(no title)

The way npm install always check latest package version and use them, even if package lock already exists. Which broke apps build many many times due to developer does not recognize this behavior. I know there are npm shrinkwrap and npm ci. Its just other package manager usually follow lockfile on install and have other command to upgrade the lockfile.

Also npm install download gazilion file for each dependencies. With deep directories.

In the past, there are problem because npm way of installing dependencies and hitting this infamous windows file path length limitation.

All are now already fixed or have alternative. But at that time, composer definitely much simpler and reliable.