Not exactly Yarn or NPM. The problem is that JS is suffering from extreme dependency hell, due to overly fragmentation of modules. It's appalling. It is not a good thing starting a project, doing a install and having hundreds and hundreds of modules on node_modules, some with less then 50 lines of code. Of course things must be modular, but unwraping everything in a folder like this is far from good.
Isn't the issue here basically that JS doesn't have a "standard" authorized library, like Java or C# and NPM has basically become the standard library?
Having someone like Google steward a "standard" library (and it could even be distributed using NPM), would pretty much bring JS dependency management at par and beyond Java or C#.
You should take a proper look once, you'll be amazed at all the different modules implementing the same functionality over and over again (e.g. globbing, promisifying, or the myriad of `is-*` single-function packages).
Why is that bad? It's a huge waste of effort, increases the burden on anyone who's maintaining a package using those micro-libraries, and will guarantee more unpatched security vulnerabilities and unmaintained packages in the long run.
The leftpad fiasco (which I believe NPM has now mitigated), and the recent security issue where a certain popular package was uploading any passwords it found showed the current dangers with NPM.
NPM and Yarn are both working on approaches that would replace having a separate unpacked `node_modules` folder for every project: "Yarn Plug 'n Play" and "NPM Tink".
