Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
yarn.lock's differences from npm-shrinkwrap.json aren't clear #509
This thread and the SO link above by @johntron both dead-end when ppl ask how npm shrinkwrap is less reliable than yarn. I prefer to use 'native' tools whenever possible, so if this is a case of a community solution that was better but has now pushed npm to improve shrinkwrapping to the point that the later is now sufficient, i'd love to know. from my own experience, I have yet to encounter a case where shinkwrapping didn't sufficiently lock down dependencies but with so much attention paid to Yarn lately, I assumed that there are some cases where shinkwrapping could fail. Yarn continues to have advantages in performance, but honestly, i mostly just care that my deps are correct... not as concerned about shaving seconds off deployment times.