We reflect on the relative merits of two approaches to package management in the server-side JavaScript ecosystem.
NPM
Installs thousands upon thousands of files due to each dependency requiring its own directory and at least two files.
Referenced versions are controlled by each project and specified in a single location within the project (package.json). Whenever a version of a package needs to be updated, it need only be updated in a single place per project.
Package.json provides a flexible means of specifying which version of a dependency are acceptable. This in theory allows for a large project tree to pull in a minimal number of versions of a given dependency. In practice, many versions of common dependency often exist in a single project tree.
NPM relies on centralized package registries. Virtually all public use goes through the version run by the company behind NPM, but there is support for running private registries.
NPM requires a separate install step and stores dependencies in a project local directory.
NPM provides a way to override the version of an included dependency in an installation local way (npm link).
Deno
Far fewer files need to be installed as each dependency can be as little as a single file.
Versions are embedded in the dependency's URL. A project the makes widespread use of a dependency must update the version in each referenced file whenever that dependency's version is updated.
There is no means to specify a range of acceptable versions when importing a dependency. This is simpler than the alternative, but does mean that the only mechanism to reduce the number of downloaded versions of a dependency is to synchronized on the version used through a project tree.
Packages can be distributed via any web accessible URL. There is no need for a centralized registry outside of providing a means to discover new packages.
Deno automatically installs any needed dependencies when running a Deno program. These dependencies are installed in a user specific global directory. Updates to dependencies require extra commands be run by the user.
Does Deno provide a way to override the version of a dependency used or all dependencies forced to use the version from the location specified in the import statement? At this point, we believe the latter to be true.
.
Also see Deno Versions