move to yarn or use SHA-512 on package.json (rel. supply chain security)

Hello!

I noticed some traffic to taobao.org (not-official npm registry) during npm install, and saw that package-lock.json file has only sha-1 integrity fields.

Are there plans to migrate package-lock.json to yarn.lock or convert it to sha512 checksums?

Thank you!