Is it safe to run npm cache clean --force?

Yes. The npm cache at ~/.npm is purely a download cache — every package re-downloads from the registry on the next install. The --force flag is required only because npm wants you to be sure; it does not make the operation more dangerous.

Can I delete node_modules folders?

Yes, for any project you are not actively working on. node_modules is fully regenerated by npm install / yarn / pnpm install from the lockfile. The only cost is reinstall time when you return to the project.

Why is pnpm's store so big?

pnpm keeps one global content-addressable store (~/Library/pnpm/store) and hard-links packages into projects. The store keeps every version ever installed until you run pnpm store prune, which removes packages no longer referenced by any project.

How to Clean npm, Yarn & pnpm Caches on macOS (+ old node_modules)

Where the caches live

Tool	Cache location	Typical size	Clean command
npm	`~/.npm`	2–10 GB	`npm cache clean --force`
Yarn (classic)	`~/Library/Caches/Yarn`	1–8 GB	`yarn cache clean`
Yarn (berry)	`~/.yarn/berry/cache`	1–6 GB	`yarn cache clean --all`
pnpm	`~/Library/pnpm/store`	2–15 GB	`pnpm store prune`
Bun	`~/.bun/install/cache`	0.5–3 GB	`bun pm cache rm`
npx	`~/.npm/_npx`	0.5–2 GB	cleared with the npm cache

All of these are download caches SAFE — packages come back from the registry on the next install. Check what you're sitting on first:

du -sh ~/.npm ~/Library/Caches/Yarn ~/Library/pnpm/store 2>/dev/null

The real disk killer: forgotten node_modules

Caches are bounded; node_modules folders are not. Every tutorial you followed in 2024 left a 300 MB–1 GB folder behind. Find them all, sorted by last touch:

find ~/Projects -name node_modules -type d -prune -exec du -sh {} \; 2>/dev/null | sort -hr

Delete the ones from projects you're done with — npm install recreates them from the lockfile whenever you return. If you prefer an interactive tool, npkill lists and deletes them with arrow keys:

npx npkill

Rule of thumb: the lockfile (package-lock.json, yarn.lock, pnpm-lock.yaml) is the project. node_modules is just its cached expansion.

Don't forget the adjacent caches

Node version managers — old Node versions in ~/.nvm/versions (or ~/Library/pnpm/nodejs, asdf): each is ~100–200 MB. nvm ls, then nvm uninstall <version>.
Build tool caches — node_modules/.cache (webpack, babel, vite) goes with node_modules; Turborepo keeps ~/Library/Caches/turborepo.
Electron & playwright binaries — ~/Library/Caches/electron, ~/Library/Caches/ms-playwright. Safe; they re-download per version on demand.

Clean all of it in one click

DevCleaner (free, menu bar) scans npm, Yarn and pnpm caches alongside 19 other toolchains — Xcode, Gradle, Homebrew, pip, Cargo and more — rates every category Safe / Warning / Danger and shows exactly how much each will free before you click. An optional auto-clean rule with an age filter keeps the caches from creeping back.

Download DevCleaner — free ↓

free · no account · 4 MB · macOS 14+

FAQ

Is npm cache clean --force safe?: Yes — ~/.npm is purely a download cache. The --force is npm being ceremonial, not a danger sign. npm cache verify is the gentler option that only garbage-collects corrupt entries.
Will deleting node_modules break my project?: No, as long as the lockfile is committed. The next npm install / pnpm install rebuilds it identically. You only lose the time the reinstall takes.
Why does pnpm's store keep growing?: It keeps every package version ever installed by any project until you run pnpm store prune, which drops the ones no project references anymore.