Reading a bit about it in Yarn vs npm - Best Package Manager 2021 - positronX.IO
I am pasting some quotes here so people can comment on each:
Yarn.lock File – the version numbers that are available in the package.json can at times get messy but the presence of the yarn.lock file allows getting rid of the mess. The very moment you add a set of the module, Yarn quickly updates a yarn.lock file, which is similar to the Gemfile.lock in Ruby.
Package Installation – on the second point of Yarn vs npm, when the installation of a package is going on npm tends to perform the essential steps sequentially which means that each of the packages will need to be installed fully before going on to the next. Yarn is capable of helping in multiple installations that can be done at the same time which brilliantly changes the speed.
This is something very similar that we can see in HTTP/2.
Speed – In a comparison of speed, Yarn is much quicker and faster than most of the npm versions which are below the 5.0 versions. The npm developers have mentioned that npm 5.0 is 5 times faster than most of the earlier versions of the npm modules.
Security – one of the essential aspects of the Yarn vs npm comparison is security. npm automatically executes a code which allows the other packages to get included into the fly. This results in several vulnerabilities in the security system, and it can cause severe problems later on. On the other hand, Yarn installs those files which are only from the yarn.lock or package.json files. Therefore it has been deemed as more secured than npm packages.
Disadvantages of Yarn
yarn is not considered as a standalone application but an improvement of npm. Using npm and yarn can bring out different issues. Yarn is also responsible for taking up a lot of hard disk space. Since Yarn is a comparatively newer package, and therefore many people are much sceptical about using Yarn over npm because it is much older.
However, with time, Yarn is becoming more popular than npm, and with much better security updates and stability, it will overtake npm in the coming days.