I'm always on the lookout for tools that can improve my workflow and boost the efficiency of my projects as a software developer. That's why I was thrilled when I came across pnpm, a revolutionary package manager that outperforms both Yarn and NPM.
With pnpm, I've experienced a significant increase in speed and performance. It utilizes symbolic links instead of copying packages to node_modules, resulting in faster installation times and reduced disk space usage.
Join me as we uncover the power of pnpm and why it's the game-changer we've been waiting for.
Introduction to PNPM
I find the introduction to pnpm quite intriguing, especially its performance compared to yarn and NPM.
According to the information provided, pnpm is a performant node package manager that offers faster and more efficient installation compared to yarn or NPM. The p in pnpm stands for performant — and wow, it really does deliver performance!
One interesting feature of pnpm is its use of symbolic links instead of copying packages to the node_modules directory. This not only speeds up the installation process but also reduces disk space usage.
It's also worth noting that many big monorepos, are already using pnpm. Additionally, the conversion process from npm or yarn to pnpm seems seamless with the 'pnpm import' command.
Right out of the gate, pnpm seems like a promising package manager with its superior performance and efficiency. But lets compare them first to our traditional choices, NPM and Yarn.
Here's a quick overview of the benchmark data for JavaScript package managers that PNPM provides us with:
| action | cache | lockfile | node_modules | npm | pnpm | Yarn | Yarn PnP |
|---|---|---|---|---|---|---|---|
| install | 49.6s | 13.9s | 22.1s | 20.2s | |||
| install | ✔ | ✔ | ✔ | 4s | 1.7s | 695ms | n/a |
| install | ✔ | ✔ | 15.6s | 4.8s | 8.8s | 668ms | |
| install | ✔ | 25.3s | 9.4s | 22.8s | 15.2s | ||
| install | ✔ | 31.2s | 10.1s | 8.9s | 670ms | ||
| install | ✔ | ✔ | 4.4s | 3.6s | 16s | n/a | |
| install | ✔ | ✔ | 3.8s | 1.7s | 681ms | n/a | |
| install | ✔ | 4.4s | 9.3s | 16.6s | n/a | ||
| update | n/a | n/a | n/a | 13.1s | 6.4s | 8.7s | 16.9s |
What is PNPM?
pnpm is a drop-in replacement for npm. It is built on top of npm and is much faster and more efficient than its predecessor. It is highly disk efficient and solves inherent issues in npm. In this article, I will discuss pnpm in detail. I will explain how it works and will go through why pnpm is a perfect replacement for npm or yarn.
Let's start with discussing the similarities with existing package managers.
Similarities with NPM and Yarn
There are several similarities between pnpm and both npm and yarn, such as their installation process and commands.
When it comes to installing packages, pnpm, npm, and yarn all have a similar workflow. They all use a command to install packages, and the installation process is straightforward.
Additionally, pnpm has its own variant of yarn workspaces, which allows for the management of multiple projects within a single repository. This feature is compatible with monorepos, just like mpm and yarn.
To learn more about pnpm and its similarities with npm and yarn, the pnpm website provides documentation that covers all the necessary information.
If you're considering switching from mpm or yarn to pnpm, the conversion process is seamless with the 'pnpm import' command.
Overall, pnpm offers familiarity and ease of use for those already familiar with mpm and yarn.
Flexibility in choosing your package manager
Since pnpm offers a faster installation process and efficient disk usage, I can easily switch back to yarn or npm if I prefer, based on future updates. Having the flexibility to choose the package manager that best suits my needs is important when it comes to managing my projects.
While pnpm provides significant advantages in terms of speed and disk space usage, it's crucial to consider the entire workflow and the tools I'm accustomed to using. Upgrading to new tools can bring great benefits, but it's also essential to evaluate the impact on my existing projects and workflows.
With pnpm, I've the option to switch back to yarn or npm if I find that they better align with my preferences or if future updates bring significant improvements. This flexibility ensures that I can adapt to changes in the ecosystem while maintaining a smooth and efficient development process.
Advantages of using PNPM
There are several advantages that PNPM has over NPM or Yarn. Let's take a closer look at these similarities and see why PNPM is likely the better choice.
Efficiency in disk usage
With pnpm, packages are stored in the pnpm directory instead of duplicating them in the project's node_modules, resulting in a more efficient use of disk space and reducing redundancy.
This is a game-changer for developers like me who work on projects with multiple dependencies and versions. In the past, using package managers like npm or yarn would lead to unnecessary duplication of packages, taking up valuable disk space.
But with pnpm, I no longer have to worry about that. It saves disk space by only installing the packages used in the project. This not only makes my projects more efficient but also benefits agency projects with multiple projects.
Now, I can focus on writing code without the worry of bloated node_modules folders.
Improved speed - especially installation speed
Installing packages with pnpm is faster than with mpm and comparable to yarn in most cases, taking around 2.7 seconds with a non-empty cache. This means that using pnpm as a package manager can significantly speed up the installation process for my projects. Compared to npm, which ranges from 2.1 to 3.1 seconds, and yarn, which ranges from 2.1 to 37 seconds, pnpm offers a competitive speed advantage.
With a non-empty cache, pnpm's installation time is even more impressive. This efficiency allows me to save valuable time and focus on other aspects of my development workflow. Additionally, pnpm's use of symbolic links instead of copying packages to node_modules contributes to its speed and efficiency.
Overall, pnpm proves to be a reliable and fast package manager option for my projects.
Security features
NPM
Unfortunately npm has been rather lenient when it comes to handling problematic packages, resulting in security vulnerabilities that directly impacted numerous projects. For instance, in version 5.7.0, executing the sudo npm command on a Linux OS allowed changing the ownership of system files, rendering the OS unusable.
Another incident occurred in 2018 and involved the theft of Bitcoin. EventStream, a popular Node.js package, introduced a malicious dependency in version 3.3.6. This malicious package contained an encrypted payload intending to steal Bitcoin from developers' machines.
To address these concerns, newer npm versions utilize the SHA-512 cryptography algorithm in the package-lock.json to verify package integrity during installation.
Overall, npm has made significant strides in addressing security issues, especially when compared to Yarn.
Yarn
Both Yarn Classic and Yarn Berry have implemented package integrity verification through checksums stored in yarn.lock since their inception. Yarn also takes preventive measures to avoid installing undeclared malicious packages during installation, aborting the process if a mismatch is found.
Yarn Berry, specifically in PnP (Plug and Play) mode, mitigates the security problems associated with the traditional node_modules approach. Unlike Yarn Classic, Yarn Berry enhances command execution security. It only allows running binaries of explicitly declared dependencies in package.json. This security feature resembles pnpm, which I'll describe next.
PNPM
Obviously pnpm also employs checksums to verify the integrity of every installed package before executing its code, but as mentioned earlier, NPM and Yarn classic have security issues related to hoisting.
Fortunately, pnpm circumvents this problem by not using hoisting and instead generates nested node_modules folders, eliminating the risk of unauthorized dependency access. This ensures that dependencies can only access other dependencies if explicitly declared in package.json.
This aspect is particularly crucial in a monorepo setup, as discussed, as the hoisting algorithm can sometimes lead to phantom dependencies and doppelgangers.
Migrating from NPM or Yarn to PNPM
If your projects use npm or yarn, then migrating to pnpm will not be very difficult. Here is a comparison of commands between npm, yarn, and pnpm. If you need any help, let me know!
| npm command | Yarn command | pnpm equivalent |
|---|---|---|
| npm install | yarn | pnpm install |
| npm install [pkg] | yarn add [pkg] | pnpm add [pkg] |
| npm uninstall [pkg] | yarn remove [pkg] | pnpm remove [pkg] |
| npm update | yarn upgrade | pnpm update |
| npm list | yarn list | pnpm list |
| npm run [scriptName] | yarn [scriptName] | pnpm [scriptName] |
| npx [command] | yarn dlx [command] | pnpm dlx [command] |
| npm exec | yarn exec [commandName] | pnpm exec [commandName] |
| npm init [initializer] | yarn create [initializer] | pnpm create [initializer] |
So whats the verdict? PNPM is my choice.
In summary, based on the comparison of installation speed and disk usage efficiency, pnpm emerges as the superior package manager, outperforming both NPM and Yarn in most cases.
When it comes to installation speed, pnpm proves to be faster than NPM and comparable to Yarn. Running 'pnpm install' takes only around 2.7 seconds with a non-empty cache, while NPM and Yarn can take anywhere from 2.1 seconds to 37 seconds.
Additionally, pnpm excels in efficiency of disk usage. By only installing the necessary packages and storing them in its own directory, pnpm reduces disk space usage significantly. On the other hand, NPM and Yarn duplicate packages, resulting in larger disk space usage.
Overall, pnpm offers a faster installation process and more efficient disk usage, making it the preferred choice for many developers.
Installing pnpm is super easy on macOS, especially if you use Homebrew:
brew install pnpmConclusion
In conclusion, pnpm proves to be a game-changer in the world of package managers. Its use of symbolic links instead of copying packages leads to faster installation times and reduced disk space usage.
The seamless transition from Yarn or NPM to pnpm through the 'pnpm import' command makes it a convenient choice for developers.
With its compatibility with big monorepos and workspaces, pnpm is undoubtedly a revolutionary tool that outperforms both Yarn and NPM in terms of speed, efficiency, and flexibility.