Github user sardell commented on the issue:
https://github.com/apache/metron/pull/952
> What yarn does is that reduces the possibility of version mismatch of the
dependencies by importing the dependencies subdependency in the right version
I believe npm also does this with the addition of
[package-lock.json](https://docs.npmjs.com/files/package-lock.json).---
