Skip to main content


The English translation was done by AI.

Package Management Tools

  • npm1/npm2
  • npm3/yarn
  • pnpm


Uses a nested tree structure, resulting in duplicate installations of dependencies.


Flattens (hoists) the dependencies and places them in the root directory. However, this introduces security issues as the flattened structure allows accessing undeclared packages. For example, if A depends on B and B depends on C, flattening the dependencies allows A to also access C (ghost package). There is also uncertainty, such as when A depends on C1.0 and B depends on C2.0, resulting in both A and B being potentially hoisted to the root node, depending on the order of A and B in package.json.


  • Fast
  • Allows reusing the same packages through hard links across different projects
  • Supports monorepo
  • .pnpm store hardlink

Code Maintainability

  • Analyzability/Readability
    • Enables quick identification of issues in production
    • Code review
    • Reduces human factors and enhances tool intervention (various linters)
    • Source-map positioning
  • Changeability/Extensibility
  • Stability
    • Avoids introducing bugs through code changes
    • Core business code test coverage