| ▲ | chrisweekly 2 hours ago | |
Yes, this. Regarding npm CLIENTS, PNPM is fundamentally different from (and superior to) npm or yarn. Strongest possible recommendation to use pnpm. It's also a good idea to use a private registry (eg via jfrog), acting as a proxy / pull-through cache, and point trad SAST and maybe AI scanners at it. But dropping the npm client in favor of pnpm is a no-brainer. Speed, disk space, security, determinism, flexibility, fine-grained control over your dependency graph... | ||