Every team has to make various decisions before, and during, the development of a digital product. One of these usually involves
3 min read
By Charlie Midtlyng
December 10, 2019
npm: frontend dependencies are downloaded manually and stored into the repositories 📁
npmis released and supports
npmusage is dramatically increasing - primarily due to
Browserifysbrowser support 🎉
npmget a competitor,
bower, that entirely supports browsers 💻
rm -rf node_modulesthe most frequently used command as a frontend developer..? 🗑
bowerlose the battle against
node_modulesare changed to a (more) flatten file structure! 🕸
left-padbecomes the worldwide news of the day 👈
yarnis released 🚀
yarn.locklocks installed versions and provide deterministic dependencies. No more
rm -rf node_modules!
yarn installspend about half the time versus
npm install(without using cache)
npm5 is released 🔓
package-lock.jsonis their new tool,
shrinkwrapis put aside
package-lock.jsontake on the fight against
npm ciis released 🛬
npm6 is released 👮♀️
npmcheck security vulnerabilities for dependencies to be installed
tinkis in beta mode 🦋
node_modulesand rather have one file with hashes for each dependency in the project
As we can see, after the release of
npm has been inspired (and forced?) to develop lots of good tools and mechanisms.
yarn should get credit for addressing some important problems related to
npm and put pressure on their competitor back in 2016. Both speed, security and deterministic package handling are essential features that allow today's developers to focus and concentrate on creating value - and not fighting the tool.
For convenience, I would recommend most teams (who have to make numerous other and more important technologically decisions) to choose the easiest option -
npm. It is shipped with
node and is, in 2019, sufficient enough to handle package management in a good manner.
When using monorepo,
yarn workspaces is a popular alternative whereas
npm doesn't offer an equivalent alternative.
lerna is a package that also supports usage of monorepos and works with both
PS: It should be mentioned that
pnpm is the third option for package management.
pnpm's selling point is not downloading a package if it is already downloaded in another repository - which is similar to dependency management in Java,
maven. At the time of writing,
pnpm is not as mature and production-ready as