To Yarn and Back to Npm Again

I wonder if they ever tried `yarn --pure-lockfile` to avoid updating the lockfile unnecessarily?<p>&gt; We never observed install inconsistencies when using npm previously<p>Interesting, since NPM has had issues being deterministic since package-lock came to be, and this was one of the main reasons yarn was created.<p>The fact that yarn has a healthy community, actually accepts contributions, and encourages public discussion is a big pro for me (colored by personal experience).

&gt; Yarn often produces yarn.lock files that are invalid when you run add, remove, or update.<p>This has never happened to us with heavy daily usage. It&#x27;s one of the things that remains reliable about Yarn. Would appreciate more details on what exactly happened.

I&#x27;ve been enjoying pnpm as my node package manager for about a year now.<p>&lt;<a href="https:&#x2F;&#x2F;github.com&#x2F;pnpm&#x2F;pnpm&gt;" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;pnpm&#x2F;pnpm&gt;</a><p>It centrally downloads all of the modules and then &quot;symlinks&quot; them into your `node_modules` folder.<p>This is nice because one, it uses less disk space, two, if you&#x27;ve already downloaded a package at a particular version it links it out of the local repo.<p>Also uses shrinkwrap to handle package locking.

That&#x27;s why we love the JavaScript ecosystem so much: you have always got something to do!

Just the way npm handled my bug reports made me decide never use npm cli again.<p>The registry is something everyone has to use because npm has a monopoly. It&#x27;s not open source and is making money for a for profit company. I&#x27;m very disappointed to see Node.js is still shipping this anti-foss OSS with its executables :(

I&#x27;m not sure I like the new npm. It seems faster but it&#x27;s annoying to use it with how often it prompts you to update it and all the verbosity, annoying messages about peer dependencies, and now audits that you can&#x27;t really do anything about. There&#x27;s just so much noise now. Old version just worked and got out the way.

Yarn also has a useful feature `workspaces`. With npm have to use lerna for it

We&#x27;re using a boilerplate project from a year ago with Yarn&#x2F;React and it&#x27;s still behaving the same way. Of course we have some deprecation warnings, but is it really so bad to have this &quot;If it&#x27;s not broke, don&#x27;t fix it&quot; mentality?

I love npm, but there&#x27;s some bug that keeps looming. I have a git based dependency (basically a dependency that&#x27;s attached to <a href="https:&#x2F;&#x2F;user:password@gitlab.com&#x2F;xxxxxx#branch" rel="nofollow">https:&#x2F;&#x2F;user:password@gitlab.com&#x2F;xxxxxx#branch</a>)<p>I don&#x27;t know why, but any time I install something specific in this project:<p>npm i -D @types&#x2F;tacos<p>(for example)<p>The last line of npm says this: added 9 packages and removed 15 packages in 9.69s<p>Those 15 removed packages? Not dependency conflicts, no, thats the git dependency and all of its sub-dependencies.<p>So my workflow is now:<p>npm i --save &lt;whatever&gt;<p>npm i

In any other tech company, the employee would get booted asap for sharing toxic, hateful stuff.

&gt; We&#x27;ve published an open-source module called deyarn to help you convert your projects from Yarn to npm!<p>Would have been cool to call it &quot;untie&quot; or &quot;untangle&quot;

npm 6 still has weird caching bugs from previous versions when working with git dependencies. I&#x27;ll be sticking with yarn until that gets fixed.

Still getting data loss with npm 5 and 6: <a href="https:&#x2F;&#x2F;github.com&#x2F;npm&#x2F;npm&#x2F;issues&#x2F;17927#issuecomment-393033638" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;npm&#x2F;npm&#x2F;issues&#x2F;17927#issuecomment-3930336...</a>

can somebody tell me why the thumbnail of this page shows report data with probably private email data? (see og:image meta tag on that page)