Apart from yarn caching functionality/speed does yarn have any compelling advantage over npm? Is it more secure?
My frontend team largely tells me that yarn is out. It solved some problems that npm didnāt, but now has also solved.
They both pull from the same registries and store a lock file, so Iām not sure one would be more secure than the other?
You may be interested in the following blog article
Both are fine nowadays, but itās a good idea for a team to pick one and be consistent.
That being said, yarn plays nicer in some environments, such as in an Emacs shell.
Yarn is faster. Works fine.
Yarn
, because I canāt figure out with npm
how to set a custom path for node_modules
folder.
Be careful, NPMās default lock file behavior is more like a lock made out of putty. Meaning, running npm install
may install different versions and change the lock file.
I think the ārightā way of doing it is always using npm ci
I wouldnāt have even have realized you need to run that sub-command āciā in order for npm to respect the lockfile - strange that it isnāt the default behavior???