[jcolella]

The addition of vulnerability scanning was the only reason our company switched back to npm from yarn. Other than that, yarn offers a great experience

[symlinkk]

Yarn has this too (although it uses the NPM audit database): `yarn audit`.

[coolreader18]

Oh, I didn't know that! Here's some resources about it if you haven't heard of it either:

documentation; https://yarnpkg.com/lang/en/docs/cli/audit/

original feature issue: https://github.com/yarnpkg/yarn/issues/5808

release comment in that issue: https://github.com/yarnpkg/yarn/issues/5808#issuecomment-441...