Apart from yarn caching functionality/speed does yarn have any compelling advantage over npm? Is it more secure?
My frontend team largely tells me that yarn is out. It solved some problems that npm didn’t, but now has also solved.
They both pull from the same registries and store a lock file, so I’m not sure one would be more secure than the other?
You may be interested in the following blog article
Both are fine nowadays, but it’s a good idea for a team to pick one and be consistent.
That being said, yarn plays nicer in some environments, such as in an Emacs shell.
Yarn is faster. Works fine.
Yarn, because I can’t figure out with
npm how to set a custom path for
Be careful, NPM’s default lock file behavior is more like a lock made out of putty. Meaning, running
npm install may install different versions and change the lock file.
I think the “right” way of doing it is always using
I wouldn’t have even have realized you need to run that sub-command ‘ci’ in order for npm to respect the lockfile - strange that it isn’t the default behavior???