Yarn is Micro Secure
A few weeks ago, Facebook announced the open-source release of Yarn: a new client for the npm registry. While a few folks expressed concern, it appears to be a solid example of open-source development. Facebook, Google, Exponent and Tilde had similar challenges in using the default npm client. Instead of each trying to work on something themselves, they got together and iterated on top of npm. The result is an alternative client that offers some notable improvements without losing the power of the underlying npm registry.
Yarn markets itself as “ultra fast”, “super reliable”, and “mega secure”. While it’s true that Yarn is often much faster, and that the new lockfile ensures more consistency when your application is installed, the security claims are a little over-optimistic.
via DZone.com Feed https://dzone.com
November 10, 2016 at 01:39PM