If your concern is mainly security, you can try yarn 2 (berry)’s “zero install” feature.
That vendors yours dependencies, so the whole project can then be started without yarn itself, but avoids the gigabytes and millions of files problem of node_modules.
That vendors yours dependencies, so the whole project can then be started without yarn itself, but avoids the gigabytes and millions of files problem of node_modules.
Just an alternative.