Trying to give a better overview for beginners.
npm has been historically (2010) the most popular package manager for JavaScript. If you want to use it for managing the dependencies of your project, you can type the following command:
npm init
This will generate a package.json
file. It contains all the dependencies of the project.
Then
npm install
would create a directory node_modules
and download the dependencies (that you added to the package.json
file) inside it.
It will also create a package-lock.json
file. This file is used to describe the tree of dependecies that was generated. It allows developpers to install exectly the same dependencies. For example, you could imagine a developper upgrading a dependency to v2 and then v3 while another one directly upgrading to v3.
npm installs dependencies in a non-deterministically way meaning the two developper could have a different node_modules
directory resulting into different behaviours. **npm has suffered from bad reputation as for example
in February 2018: an issue was discovered in version 5.7.0 in which running sudo npm on Linux systems would change the ownership of system files, permanently breaking the operating system.
To resolve those problems and others, Facebook introduced a new package manager (2016): Yarn a faster, more securely, and more reliably package manager for JavaScript.
You can add Yarn to a project by typing:
yarn init
This will create a package.json
file. Then, install the dependencies with:
yarn install
A folder node_modules
will be generated. Yarn will also generate a file called yarn.lock
. This file serve the same purpose as the package-lock.json
but is instead constructed using a deterministic and reliable algorithm thus leading to consistant builds.
If you started a project with npm, you can actually migrate to Yarn easily. yarn will consume the same package.json
. See Migrating from npm for more details.
However, npm has been improved with each new releases and some projects still uses npm over yarn.