Package Managers: npm, yarn, pnpm, bun — Speed, Disk, Features


Introduction





JavaScript package managers have evolved significantly. npm is the default, yarn improved reliability, pnpm addressed disk space with content-addressable storage, and bun brings native-speed performance with a built-in runtime. Choosing the right one affects install times, disk usage, CI pipeline speed, and monorepo workflow efficiency.





npm





Node's built-in package manager, now at version 11:






# npm workspaces for monorepos


npm init -w packages/core -w packages/utils


npm install lodash -w packages/core


npm test -w packages/core




# Audit and fix vulnerabilities


npm audit


npm audit fix




# Package overview


npm ls --depth=0







**Strengths**: Always available with Node.js, largest ecosystem, `package-lock.json` is reliable, `npm audit` is built-in. Npm 11+ has improved performance significantly over older versions.





**Weaknesses**: Slower install times than alternatives, flat `node_modules` can cause dependency confusion, no built-in content deduplication across projects.





Yarn





Yarn v4 (Berry) introduced Plug'n'Play (PnP) and strict dependency resolution:






# Enable Plug'n'Play (no node_modules!)


yarn set version berry


yarn config set nodeLinker pnp




# Zero-install: commit .yarn/cache to git


yarn config set enableGlobalCache false




# Workspaces for monorepos


yarn workspace packages/core add lodash


yarn workspaces foreach run test








# .yarnrc.yml


nodeLinker: pnp


enableGlobalCache: true


compressionLevel: 9




# PnP removes the need for node_modules entirely


# Dependencies are stored as zip files in .yarn/cache


# This reduces install time to near-zero on clone







**Strengths**: PnP eliminates `node_modules`, zero-install dramatically speeds CI, workspace commands are powerful, strict mode prevents undeclared dependencies.





**Weaknesses**: PnP compatibility with some tooling, learning curve for migration, zip-based cache can slow some tooling.





pnpm





pnpm uses content-addressable storage to deduplicate across projects:






# Install pnpm


npm install -g pnpm




# Uses hard links to a global store


# Multiple projects sharing the same version use the same files on disk


pnpm install




# Strict mode: only declared dependencies are accessible


# Prevents importing undeclared packages




# Monorepo support


pnpm -r run test


pnpm --filter packages/core add lodash








# .npmrc


shamefully-hoist=false


strict-peer-dependencies=true


auto-install-peers=true




# Global store location


store-dir=~/.pnpm-store







**Disk usage comparison** (100 identical projects with React + lodash):





| Tool | Disk Usage | Install Time | Lockfile Sizes |


|------|-----------|-------------|----------------|


| npm | 5.2 GB | 45s | 120KB |


| Yarn (PnP) | 1.1 GB | 12s | 80KB |


| pnpm | 420 MB | 18s | 75KB |


| bun | 4.8 GB | 8s | 220KB |





bun





Bun is a JavaScript runtime, bundler, and package manager in one binary:






# Install dependencies at native speed


bun install




# Add a package


bun add zod




# Run scripts


bun run dev




# Remove


bun remove lodash




# Workspaces


bun install --workspaces








# bun.lock — binary lockfile (not human-readable)


# But bun also supports package.json workspaces




# Speed comparison (fresh install of 500 packages):


# npm: 45s


# yarn (classic): 38s


# pnpm: 22s


# bun: 6s







**Strengths**: Fastest install speeds, built-in test runner (`bun test`), built-in bundler, drop-in npm replacement for most projects, native TypeScript execution.





**Weaknesses**: Newer ecosystem (fewer edge cases tested), lockfile format is not human-readable, some npm features not yet implemented.





Comparison





| Feature | npm | Yarn (v4) | pnpm | bun |


|---------|-----|-----------|------|-----|


| Install speed | Moderate | Fast | Fast | Fastest |


| Disk usage | High | Low (PnP) | Lowest | High |


| Monorepo support | Workspaces | Workspaces | Filters | Workspaces |


| Lockfile | JSON | YAML | YAML | Binary |


| CI speed | Slow | Fast (zero-install) | Fast | Fastest |


| Strict deps | No | Yes (PnP) | Yes | No |


| Node.js required | Yes | Yes | Yes | No (built-in) |





Recommendations




* **Solo/team standard project**: pnpm offers the best balance of speed, disk efficiency, and strictness.

* **CI speed critical**: Yarn Berry with zero-install (committed cache) or bun for native speed.

* **Disk space constrained**: pnpm with content-addressable storage saves 80-90% disk.

* **Monorepo**: pnpm with filters or Yarn Berry with workspaces. Both excel here.

* **New project**: Consider bun if you want a single tool for runtime, package management, and bundling.




The trend is clear: pnpm for production projects, bun for performance-critical or new projects, Yarn Berry for teams committed to the PnP workflow, and npm when simplicity and zero-additional-tools is the priority.