Overview Devark automatically detects your package manager and uses it to install dependencies. It supports:
npm - Node Package Manager (default)pnpm - Fast, disk-efficient package manageryarn - Fast, reliable, and secure dependency managementbun - All-in-one JavaScript runtime and toolkit
You never need to manually specify your package manager. Devark figures it out automatically by checking for lock files or environment variables.
Auto-Detection Logic Devark uses a two-phase detection strategy:
1. Lock File Detection Devark first checks for lock files in your project directory:
src/utils/packageManager.js
export function detectPackageManager ( targetPath ) { const lockFiles = { pnpm: [ "pnpm-lock.yaml" ], yarn: [ "yarn.lock" ], npm: [ "package-lock.json" ], bun: [ "bun.lock" , "bun.lockb" ], }; for ( const [ manager , files ] of Object . entries ( lockFiles )) { if ( files . some (( file ) => fs . existsSync ( path . join ( targetPath , file )))) { return manager ; } } return null ; }
Detection order:
Check for pnpm-lock.yaml → return pnpm
Check for yarn.lock → return yarn
Check for package-lock.json → return npm
Check for bun.lock or bun.lockb → return bun
If none found → return null
The order prioritizes specificity:
pnpm and yarn have unique lock files
npm is checked before bun as it’s more common
bun can coexist with other lock files, so it’s checked last
If multiple lock files exist (not recommended), the first match wins. 2. Command Detection (Fallback) If no lock file is found, Devark checks the npm_config_user_agent environment variable:
src/utils/packageManager.js
export function detectByCommand () { const ua = process . env . npm_config_user_agent || "" ; if ( ua . startsWith ( "yarn" )) return "yarn" ; if ( ua . startsWith ( "pnpm" )) return "pnpm" ; if ( ua . startsWith ( "bun" )) return "bun" ; if ( ua . startsWith ( "npm" )) return "npm" ; return "bun" ; // Default fallback }
The npm_config_user_agent variable is automatically set by package managers when running scripts. For example:
yarn/1.22.19 npm/? node/v18.0.0pnpm/8.6.0 npm/? node/v18.0.0 Detection in Action When you install a module, you’ll see detection messages:
pnpm detected
No detection (manual fallback)
$ devark add google-oauth ℹ Installing Google OAuth module... ✓ pnpm detected ? Which version do you want to add for this module?
Lock File Behavior Each package manager creates specific lock files:
my-project/ ├── package.json └── package-lock.json # Generated by npm
Created when:
Running npm install
Installing packages with npm install <package>
Purpose:
Locks exact versions of all dependencies
Ensures reproducible installs
Speeds up subsequent installs
my-project/ ├── package.json └── pnpm-lock.yaml # Generated by pnpm
Benefits:
Content-addressable storage (saves disk space)
Faster than npm
Strict dependency resolution
Automatic workspace support
my-project/ ├── package.json └── yarn.lock # Generated by yarn
Features:
Deterministic installs
Offline caching
Parallel installation
Better for monorepos
my-project/ ├── package.json └── bun.lockb # Binary lock file
Advantages:
Binary format (faster to read)
Native Git-friendly format
Extreme speed
Built-in bundler and runtime
Never mix package managers in the same project. Having multiple lock files (e.g., both package-lock.json and yarn.lock) can cause:
Dependency version conflicts
Duplicated packages
Increased project size
Confusing team members
Choose one and commit only its lock file to version control. Installation Commands Devark uses the appropriate command for each package manager:
src/utils/packageManager.js
export function installDependencies ( targetPath , dependencies ) { const packageManager = detectPackageManager ( targetPath ); if ( ! packageManager ) { console . error ( " Could not detect package manager. Install manually:" ); console . log ( ` npm install ${ dependencies . join ( " " ) } ` ); return ; } const commands = { npm: `npm install ${ dependencies . join ( " " ) } ` , yarn: `yarn add ${ dependencies . join ( " " ) } ` , pnpm: `pnpm add ${ dependencies . join ( " " ) } ` , bun: `bun add ${ dependencies . join ( " " ) } ` , }; console . log ( ` Installing dependencies using ${ packageManager } ` ); execSync ( commands [ packageManager ], { cwd: targetPath , stdio: "inherit" }); }
Command Comparison Action npm yarn pnpm bun Install deps npm installyarnpnpm installbun installAdd package npm install pkgyarn add pkgpnpm add pkgbun add pkgAdd dev dep npm install -D pkgyarn add -D pkgpnpm add -D pkgbun add -d pkgRemove package npm uninstall pkgyarn remove pkgpnpm remove pkgbun remove pkgRun script npm run devyarn devpnpm devbun dev
Manual Override If detection fails, Devark provides fallback instructions:
Could not detect package manager. Install manually: npm install express passport passport-google-oauth20 express-session dotenv
You can then run the command with your preferred package manager:
npm install express passport passport-google-oauth20 express-session dotenv
pnpm add express passport passport-google-oauth20 express-session dotenv
yarn add express passport passport-google-oauth20 express-session dotenv
bun add express passport passport-google-oauth20 express-session dotenv
Best Practices for Teams
Document Your Choice Add to your README: ## Setup This project uses **pnpm** . Install dependencies: ```bash pnpm install
Do not use npm or yarn. </Card> <Card title="Enforce with Scripts" icon="lock"> Add a preinstall script to `package.json`: ```json { "scripts": { "preinstall": "npx only-allow pnpm" } }
This prevents team members from accidentally using the wrong package manager.
Commit Lock Files Always commit your lock file: node_modules/ # Do NOT ignore lock files: # package-lock.json # pnpm-lock.yaml # yarn.lock # bun.lockb
CI/CD Consistency Use the same package manager in CI: - uses : pnpm/action-setup@v2 with : version : 8 - run : pnpm install --frozen-lockfile - run : pnpm test
Choosing a Package Manager Best for:
Beginners
Maximum compatibility
Projects with strict auditing needs
Pros:
Built into Node.js
Largest ecosystem
Well-documented
Automatic security audits
Cons:
Slower than alternatives
Uses more disk space
No native workspace support (until v7)
Best for:
Large projects
Monorepos
Disk space efficiency
Teams wanting speed + strictness
Pros:
Saves massive disk space
2-3x faster than npm
Strict dependency resolution
Great workspace support
Cons:
Learning curve for symlink behavior
Some packages may have compatibility issues
Best for:
Monorepos
Offline development
Projects needing stability
Pros:
Deterministic installs
Excellent monorepo features
Offline cache
Plug’n’Play mode (Yarn 2+)
Cons:
Yarn 2+ (Berry) has breaking changes
Slower than pnpm
Classic Yarn is in maintenance mode
Best for:
Greenfield projects
Maximum speed
Modern JavaScript workflows
Pros:
Fastest package manager
Built-in bundler, test runner, runtime
Native TypeScript support
All-in-one toolkit
Cons:
Newest option (less mature)
Smaller ecosystem
May have compatibility issues with older packages
Speed Comparison Based on typical project installs:
Install time (cold cache): npm: 45s yarn: 35s pnpm: 20s bun: 12s Install time (warm cache): npm: 20s yarn: 15s pnpm: 8s bun: 3s Disk space (node_modules): npm: 250MB yarn: 250MB pnpm: 100MB (uses hardlinks) bun: 230MB
These are approximate values for a medium-sized Express project. Your mileage may vary.
Troubleshooting
Wrong package manager detected
This happens when you have multiple lock files: # Check for multiple lock files ls -la | grep lock # Remove unwanted lock files rm package-lock.json # If using yarn/pnpm rm yarn.lock # If using npm/pnpm rm pnpm-lock.yaml # If using npm/yarn
Then reinstall with your preferred manager.
'Could not detect package manager' error
If Devark can’t detect your package manager:
Initialize your project first:
Or create a lock file manually: # For pnpm touch pnpm-lock.yaml # For yarn touch yarn.lock # For npm npm install --package-lock-only
Then run Devark again:
Dependencies installed with wrong package manager
If someone on your team used the wrong package manager: # 1. Remove node_modules and wrong lock file rm -rf node_modules rm package-lock.json # or yarn.lock, pnpm-lock.yaml # 2. Install with correct package manager pnpm install # or npm/yarn/bun # 3. Commit the correct lock file git add pnpm-lock.yaml git commit -m "fix: use pnpm instead of npm"
Lock file conflicts in Git
When merging branches with lock file conflicts: # 1. Accept one version (usually main/master) git checkout --ours pnpm-lock.yaml # or git checkout --theirs pnpm-lock.yaml # 2. Regenerate lock file rm pnpm-lock.yaml pnpm install # 3. Commit resolved lock file git add pnpm-lock.yaml git commit
Source Code Reference Devark’s package manager detection is implemented in:
src/utils/packageManager.js:7-21 - detectPackageManager() functionsrc/utils/packageManager.js:79-86 - detectByCommand() fallbacksrc/utils/packageManager.js:24-43 - installDependencies() with command mappingsrc/utils/packageManager.js:58-76 - installDepsWithChoice() for runtime/dev deps
The detection logic runs every time you install a module, ensuring Devark always uses the correct package manager even if you switch mid-project (though this isn’t recommended).
Advanced: Workspaces If you’re using monorepos, each package manager has workspace support:
npm workspaces
pnpm workspaces
yarn workspaces
{ "name" : "my-monorepo" , "workspaces" : [ "packages/*" ] }
Devark will detect npm and install dependencies at the workspace root. packages : - 'packages/*' - 'apps/*'
pnpm has the best workspace support with strict dependency isolation. { "name" : "my-monorepo" , "private" : true , "workspaces" : { "packages" : [ "packages/*" ] } }
Yarn Classic and Yarn Berry both support workspaces with different approaches. Devark works seamlessly with workspaces. It will detect the package manager and install dependencies in the correct workspace package.
