Default yarn.lock registry?

[rightaway]

I'm on yarn 1.9.4. I did a yarn install and found that each item refers to registry.yarnpkg.com. Earlier it used to refer to registry.npmjs.org. Did the default change?

I haven't changed anything in my .yarnrc and yarn config list shows registry: 'https://registry.yarnpkg.com', so I just want to check that the setting isn't getting overridden somewhere and that registry.yarnpkg.com is in fact the correct registry that should appear for new yarn.lock files.

[arcanis]

Likely a duplicate of #6436 (but it should happen with 1.10+, not 1.9.4, so that's curious).

Short story: in some circumstances Yarn 1.10+ <1.12 needs to make requests to the npm registry to update the metadata for some packages. When it happens, it also updates the resolved field with the latest resolution (including the hostname currently in use, regardless of what it was when you originally created the lockfile).

We also have #5892 to remove the hostname from the lockfiles, but it's tricky because of some unsound registries like npm enterprise that use custom paths for their tarballs ...