I came across the following statement:
“Yarn uses checksums to verify the integrity of every installed package before its code is executed.”
I am not able to find details however on how this actually works.
As a test, I have modified the integrity fields in yarn.lock to random values and yarn seems not to be performing any checks on them.
Does that mean that it’s pulling those values from the npm repository every time automatically?