the latest version of npm, on the command line, run the following command:
npm install -g npm /* Now check your version of npm and Node.js */ node -v npm -vDependencies: Now, to add a dependency for a project, suppose say
express.npm install express --saveIf you don’t specify the version, the latest one will be installed.
Once
expressis installed, thenode_modulesfolder will be created with the same contents as an npm project.Indeed you can see how
package.jsongot updated without having to indicate Yarn to do it explicitly// package.json { "name": "npm-article", "version": "1.0.0", "main": "index.js", "license": "MIT", "dependencies": { "express": "^4.14.1" } }Every time you execute NPM commands,
npm_modulesfile will be updated automatically.If you are using version control, it is important not to ignore this file. Instead, you have to put it on your repo and commit its changes.
The objective of
npm_modulesis to ensure that you are using the same versions of your dependencies no matter the environment like Netlify or Vercel.
npm_modulesspecifies the exact version of a package, not a range.So even in
package.jsonwe have ranges."dependencies": { "express": "^4.14.1" }Dev dependencies: Package Managers allow you to specify dev dependencies too, for example for testing you might need
mocha.To install it you run
npm install mocha --devAdd
package.jsonhas a new section."devDependencies": { "mocha": "^3.2.0" }Remove dependencies: You can remove dependencies with
uninstallcommand.For example, to remove
mochajust runnpm uninstall mochaThis command will remove the package, and all of the packages it depends on, and update
package.jsonandnode modules.Change versions: NPM allows you to change the versions of your packages, either if you want to update or install a previous version.
For example, to change
expressfrom4.14.1to3.1.0, you runnpm update express@3.1.0After the command is executed,
node modulesis updated.package.jsonis updated every time you add, upgrade or remove a package.Installing all your modules: When you download an NPM project without its
node_modulesfolder, to install all the modules you have to runnpm installWith the information in
package.json, NPM will install all the necessary modules.To prove this, just remove
node_modulesof the current project and run theinstallcommand.Global modules: If you want to install global modules, you can do it with
global.For example, if you want to add
nodemonglobally just runnpm install nodemon -gglobalis useful too to remove or upgrade global modulesnpm update nodemon -g npm uninstall nodemon -g
Yarn
Introduction
Yarn is a new package manager that is much faster, more reliable and more secure than npm. Facebook has used npm for developing products for a while, but once their products and teams started to grow, they experienced problems related to consistency, security and performance.
Instead of creating a solution for every new problem, they decided to tackle this problem with another approach.
Developed by Facebook in collaboration with Google, Exponent and Tilde, Yarn aims to enhance the development of products by removing the problems caused due to version incompatibility in modules used in the projects.
Features
Much faster installation because every installed package is stored in a local cache.
Enhanced security to verify the integrity of every installed package.
Deterministic because the same dependencies will be installed in the same way no matter the environment.
More intuitive commands.
You can do all of this with 100% compatibility with npm, meaning you don't have to modify your source code in npm projects to switch to Yarn.
Basic Commands
Installation: To access Yarn from the terminal, you have to install it globally.
You can download or install using NPM,
npm install -g yarnOnce the installation is done, we’ll create the folder for the intro folder
mkdir intro cd introThe process for creating a Yarn project is similar to npm and the command used is
inityarn initDependencies: Now, to add
expressas a dependency with Yarn, we need to runyarn add expressYou don’t have to specify
--saveand that’s because Yarn has better defaults.By default, every dependency installed will update
package.json.If you prefer, you can install a specific version for a module with
yarn add express@3.1.0If you don’t specify the version, the latest one will be installed.
Once
expressis installed, thenode_modulesfolder will be created with the same contents as an npm project.Dev dependencies: Similarly, Yarn also allows you to specify dev dependencies too, for example for testing you need
mocha.To install it you run
yarn add mocha --devAnd
package.jsonhas a new section"devDependencies": { "mocha": "^3.2.0" }Remove dependencies: You can remove dependencies with
removecommand.For example, to remove
mochajust runyarn remove mochaThis command will remove the package, and all of the packages it depends on, and update
package.jsonandyarn.lock.Change Versions: Yarn allows you to change the versions of your packages, either if you want to upgrade or install a previous version.
For example, to change
expressfrom4.14.1to3.1.0, you runyarn upgrade express@3.1.0After the command is executed,
yarn.lockis updated.yarn.lockis updated every time you add, upgrade or remove a package.Installing all your modules: When you download a Yarn project without its
node_modulesfolder, to install all the modules you have to runyarn installWith the information in
yarn.lock, Yarn will install all the necessary modules.To prove this, just remove
node_modulesof the current project and run theinstallcommand. Yarn uses a local cache that makes it faster than npm.Global Modules: If you want to install global modules, you can do it with
global.For example, if you want to add
nodemonglobally just runyarn global add nodemonglobalis useful too to remove or upgrade global modulesyarn global upgrade nodemon yarn global remove nodemon
Conclusion
I hope you find this article useful and be able to start using NPM & Yarn in your projects to enhance your workflow. To be precise, Yarn offers a lot of new and enhanced features, but it's totally on you or your project what it needs for development.
Thanks for reading. And happy coding!