Package Manager Battle

npm vs yarn — credit: Rising Stack Blog

I’ve been recently working with some companies on technical challenges and projects where they’ve used different package managers than I’m used to. Package managers are used to help manage a project’s dependencies, which is a piece of code that is required for a project to work. As projects start to grow, we need help to include, remove, and update code within them, which is the purpose of the package managers. During my time at Flatiron, we typically used npm, but recently I’ve been using yarn. I’ve never understood the difference between the two nor knew the history, so I’ve decided to look into it for this blog.

What is npm? What is yarn?

NPM stands for “Node Package Manager” and is the default package manager for the JavaScript runtime environment Node.js. It consists of three components: the website to manage aspects of the experience, the CLI to interact with npm via the terminal, and the registry to access the public library. It was released in 2010.

Yarn stands for “Yet Another Resource Negotiator” and is a package manager developed by Facebook. The main reason for the creation of yarn was to address some of the performance and security issues of working with npm at the time of release. However, npm has since gone through improvements in these areas. As a result, there are a lot of similarities between. the two. While npm is install automatically with Node, yarn can be installed using npm.


While they have similar functions between them, there are some differences between them as well (outside of syntax, of course), with the major ones below:


Performance is an important consideration when managing a large number of packages and one of the main reasons Yarn was developed was to overcome the issues npm initially had. Through various tests, yarn is the clear winner in performance speed. The main reason is because Yarn installs multiple packages at once, while npm installs each one, one at a time. Yarn also has an offline mode feature that uses a caching mechanism for fast download of previously downloaded packages.


The other main reason Yarn was created was due to security challenges with npm. Yarn was initially regarded as more secure, but npm then introduced significant security improvements. Npm v6 now has security built-in and if code is being install with a known security vulnerability, npm will automatically issue a warning. Yarn’s security includes using checksum to verify the integrity of every package and the ability to check licenses of the installed packages.

Managing Dependencies

While both package managers create a lock file (npm creates a package-lock.json file and yarn creates a yarn.lock file), that are some differences between them. NPM’s lock file is a little more complex and generates the same node_modules folder for different npm versions. Every dependency will have an exact version number associated with it. Yarn lock files help with easy merges, making them a bit more predictable. These are not recommended to be used together as they can create conflicts. Yarn, however, created a new feature to bring awareness between the package managers to allow developers with transition from npm to Yarn. Npm will eventually include this as well.


While Yarn does seem to have advantages, choosing technology that is widely adopted can aid with getting help faster when experiencing any challenges. Since npm has been out a lot longer and is the default package manager, it’s definitely more popular, but only by a little bit as Yarn is gaining traction amongst the community. Both yarn and npm are, in a way, using each other to bring themselves to the next level so choosing one or the other can be pretty difficult as it just mostly depends on requirements, tastes, and preferences.




Software Engineer based out of the San Francisco Bay Area. Flatiron School graduate with 8+ years background in healthcare.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Dynamic Dark/Light Mode On the Web

Securing a React Web App With Server-side Authentication

React Native with HMS Push Kit

Very good tutorial,I want to have this in pdf ,please let me know if possible

Refactoring with React, then Deploying it to a Shared Hosting

🤩 It’s the end of the WEEK, but a great start to LEARN more about @VSTMEX and how it can generate…

Node.js Mentorship Working Group

How to upload multiple images to Google Cloud Storage using React Native, Express, and multer.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Scott Espinosa

Scott Espinosa

Software Engineer based out of the San Francisco Bay Area. Flatiron School graduate with 8+ years background in healthcare.

More from Medium

🛑 Some Of The Common ESLint Errors and their solutions 🛑

How to use GraphQL Directives efficiently?

GraphQL Directives

Krakend — Writing a Private Plugin API Gateway With a Private Service Authorizer Provider Rules

LinguiJS: Managing message catalogs across multiple application instances