Packages are pieces of code that you can share and reuse like basic components, libraries or frameworks. These packages are versioned and installed based on semantic versioning, your applications can use these packages as dependencies, and each package may or may not depend on other packages.
Package managers are tools that help you manage packages as dependencies and might also provide a global package registry. They work based on manifest files that keep track application metadata and needed dependencies, lock files to offer deterministic installs.
In the Node ecosystem, dependencies get placed within a
node_modules directory in your project. The install process starts with resolving dependencies by making requests to the registry and recursively looking up each dependency, then fetching the package tarballs if needed, and finally linking everything together.
pnpm uses hard links and symlinks to save one version of a module only ever once on a disk. When using npm or Yarn for example, if you have 100 projects using the same version of lodash, you will have 100 copies of lodash on disk. With pnpm, lodash will be saved in a single place on the disk and a hard link will put it into the node_modules where it should be installed.
bower.json and puts installed packages in
bower_components folder. It was created at the time npm only supported node packages, now fading away when both npm and yarn can support both node and browser packages with little help from module bundlers like Webpack or Browserify.
Those package managers may have different set of features but commonly the are created to solve following problems:
Support for symbolic links means that workspaces will be trivial to implement,
pnpm have great support for workspaces.
npm v7 will have at least the workspaces feature support of
yarn, and will set the stage for more advanced workspaces features in v8.
Most package managers follow semantic versioning scheme which has
major includes incompatible breaking changes,
minor includes backwards compatible new features,
patch includes backwards compatible bug fix) format, version numbers and the way they change convey meaning about the underlying code and what has been modified from one version to the next.
Package managers also understand semver ranges indicate the currently acceptable version(s) of the package(s) a developer is depending upon in their project, today and in the future.
In terms of choosing one over the other,
yarn is famous for its resolution speed but
npm has caught up recently and almost very identical to
yarn, you can use either one of them with very little difference;
bower is fading away while
nnpm is trying hard to gain market share.