Introduction

JavaScript package managers have evolved significantly. npm is the default, yarn improved reliability, pnpm addressed disk space with content-addressable storage, and bun brings native-speed performance with a built-in runtime. Choosing the right one affects install times, disk usage, CI pipeline speed, and monorepo workflow efficiency.

Package Managers: npm, yarn, pnpm, bun — Speed, Disk, Features

npm

Node's built-in package manager, now at version 11:

npm workspaces for monorepos

npm init -w packages/core -w packages/utils

npm install lodash -w packages/core

npm test -w packages/core

Audit and fix vulnerabilities

npm audit

npm audit fix

Package overview

npm ls --depth=0

Strengths : Always available with Node.js, largest ecosystem, package-lock.json is reliable, npm audit is built-in. Npm 11+ has improved performance significantly over older versions.

Weaknesses : Slower install times than alternatives, flat node_modules can cause dependency confusion, no built-in content deduplication across projects.

Yarn

Yarn v4 (Berry) introduced Plug'n'Play (PnP) and strict dependency resolution:

Enable Plug'n'Play (no node_modules!)

yarn set version berry

yarn config set nodeLinker pnp

Zero-install: commit .yarn/cache to git

yarn config set enableGlobalCache false

Workspaces for monorepos

yarn workspace packages/core add lodash

yarn workspaces foreach run test

.yarnrc.yml

nodeLinker: pnp

enableGlobalCache: true

compressionLevel: 9

PnP removes the need for node_modules entirely

Dependencies are stored as zip files in .yarn/cache

This reduces install time to near-zero on clone

Strengths : PnP eliminates node_modules, zero-install dramatically speeds CI, workspace commands are powerful, strict mode prevents undeclared dependencies.

Weaknesses : PnP compatibility with some tooling, learning curve for migration, zip-based cache can slow some tooling.

pnpm

pnpm uses content-addressable storage to deduplicate across projects:

Install pnpm

npm install -g pnpm

Uses hard links to a global store

Multiple projects sharing the same version use the same files on disk

pnpm install

Strict mode: only declared dependencies are accessible

Prevents importing undeclared packages

Monorepo support

pnpm -r run test

pnpm --filter packages/core add lodash

.npmrc

shamefully-hoist=false

strict-peer-dependencies=true

auto-install-peers=true

Global store location

store-dir=~/.pnpm-store

Disk usage comparison (100 identical projects with React + lodash):

| Tool | Disk Usage | Install Time | Lockfile Sizes |

|------|-----------|-------------|----------------|

| npm | 5.2 GB | 45s | 120KB |

| Yarn (PnP) | 1.1 GB | 12s | 80KB |

| pnpm | 420 MB | 18s | 75KB |

| bun | 4.8 GB | 8s | 220KB |

bun

Bun is a JavaScript runtime, bundler, and package manager in one binary:

Install dependencies at native speed

bun install

Add a package

bun add zod

Run scripts

bun run dev

Remove

bun remove lodash

Workspaces

bun install --workspaces

bun.lock — binary lockfile (not human-readable)

But bun also supports package.json workspaces

Speed comparison (fresh install of 500 packages):

npm: 45s

yarn (classic): 38s

pnpm: 22s

bun: 6s

Strengths : Fastest install speeds, built-in test runner (bun test), built-in bundler, drop-in npm replacement for most projects, native TypeScript execution.

Weaknesses : Newer ecosystem (fewer edge cases tested), lockfile format is not human-readable, some npm features not yet implemented.

Comparison

| Feature | npm | Yarn (v4) | pnpm | bun |

|---------|-----|-----------|------|-----|

| Install speed | Moderate | Fast | Fast | Fastest |

| Disk usage | High | Low (PnP) | Lowest | High |

| Monorepo support | Workspaces | Workspaces | Filters | Workspaces |

| Lockfile | JSON | YAML | YAML | Binary |

| CI speed | Slow | Fast (zero-install) | Fast | Fastest |

| Strict deps | No | Yes (PnP) | Yes | No |

| Node.js required | Yes | Yes | Yes | No (built-in) |

Recommendations

  • Solo/team standard project : pnpm offers the best balance of speed, disk efficiency, and strictness.

  • CI speed critical : Yarn Berry with zero-install (committed cache) or bun for native speed.

  • Disk space constrained : pnpm with content-addressable storage saves 80-90% disk.

  • Monorepo : pnpm with filters or Yarn Berry with workspaces. Both excel here.

  • New project : Consider bun if you want a single tool for runtime, package management, and bundling.

The trend is clear: pnpm for production projects, bun for performance-critical or new projects, Yarn Berry for teams committed to the PnP workflow, and npm when simplicity and zero-additional-tools is the priority.