Node Package Manager (npm) is one of several package managers (default for Node.js) released in 2010. It is used to manage dependencies for packages.
npm consists of:
- The npm’s website makes it possible to find third-party packages, create and manage your packages;
- npm CLI;
What is package.json?
The package.json file additionally features a script property for running command-line tools installed in the project’s local context. You can execute all of these by running `npm run-script <stage>` or `npm run <stage>` for short. You can run scripts from dependencies with `npm explore <pkg>` or `npm run <stage>` for short.
With the recent addition of `npx` (Node Package Executor), these project-related node_modules commands can be run just like a globally installed program.
Dependencies or devDependencies?
They are represented as key-value objects, where the key is the names of the npm libraries and the value is their semantically formatted versions.
Understanding possible signs that come before semantic versions (assume that you are acquainted with the `major.minor.patch` model of the server) is important:
`^` – latest minor release.
`~` – latest patch release.
What is package-lock.json?
More information about npm commands you can find here.
What are the differences between npm and yarn?
Let’s have a quick look at what is yarn. Yarn (or Yet Another Resource Negotiator) launched in October 2016 and is an NPM package for projects using Node.js packages. The yarn was developed to hide the weaknesses and bugs of npm packages as it is quick, stable, and secure. Likewise, it has a lock file that keeps versions of packages stably running in an identical project on multiple systems.
Now let’s compare yarn and npm
- Although Yarn is newer than npm, it appears to be more widely used and popular than npm.
- npm doesn’t need to be installed because it’s included in the sub-core of Node.js. The yarn is a package of npm, so it can be installed with the command `npm install yarn`.
- Both yarn and npm use similar management methods for dependencies. Both provide a package.json file in the root of the project’s working directory. All required project-related metadata is stored in this file. It helps to manage the dependencies versions of the project, scripts, etc. For both batch managers, the dependencies files are stored in the node_modules folder. In Yarn 2 this folder will by default not be supported anymore. Yarn and npm both provide an automatically generated lock file (yarn.lock and package-lock.json) with records of the exact versions of the dependencies used in the project.
- Security stands as another major point contributing to the yarn and npm. The yarn was originally considered more secure and the npm has been very successful in adding security enhancements.
These packages are both perfectly designed to manage and maintain your project’s dependency hierarchy. They have a great and supportive community. In conclusion, the choice between npm and yarn depends on your specific preferences and project requirements.