Tech Talk - Comparing JS package managers

Transcript

1. Comparing JS package managers

2. In modern application development we prefer to use existing open-source

   packages

3. Faster development, access to new, regular updates, and better security

   than custom-created script

4. Package often depends on many other packages to work correctly

5. Nested dependencies can become complex that they are unable to

   handle dependency management manually

6. Package managers

7. Package managers are tools that automatically handle the dependencies of

   a project

8. Package manager can install new — or update existing —

   packages with a single command

9. As JavaScript developers, we have access to several package managers

   today

10. Package Managers Overview

11. • npm was the first package manager to introduce the

    concepts • released back in 2010 and officially adopted by the Node.js • online registry for JavaScript packages as well as a command-line tool

12. • npm is significantly slower than its counterparts • history

    of serious security vulnerabilities

13. Companies like Facebook and Google joined efforts to develop a

    better version of npm and call it Yarn Ukrainian developer Zoltan developed pnpm

14. All of these package managers are open-source, meaning you have

    full access to check the inner workings of each one
15. None

16. • Automatically generates a package-lock.json • Manage local or global

    dependencies • can handle multiple versions of dependencies • Official registry Benefits
17. None

18. • Yarn fixes many issues that appear in a Monorepo

    • Use of an offline cache mechanism (~/.yarn-cache) • Use of a lock file called - yarn.lock • Built-in license checker • Uses an approach called parallel downloads • Automatically retry the HTTP request in case of failure Benefits
19. None

20. • Offers significantly better disk space usage and speed •

    installs all packages on a single location and then uses symlinks to reference them • introduces a new Yarn-bash-like setting called shell-emulator, a cross-platform shell environment • has a strict access control mechanism Benefits

21. Package manager comparison

22. npm, Yarn, and pnpm offer almost identical commands for their

    various operations, and they are all easy to use
23. None

24. Speed There’s no match to pnpm when it comes to

    the speed and performance of these package managers Benchmark

25. The speeds of Yarn and npm are comparable if we

    perform an install operation by just using node_modules and skip cache and lock file functionality, then npm could offer 5x better speed if we use all three functionalities, then Yarn could boost its performance and becomes 11x faster than npm

26. Security The major advantage of Yarn over npm is that

    it verifies the integrity of each package using checksums npm is a bit more forgiving when it comes to working with bad packages.

27. Stability Over time, their codebase has matured because they’ve received

    tons of contributions from the open-source community.

28. Monorepos But both Yarn and pnpm have complete support for

    monorepos, thanks to their concept of workspaces.

29. If you are searching for a solution that gives you

    better speed and efficient memory usage, you should strongly consider using pnpm

30. If you are handling monorepos, you can use pnpm or

    Yarn to do so. However, keep in mind that Yarn sends usage data to Facebook, which may not make Yarn a suitable choice in some scenarios.

31. Q & A

32. HypeTech Tech education and shaping ideas into hype products hypetech.io

    | reactweek.dev Marko Arsić Founder and CEO @ HypeTech Founder of HypeTech Education Lecturer @ ReactWeek.dev Independent Tech Consultant Helping companies set up teams and standardize the development process github.com/marsicdev

33. As everything good in life, knowledge is great only when

    shared hypetech.io/education

34. [email protected]