Difference between npx, npm ,yarn, pnpm and bun

Aug 9, 2025

Cowrie

Dev @ Bswen

1. Purpose

This post aims to introduce the javascript(nodejs) tools npx, npm , yarn, pnpm and bun. I’ll explain their usage and key differences.

2. Environment

My environment:

• macos System 15, apple silicon

3. What is the difference between the npx, npm , yarn, pnpm and bun ?

There are so many js tools when developing js applications, sometimes, we want to know the differences among them before executing them in our environment. I’ve done some research on this topic and drawn the following diagram to show there difference.

The js tools developement history: You can see that, the npm is the first official and inner package management tool to be used in the js world. And then comes the yarn, it solves the problem of the early version npm’s slow download speed. pnpm has an efficient storage design. bun is a new tool, it’s an all-in-one tool and can be used to replace npm, yarn, pnpm, especially for the package management job. And npx is a tool to execute js packages.

And the following is a diagram that shows the categorization of these js tools, you can see that npm, pnpm and yarn are all package management tools, which can help you to install or remove javascript application packages. While npx is a tool to execute js packages, and bun is an all-in-one tool, it can package , run or test js codes.

npm is official and is the default package management tool in the js world. If you do not know which tool to choose, you can just try npm at first.

But they all rely on the npm registry as follows:

What is npm registry?

The npm registry is a public, centralized repository that stores and distributes JavaScript packages (libraries, tools, frameworks, etc.) for the Node.js and web development ecosystem. It is the default package source for the npm package manager, and as mentioned earlier, it’s also the default for Yarn, pnpm, and Bun.

The official npm registry is https://registry.npmjs.org/.

4. npm

4.1 What is npm?

npm is the world’s largest software registry. Open source developers use npm to share and borrow packages, and many organizations use npm to manage private development as well.

npm consists of three distinct components:

• the website: https://www.npmjs.com
• the Command Line Interface (CLI): https://docs.npmjs.com/cli/v11/commands/npm
• the registry: https://registry.npmjs.org/

npm Use the website to discover packages, set up profiles, and manage other aspects of your npm experience. For example, you can set up organizations to manage access to public or private packages.

The CLI runs from a terminal, and is how most developers interact with npm. For example, you can install a package locally, or run a script from a package:

$ npm install express

The registry is a large public database of JavaScript software and the meta-information surrounding it.

What is public npm registry?

The Public NPM Registry is a vast code repository that serves as a crucial resource for Node.js developers. In this library, developers can share, discover, download, and use tens of thousands of code packages necessary for their development projects. These code packages are called “packages,” and each package is a complete, self-contained code module that includes all the necessary metadata, such as its name, version, and dependencies.

The Public NPM Registry is open source, which means anyone can submit their packages to this repository, and anyone can download and use these packages. This has created a platform for sharing and collaboration for Node.js developers worldwide, significantly improving development efficiency.

Example to understand public npm registry

To better understand the Public NPM Registry, let’s use a practical example. Suppose you are developing a Node.js project and need to use a package called lodash.

You would simply type npm install lodash in your command line to install it. During this process, NPM connects to the Public NPM Registry, locates the latest version of the lodash package, and then downloads and installs it into your project.

After it’s installed, you can reference the package in your code using require('lodash') and start using the functionalities it provides.

4.2 How to start use npm?

The latest release of npm is the most recent stable version. When you install Node.js, npm is automatically installed. However, npm is released more frequently than Node.js, so to install the latest stable version of npm, on the command line, run:

npm install npm@latest -g

5. npx

5.1 What is npx?

npx is a package runner tool that comes with npm 5.2+. It allows you to execute npm packages(specifically, to run executables in node_modules/bin/)) without installing them globally.

It’s just a high-level tool in npm cli ecosystem:

It’s a great tool for developers who want to quickly try out a new package or tool without having to install it globally. It’s also useful for developers who want to run scripts from a package without having to install the package globally.

When npx runs, it checks if the corresponding dependency is installed in the local project. If not, it will automatically download and install it, then run the command. If the dependency already exists locally, it will run the command directly. Just as the following diagram shows:

npx acts as an npm package executor. It enhances the experience of using packages from the npm registry by making it easy to run CLI tools and other executables without a formal installation.

Caution

When you run a command with npx, it first checks if the package is already installed locally in your project. If it’s not, npx downloads the package to a temporary cache, executes the command, and then removes the downloaded package and its dependencies. This “run-and-remove” behavior keeps your project’s dependencies and global environment clean. You can use the --no-cleanup flag if you want to keep the downloaded package for some reason.

5.2 npx hello world example

You can run a script from a package without installing it globally by using npx:

$ npx <package-name> <command>

For example, if you want to use a js package named jest, you can install it as follows:

npm install -D jest

Then if you want to run the jest command, you should modify package.json, if you want to use it in command line, e.g. check its version, you must do as follows:

$ node-modules/.bin/jest --version

But if you want to run the jest command without installing it globally, you can use npx:

$ npx jest --version

5.3 How to install npx?

If you have npm installed, because npx is built upon npm, you can install npx by running the following command:

npm install -g npx

5.4 Compare npx with npm

The old way to install and execute js package:

npm install -g create-react-app
create-react-app my-app

The new way to do the same job:

npx create-react-app my-app

The main difference between the two methods is that the old way requires you to install the package globally, while the new way uses npx, which downloads and executes the package temporarily, it will remove the downloaded package after execution. Keep your disk clean and tidy.

5.5 npx options

• --no-install: This flag forces npx to only use a locally installed package and will throw an error if the package isn’t found. It prevents npx from downloading and executing a remote package.

$ npx --no-install jest

Alternatively, if you want to ignore a locally installed package with the same name and force npx to download and use the remote version, you can use the --ignore-existing flag. For instance, if you have create-react-app installed globally but want to use the latest remote version, you would use this parameter.

$ npx --ignore-existing create-react-app my-app

• --package: The --package or -p flag is used to specify which package npx should install and execute, allowing you to run a specific version.

$ npx -p [email protected] node -v

5.6 npx vs npm exec

When run via the npx binary, all flags and options must be set prior to any positional arguments. When run via npm exec, a double-hyphen -- flag can be used to suppress npm’s parsing of switches and options that should be sent to the executed command.

For example:

$ npx foo@latest bar --package=@npmcli/foo

In this case, npm will resolve the foo package name, and run the following command:

$ foo bar --package=@npmcli/foo

Since the --package option comes after the positional arguments, it is treated as an argument to the executed command.

In contrast, due to npm’s argument parsing logic, running this command is different:

$ npm exec foo@latest bar --package=@npmcli/foo

In this case, npm will parse the --package option first, resolving the @npmcli/foo package. Then, it will execute the following command in that context:

$ foo@latest bar

The double-hyphen character is recommended to explicitly tell npm to stop parsing command line options and switches. The following command would thus be equivalent to the npx command above:

$ npm exec -- foo@latest bar --package=@npmcli/foo

5.7 npx main features summarized

Major Features of npx:

1. Temporary Installation: It installs executable dependencies temporarily, so you don’t have to install them globally. This prevents long-term pollution of your global environment.
2. Automatic Execution: After installation, it automatically runs the commands from the dependency package.
3. Path Resolution: It automatically finds executables in the node_modules folder, so you don’t need to manually specify the $PATH.
4. Version Management: You can specify the exact Node.js or command version to use, which solves the problem of different projects requiring different command versions.

6. yarn

6.1 What is yarn?

Yarn is a package manager for JavaScript and Node.js. It is designed to be more efficient than npm (before npm 5.x versions). For large-scale projects, multi-package management scenarios, or teams pursuing installation speed and stability, Yarn remains a better choice; while npm, being built into Node.js, is suitable for rapid prototyping or simple projects.

Just remember, yarn is a better version of npm. It solves the following problems of earlier versions of npm:

• the non-determinism of npm installations at the time (npm didn’t have a lock file until version 5) by using a yarn.lock file.
• the low speed problem: yarn was also faster than npm due to its parallel installation mechanism, as opposed to npm’s sequential one. This also enabled an offline mode by fetching packages from a cache.
• the sematic problem: Yarn provided a cleaner command-line output and introduced more semantic commands like yarn add and yarn remove.

6.2 How to start use yarn?

You can install yarn by running the following command:

npm install -g yarn

6.3 yarn vs npm

Here is a comparison table between yarn and npm:

Description	Yarn	npm
Initialize package.json	yarn init (add -y to skip prompts)	npm init (add -y to skip prompts)
Install a dependency (default to dependencies)	yarn add packageName --save (short -S, or omit)	npm install packageName --save (short -S, or omit)
Install a dependency in devDependencies	yarn add packageName --dev (short -D)	npm install packageName --save-dev (short -D)
Install a dependency globally	yarn global add packageName	npm install packageName -g
Remove a dependency	yarn remove packageName	npm uninstall packageName
Remove a global dependency	yarn global remove packageName	npm uninstall packageName -g
Upgrade a dependency	yarn upgrade packageName (for global, add global after yarn)	npm update packageName (for global, add -g)
View dependency info	yarn info packageName	npm info packageName
View all configurations	yarn config list	npm config list or npm config ls -l
View a specific configuration	yarn config get configName	npm config get configName
View current registry	yarn config get registry	npm config get registry
List global dependencies	yarn global list --depth=0	npm list -g --depth=0
View global dependencies directory	yarn global bin or yarn global dir	npm prefix -g
View global cache directory	yarn cache dir	npm config get cache

Here is a summary of the differences between yarn and npm:

• Yarn’s installation output is clean and minimal, while npm lists a lot of additional package information, which can feel less intuitive.
• After installation, Yarn generates a yarn.lock file, which locks the versions of the installed dependencies. When others install, Yarn will directly read from the yarn.lock file, ensuring that the dependency versions are identical. npm introduced a similar mechanism starting from version 5.x.x, using a file called package-lock.json.

7. pnpm

7.1 What is pnpm?

pnpm, short for performant npm, is a high-performance Node.js package manager released by Zoltan Kochan in 2017. It is known for its fast speed and disk space efficiency.

Why should we need pnpm?

Speed, Efficiency, and Space Savings

pnpm is an alternative package manager for Node.js. It’s a direct replacement for npm that is faster and more efficient.

Why is it more efficient? When you install a package, pnpm saves it to a global store on your machine. Instead of copying the package, it creates a hard link to it. For every version of a module, only a single copy is saved to the disk.

For example, with npm or yarn, if you have 100 packages that all use lodash, you will have 100 copies of lodash on your disk. Pnpm helps you save gigabytes of disk space!

7.2 How to start use pnpm?

You can install pnpm by running the following command:

npm install -g pnpm

7.3 pnpm and yarn

pnpm has all the additional features that Yarn has over npm:

• Security: Just like Yarn, pnpm uses a special file that contains the checksums of all installed packages. This verifies their integrity before executing any code from the installed packages.
• Offline Mode: pnpm saves all downloaded package tarballs in a local registry mirror. It never sends a request for a package if it’s already available locally. You can use the --offline flag to completely disable all HTTP requests.
• Speed: pnpm is not only faster than npm, it’s also faster than Yarn. It outperforms Yarn with both cold and hot caches. This is because Yarn copies files from the cache, while pnpm simply links them from the global store.

7.4 pnpm vs npm or yarn

Whether you use npm or Yarn, installing dependencies generally involves downloading the dependency’s tar package to a local offline mirror, extracting it to a local cache, and finally copying it into the project’s node_modules directory.

If there are 100 projects, and all of them have the same dependency package, then each project’s node_modules will contain its own copy of that dependency.
This means the hard drive will store 100 identical copies of the same package.

Project1
└── node_modules
    ├── package-A
    │   └── node_modules
    │       └── [email protected]
    └── package-B
        └── node_modules
            └── [email protected]
Project2
└── node_modules
    ├── package-A
    │   └── node_modules
    │       └── [email protected]
    └── package-B
        └── node_modules
            └── [email protected]

You can see that the shared-package is stored in two different locations, it is not a good practice.

Ideally, if the dependency is identical, it should only be stored once, and all 100 projects should share that single copy.
pnpm achieves this through hard links.

When pnpm installs a dependency, the package is stored in a unified location which is called store, you can locate it using pnpm store path. For my mac, it is /Users/your_username/.pnpm-store/v3.Any project that uses this dependency will create a hard link to the corresponding location in the store.
In other words, all projects share the same dependency from the store via hard links.

hard link vs soft link(symbolic link)

A hard link is a direct pointer to the physical data on a disk, while a soft link (or symbolic link) is a pointer to a file path. They differ in how they reference a file and their behavior when the original file is moved or deleted.

Feature	Hard Link	Soft Link (Symbolic Link)
Pointers to	Data on disk (same inode)	File path (new inode)
Deletion of Original	Data remains until all links are removed.	Link breaks (dangles).
Cross-Filesystem	No	Yes
Directories	No	Yes
Behavior	All links are equal; no “original” link.	The link is a shortcut to the “original” file.

Here is the folder when you use pnpm to install a package named shared-package:

Project
└── node_modules
    └── [email protected] // this is a link point to .pnpm folder

And the .pnpm folder:

node_modules
├── f
└── .pnpm
       └── [email protected]
             └── node_modules
                   └── [email protected] -> <store>/[email protected] //this is a link point to the global store

Here is the store folder:

/Users/your_username/.pnpm-store/v3
└── [email protected]
    └── [email protected]

And for the command difference, here is a comparison table between pnpm, yarn and npm:

Action	npm	Yarn	pnpm
Install all dependencies	npm install	yarn	pnpm install
Install a dependency	npm install <pkg>	yarn add <pkg>	pnpm install <pkg> / pnpm add <pkg>
Remove a dependency	npm uninstall <pkg>	yarn remove <pkg>	pnpm remove <pkg> / pnpm uninstall <pkg>
Update a dependency	npm update <pkg>	yarn update <pkg>	pnpm update <pkg> / pnpm update <pkg>

And here is an official permformance comparison between npm, yarn and pnpm:

8. bun

8.1 What is bun?

Bun is a new all-in-one and high performance tool for Node.js, developed by the creator of Node.js, Ryan Dahl. It is designed to be faster, more secure, and more lightweight than npm and yarn.

Bun is an all-in-one toolkit for JavaScript and TypeScript applications, provided as a single executable named bun.

Bun integrated toolchains: combines runtime, package management (bun install), bundling (bun build), test runner (bun test), and script execution (bun run).

At its core is the Bun runtime — a fast JavaScript runtime designed to replace Node.js.

It is written in Zig and powered by JavaScriptCore, significantly reducing startup time and memory usage.

8.2 How to start use bun?

# Install bun
npm i bun -g

# Check the version
bun --version

# Upgrade bun
bun upgrade

# uninstall it
npm uninstall bun -g

8.3 bun commands

The Bun CLI also includes a test runner, a script runner, and a Node.js-compatible package manager — all of which are significantly faster than existing tools.
They can be used in existing Node.js projects with almost no changes required.

Command	Description
bun init	Initialize a Bun project
bun <file>	Run a file
bun run <script>	Run a script
bun build <file>	Bundle a file
bun test <file>	Test a file
bun link	Register the current package as a “linkable” package
bun install	Install all packages
bun add <pkg>	Install a package
bun remove <pkg>	Uninstall a package
bun update <pkg>	Update a package

8.4 bun vs npm or yarn

Here is a table to compare Bun, npm, Yarn, and pnpm:

Feature	Bun Command	npm Command	Yarn Command	pnpm Command	Speed Advantage
Install dependencies	bun install	npm install	yarn	pnpm install	⚡⚡⚡⚡⚡
Add production dependency	bun add	npm install	yarn add	pnpm add	⚡⚡⚡⚡⚡
Add development dependency	bun add -d	npm install -D	yarn add -D	pnpm add -D	⚡⚡⚡⚡⚡
Remove dependency	bun remove	npm uninstall	yarn remove	pnpm remove	⚡⚡⚡⚡⚡
Update dependency	bun update	npm update	yarn upgrade	pnpm update	⚡⚡⚡⚡
Global install	bun add -g	npm install -g	yarn global add	pnpm add -g	⚡⚡⚡⚡⚡

8.5 Why bun is faster than npm or yarn?

• On first installation, Bun generates an efficient binary lock file called bun.lockb.
• The node_modules structure is optimized using hard links and symbolic links like pnpm.
• Dependency resolution and downloading are parallelized, with a highly efficient caching mechanism like yarn

8.6 Warns about bun

If you consider using bun, you should be aware of the following points:

• Native modules (*.node): Support is still rapidly evolving; some complex native modules may have compatibility issues.
• Node.js API coverage: While compatibility is very high, some very niche or newly introduced Node.js APIs may not yet be fully implemented.
• Native Windows support: Actively under development; currently, the most stable experience is within WSL2.
• Ecosystem maturity: The core is very stable, but some Bun-specific plugins and tools are still evolving.

I recommend using it for test or new projects, if you have large and complex projects, do more tests on Bun before using it.

9. Conclusion

In this article, I introduced and compared js tools npm, yarn, pnpm, bun and npx in terms of there introduciont, features, architecture, and examples of usage. Here is the summary of them:

• npm is the most widely used package manager,it is official and inner tool for nodejs, it’s the biggest, but it is not the fastest.
• yarn is a better npm, it solves some problems of npm, and npm is absorbing some features of yarn, but it is not as popular as npm.
• pnpm is faster and more efficient than both npm and yarn, use it if you need faster speeds and more efficient disk space management.
• bun is the a high performance all-in-one js tool, it’s very attractive but it is still in rapid development, test it before using it.
• npx is a tool for running npm packages without installing them globally, it’s one of a high level command in npm cli ecosystem, use it if you need to run a package without installing it globally.

That’s it, thanks for your reading, hope it helps you. Tell me if you find some bugs or have any suggestions.

Final Words + More Resources

My intention with this article was to help others who might be considering solving such a problem. So I hope that’s been the case here. If you still have any questions, don’t hesitate to ask me by email: Email me

Here are also the most important links from this article along with some further resources that will help you in this scope:

• 👨‍💻 npx
• 👨‍💻 npm
• 👨‍💻 yarn
• 👨‍💻 pnpm
• 👨‍💻

Oh, and if you found these resources useful, don’t forget to support me by starring the repo on GitHub!

Tags:

• js
• tools

how to setup and test a `hello world` mcp server on my local host?