With NPM’s recent acquisition of ^Lift Security and the Node Security Platform, as well as the release of their package-lock.json and the
npm ci command for reliable CI installations, it seemed like a compelling time to reavaluate the value proposition of Yarn. Plus, for some reason Yarn kept giving me 401s on our CI two weekends ago for some unknown reason, so it made me think about NPM for the first time in a long time, and I got curious what the state-of-the-world is.
Spoiler: I’m going to be trying out
npm for projects moving forward.