A flaw was found in Yarn. The package integrity validation in Yarn contains a time-of-check to time-of-use (TOCTOU) vulnerability where the hash is computed before writing a package to cache and is not computed again when reading from the cache. This flaw may lead to a cache pollution attack. The highest threat from this vulnerability is to integrity.
Run 'yarn cache clean' before installs.