首页 > web前端 > js教程 > 了解包管理器:pnpm、npm、yarn

了解包管理器:pnpm、npm、yarn

PHPz
发布: 2024-08-09 01:00:22
原创
1070 人浏览过

Understanding Package Managers: pnpm vs npm vs yarn

了解包管理器:pnpm、npm、yarn

您现在可能应该知道,包管理器是 JavaScript 生态系统中的重要工具,可以自动执行安装、更新、配置和删除项目依赖项的过程。我将尝试对三种流行的包管理器进行深入比较:pnpm、npm 和yarn,解释它们的内部工作原理、主要功能以及对开发人员的实际影响。

首先,我们应该知道这个包管理器具有相同的功能,但它们有不同的实现方式。我们将会关注它们。

npm(节点包管理器)

首先我们来谈谈 NPM(Node Package Manager),这个包管理器是 Node.js 的默认包管理器,它是一个运行时环境,可以在浏览器之外的服务器端执行 JavaScript 代码。你们可能都知道 npm,因为几乎所有初学者和学习者在开始时都了解过 npm。此外,NPM 还可以通过 package.json 文件中定义的自定义脚本实现运行测试、构建项目或部署代码等任务的自动化。它是 JavaScript 生态系统中的重要工具,特别是对于 Node.js 开发而言,可以更轻松地管理和共享可重用代码。

npm 的工作原理:

  1. 依赖解析:
- npm reads the `package.json` file to determine project dependencies.

- It constructs a dependency graph, resolving version conflicts using a deterministic algorithm.
登录后复制
  1. 安装
- npm installs packages in a nested structure within the `node_modules` folder.

- Example structure:
登录后复制
    ```
    Copy
    ```
登录后复制
登录后复制
    `node_modules/ ├── package-a/ │ └── node_modules/ │ └── package-b/ └── package-c/`
登录后复制
  1. 扁平结构:
- npm v3+ attempts to flatten the dependency tree to reduce duplication.

- This can lead to "dependency hell" where different versions of the same package are required.
登录后复制
  1. 包锁:
- Uses `package-lock.json` to ensure consistent installs across environments.

- Contains the exact version of each package in the dependency tree.
登录后复制
  1. 脚本
- Allows defining custom scripts in `package.json`.

- Example:
登录后复制
    ```
    json
    ```
登录后复制
登录后复制
    Copy

    `"scripts": { "start": "node server.js", "test": "jest" }`
登录后复制

优点

  • 最大的软件包生态系统,拥有超过 150 万个软件包

  • 内置 Node.js

  • 广泛的文档和社区支持

缺点

  • 与yarn和pnpm相比安装速度较慢

  • 可能会导致大型 node_modules 文件夹(有时被戏称为“node_modules 黑洞”)

  • 潜在的依赖冲突

Yarn 是 JavaScript 的包管理器,由 Facebook 与其他公司合作开发,作为 NPM 的替代品。它旨在提高 JavaScript 项目中依赖管理的速度、可靠性和安全性。 Yarn 通过使用缓存在本地存储下载的包来增强性能,从而加快后续安装的速度。它还通过生成一个yarn.lock文件来确保跨环境的一致性,该文件锁定项目中使用的依赖项的确切版本,从而防止不同设置之间的差异。此外,Yarn 还提供更好的离线支持、更具可预测性和确定性的安装,并通过验证下载包的完整性来提高安全性。这些功能使 Yarn 成为管理项目依赖项的流行选择,特别是在更大或更复杂的 JavaScript 项目中。

纱线的工作原理:

  1. 依赖解析:
- Like npm, yarn uses `package.json` for dependency information.

- Implements a more sophisticated resolution algorithm to handle complex dependency graphs.
登录后复制
  1. 并行安装:
- Installs packages in parallel, significantly improving speed.

- Uses a global cache to store downloaded packages, reducing network usage.
登录后复制
  1. 离线模式
- Caches packages for offline use.

- Can install dependencies without an internet connection if they're in the cache.
登录后复制
  1. 确定性安装
- Uses `yarn.lock` for consistent installations across different machines.

- Ensures that the same dependencies are installed regardless of install order.
登录后复制
  1. 工作空间
- Supports monorepo structures with workspaces.

- Example `package.json` for a workspace:
登录后复制
    ```
    json
    ```
登录后复制
登录后复制
    Copy

    `{ "private": true, "workspaces": ["packages/*"] }`
登录后复制

优点

  • 比 npm 更快,特别是对于大型项目

  • 可靠且一致的安装

  • 增强的安全功能(校验和验证)

缺点

  • 仍然创建大型 Node_modules 文件夹

  • 某些功能需要使用特定于 Yarn 的命令

PNPM

pnpm 是一个快速、节省磁盘空间的 JavaScript 包管理器,是 NPM 和 Yarn 的替代品。它旨在通过在计算机上创建单个包存储来提高性能并节省磁盘空间,而不是在多个项目之间复制依赖项。当您使用 pnpm 安装软件包时,它会创建到共享存储的硬链接,从而使安装过程更快并减少总体磁盘空间使用。

pnpm also ensures that dependencies are strictly isolated, which can prevent potential conflicts and issues in your projects. This strictness helps maintain consistency and reliability, particularly in complex projects with many dependencies. Additionally, pnpm supports features like workspaces, allowing you to manage multiple related projects within a single repository. Its efficiency and focus on performance make pnpm an attractive choice for developers looking to optimize their development workflow.

How pnpm works:

  1. Content-Addressable Storage:
- Stores all packages in a global store, typically located in `~/.pnpm-store`.

- Each project links to this store instead of having its own copy of packages.
登录后复制
  1. Symlinks:
- Uses symlinks to create a nested `node_modules` structure.

- Example structure:
登录后复制
    ```
    Copy
    ```
登录后复制
登录后复制
    `node_modules/ ├── .pnpm/ │ ├── package-a@1.0.0/ │ └── package-b@2.0.0/ ├── package-a -> .pnpm/package-a@1.0.0/node_modules/package-a └── package-b -> .pnpm/package-b@2.0.0/node_modules/package-b`
登录后复制
  1. Efficient Storage:
- Only one copy of a module version is saved on disk, regardless of how many projects use it.

- This can save gigabytes of disk space for large projects or multiple projects on the same machine.
登录后复制
  1. Strict Mode:
- Prevents packages from accessing arbitrary packages in the `node_modules` folder.

- Ensures that only declared dependencies are accessible, improving security and preventing "phantom dependencies".
登录后复制
  1. Monorepo Support:
- Native support for monorepos without additional tools.

- Example `pnpm-workspace.yaml`:
登录后复制
    ```
    yaml
    ```
登录后复制
    Copy

    `packages: - 'packages/*'`
登录后复制

Pros:

  • Dramatically saves disk space

  • Fast installation and updates

  • Ensures package isolation and prevents phantom dependencies

  • Built-in monorepo support

Cons:

  • Less widely adopted compared to npm and yarn

  • May have compatibility issues with some tools expecting a traditional node_modules structure

  • Learning curve for developers used to npm or yarn

Comparison Summary

  1. Installation Speed:
- pnpm > yarn > npm

- pnpm and yarn are significantly faster than npm, especially for larger projects.
登录后复制
  1. Disk Space Usage:
- pnpm > yarn ≈ npm

- pnpm can save up to 80% disk space compared to npm for projects with many dependencies.
登录后复制
  1. Ecosystem & Adoption:
- npm > yarn > pnpm

- npm has the largest ecosystem, but yarn and pnpm are gaining popularity.
登录后复制
  1. Dependency Resolution:
- All three use similar algorithms, but pnpm's approach is unique and more efficient.
登录后复制
  1. Lock File:
- All use lock files for consistency (`package-lock.json`, `yarn.lock`, `pnpm-lock.yaml`)

- Lock files ensure reproducible builds across different environments.
登录后复制
  1. Monorepo Support:
- pnpm > yarn > npm

- pnpm and yarn have built-in support for monorepos, while npm requires additional tools.
登录后复制
  1. Security:
- pnpm > yarn > npm

- pnpm's strict mode and yarn's checksum verification provide additional security layers.
登录后复制

Practical Implications

  1. Project Onboarding:
- npm is often the easiest for new developers due to its ubiquity.

- pnpm and yarn may require additional setup but can significantly improve project efficiency.
登录后复制
  1. CI/CD Performance:
- pnpm and yarn can dramatically reduce build times in CI/CD pipelines due to their faster installation and caching mechanisms.
登录后复制
  1. Disk Space in Docker:
- Using pnpm can significantly reduce Docker image sizes for Node.js applications.
登录后复制
  1. Large-Scale Development:
- For large projects or organizations working on multiple projects, pnpm's space-saving feature can be a game-changer.
登录后复制
  1. Monorepo Management:
- pnpm and yarn are better suited for managing monorepos without additional tools.<br>
登录后复制




My Take

While a lot of you uses npm and yarn. Me and a lot of developers is moving to pnpm. The main reason is not only that its fast, but it also does not eat a lot of your storage. For me, that is the very main thing why I started using pnpm. If you think different than I am, please comment down bellow. Let me know what you guys think.

以上是了解包管理器:pnpm、npm、yarn的详细内容。更多信息请关注PHP中文网其他相关文章!

来源:dev.to
本站声明
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系admin@php.cn
热门教程
更多>
最新下载
更多>
网站特效
网站源码
网站素材
前端模板