Understanding npm, Yarn, and pnpm: Dependency Management, Flat Dependencies, and pnpm's Store Mechanism

Preface: The author investigated the mechanisms of pnpm and compared it with yarn and npm , exploring why pnpm is powerful.

npm2: Before npm 3.0, the node_modules directory formed a deeply nested structure, leading to excessively long paths, significant disk‑space waste due to duplicate dependencies, and slow installation speed.

Design flaws of the nested model: (1) Path‑length limits on Windows; (2) Redundant copies of shared packages waste storage; (3) Repeated downloading of the same packages slows down installs.

Yarn introduced a flat‑dependency strategy, installing most packages at the top‑level node_modules directory, which reduces directory depth and avoids many duplicate installations, but it cannot fully flatten when multiple versions of a package are required, leading to occasional nested node_modules folders.

Ghost dependencies: Because flattened dependencies expose transitive packages, code can require modules that are not declared in package.json , creating hidden risks if those transitive packages disappear in future updates.

Disk‑space waste persists when different versions of the same dependency are needed; only one version is hoisted, while the others remain duplicated.

pnpm solves these problems with a global store and symbolic‑link mechanism. All package versions are stored once under ~/.pnpm-store/v3/files . Projects link to these stored files via a three‑layer addressing system: project node_modules → .pnpm directory (soft links) → store files (hard links).

Hard links point directly to the same data blocks on disk, while soft links are small pointer files that reference the target path, enabling multiple projects on the same drive to share a single global store, dramatically reducing disk usage and speeding up installations.

Conclusion: npm2’s nested structure caused duplication, path‑length limits, and slow installs; npm3+/Yarn’s flat strategy reduced nesting but introduced ghost dependencies and some remaining waste; pnpm’s global store with hard/soft links eliminates duplication, avoids ghost dependencies, and provides fast, space‑efficient installations.