Simple and speedy package manager
Simple: Cotton works with web applications, including those built with React, Next.js, Vite, TypeScript, ESLint, and more.
Speedy: With a fast network, cotton install runs faster than rm -rf node_modules.
Trouble free: Ever run into errors when you forget to run yarn? No more. With Cotton, node_modules would never get out of sync.
Quickstart for Netlify • Cloudflare Pages
| Tool | With lockfile and cache |
|---|---|
| Cotton | 0.270s |
| Bun 1.2 | 0.536s |
| pnpm 9.15.4 | 2.015s |
| Yarn 1.22.22 | 2.633s |
| npm 10.8.2 | 4.031s |
Installing packages used by create-react-app:
| Tool | Initial install | With lockfile only | With lockfile and cache |
|---|---|---|---|
| Cotton | 4.0s | 1.8s | 0.3s |
| pnpm | 24.3s | 17.9s | 5.5s |
| Yarn | 31.9s | 27.0s | 10.6s |
| npm | 35.4s | 21.3s | 13.0s |
See benchmark for more information.
cargo install --locked --git https://github.com/danielhuang/cotton
Download and install the compiled binary:
sudo curl -f#SL --compressed --tlsv1.2 https://api.cirrus-ci.com/v1/artifact/github/danielhuang/cotton/Build/binaries/target/x86_64-unknown-linux-gnu/release/cotton -o /usr/local/bin/cotton
sudo chmod +x /usr/local/bin/cotton
cotton install
This will install packages to node_modules and save cotton.lock if needed.
To run the start script:
cotton run start
To automatically restart the script when package.json changes:
cotton run start --watch package.json
Unlike other package managers, Cotton does not require installing packages before running scripts. Missing packages will be installed on-demand automatically.
cotton update
This will load the latest available versions of dependencies (including transitive dependencies) and save registry information to cotton.lock. Specified versions in package.json are not modified.
If dependencies require install scripts (such as puppeteer or electron) to function, add this to cotton.toml:
allow_install_scripts = trueIn order to use Cotton, you have 2 options:
- Commit the binary to the repository, working similarly to committing Yarn 2+ (recommended)
- Download Cotton on-demand as part of the build process
If the binary is committed to the repository, use ./cotton instead of cotton.
First, modify the configuration in netlify.toml, and add these lines:
[build.environment]
NPM_FLAGS="--version"Make sure yarn.lock is not present.
Add a command to remove node_modules from the build directory after the build finishes. Since Netlify stores its cache using tar, caching and extracting node_modules would be slower than reinstalling using Cotton.
For example, if the build command was
cotton run buildAdd another command to the end:
cotton run build && mv node_modules _node_modulesThis would disable Netlify's cache.
Set the environment variable NPM_FLAGS to --version. Make sure that there is no yarn.lock in the repository.
- Cotton does not currently support Git repositories or local paths as dependencies; only registries and direct urls are supported.