Y
Hacker News
new
|
ask
|
show
|
jobs
by
littlecranky67
77 days ago
Exactly. Yarn uses a yarn.lock file with the sha256 hashes of each npm package it downloads from the repo (they are .tgz files). If the hash won't match, install fails. No need to commit the dependencies into your git.