npm has eroded so much of my trust that I am hesitant to switch back to it (from yarn) any time soon.<p>I've tried npm out every few months (since npm 3), and have consistently run into infuriating bugs or unexpected behaviors.<p>Much of it has been fixed over time, but the frequency and duration of these issues is concerning—and, I think, points to architectural deficiencies being the root of the problem. For example:<p>* npm 5.0.0—5.7.0 didn't play nice with git-based dependencies (<a href="https://github.com/npm/npm/issues/17379" rel="nofollow">https://github.com/npm/npm/issues/17379</a>)<p>* npm 5.0.0—5.4.1 edits package-lock.json unexpectedly (<a href="https://github.com/npm/npm/issues/17979" rel="nofollow">https://github.com/npm/npm/issues/17979</a>)<p>* npm 5.0.0—5.4.? doesn't honor incompatible version differences in package.json compared to package-lock.json (<a href="https://github.com/npm/npm/issues/16866" rel="nofollow">https://github.com/npm/npm/issues/16866</a>)<p>* Take a look at the issues labeled as [big-bug], and how long they've languished: <a href="https://github.com/npm/npm/issues?q=is%3Aissue+is%3Aopen+sort%3Acomments-desc+label%3Abig-bug" rel="nofollow">https://github.com/npm/npm/issues?q=is%3Aissue+is%3Aopen+sor...</a><p>* and a bunch of others I can't remember off the top of my head; especially nondeterministic behavior in the v2 and v3 era.<p>---<p>Btw, I'm not trying to tear down npm contributors here; people have put in a monumental amount of work into the project, and the node ecosystem wouldn't be where it is without npm.