2 - you should always use a lockfile to handle dependencies to keep EXACTLY the same package versions (have you ever heard about The 12 Factor App?!?).
3 - yarn check is deprecated since Fev/2019 (github.com/yarnpkg/rfcs/pull/106). Actually, you shouldn't be using yarn v1 anymore.
5 - Yarn audit USES the npm's audit database (github.com/yarnpkg/yarn/blob/158d9...). yarn does this in a very ineffective way, by the way, if compared with npm way, cause the uses only the database and npm really checks for version, integrity and signing.
npm ALWAYS checks for integrity when installing packages. Ask apologies to your readers, update the post summing up the yarn install + yarn check --integrity times to have a more real case approach.
Budding web developer with a passion for creating intuitive and visually appealing websites using open source technologies. Always learning new open source frameworks and tools.
You CLEARLY don't know what you're talking about.
1 - it's VERY tendentious to promote YARN.
2 - you should always use a lockfile to handle dependencies to keep EXACTLY the same package versions (have you ever heard about The 12 Factor App?!?).
3 -
yarn checkis deprecated since Fev/2019 (github.com/yarnpkg/rfcs/pull/106). Actually, you shouldn't be using yarn v1 anymore.4 -
yarn checknever was implemented to be a security feature. It's a feature to verify if the installation was done successfully (github.com/yarnpkg/rfcs/pull/106#p...). This is how would it be in a secure way: docs.npmjs.com/about-registry-sign...5 - Yarn audit USES the npm's audit database (github.com/yarnpkg/yarn/blob/158d9...). yarn does this in a very ineffective way, by the way, if compared with npm way, cause the uses only the database and npm really checks for version, integrity and signing.
npm ALWAYS checks for integrity when installing packages. Ask apologies to your readers, update the post summing up the
yarn install+yarn check --integritytimes to have a more real case approach.And, please, RTFM before shitpostting.
Really Sorry My man, Just trying to do better.