• By default, Yarn is now installed via the package.json property packageManager.
• Hardened mode performs two additional validations (quoting the blog post):
  • It will validate the resolutions stored in the lockfile are consistent with what the ranges could resolve to.
  • It will validate that the package metadata stored in the lockfile are consistent the remote registry metadata.
• Yarn’s rule-based constraints were previously written in Prolog and are now written in JavaScript.
• More functionality is built-in that was previously implemented as plugins.
• Improved CLI user interface
• Faster performance
• Content and look of the website were updated.

Highlight (quoting the blog post):

The new flag --experimental-detect-module can be used to automatically run ES modules when their syntax can be detected. For “ambiguous” files, which are .js or extensionless files with no package.json with a type field, Node.js will parse the file to detect ES module syntax; if found, it will run the file as an ES module, otherwise it will run the file as a CommonJS module. The same applies to string input via --eval or STDIN.

We hope to make detection enabled by default in a future version of Node.js. Detection increases startup time, so we encourage everyone — especially package authors — to add a type field to package.json, even for the default "type": "commonjs". The presence of a type field, or explicit extensions such as .mjs or .cjs, will opt out of detection.

JavaScript’s various package managers all work differently. One area in which they differ is “dependency divergence”: “when 2 different dependencies specifying the same constraint differ in what they install”. “When installing dependencies, [package managers] may choose to update versions automatically, may keep a minimal matching version, may refer to a tooling specific lockfile, etc. the choice is theirs to make and all could be valid given a constraint that spans multiple versions.”

Running our new Dependency Divergence GitHub Action will expose when installations differ in your project. This can be used to assert that moving to a new shiny package manager or a battle tested package manager won't alter your dependencies in an unexpected way or introduce problematic packages.

• Node.js work sponsored by Bloomberg: faster startup time via code caching and snapshotting, Async Context, deferred module evaluation, and more.
• WinterCG (Web-interoperable runtimes community group), is a standards group where Node.js has an important voice
• It’s important that the web community keeps contributing to Node.js (via money, work, etc.).