Clarify npm (not yarn) usage in README setup

[j0ntz]

Description

Asana task

Docs-only change for an end-to-end agent-pipeline smoke test (Asana task).

Adds a short clarifying sentence to the README "Getting Started" section noting that the project previously used yarn but has since migrated to npm, so contributors should use the npm commands rather than yarn.

The original task was drafted before the yarn→npm migration and literally asked for a "uses yarn (not npm)" note. Since the repo now uses npm (yarn.lock removed, package-lock.json present, README commands all use npm), that literal note would be inaccurate. The accurate, value-adding version is committed instead.

Note: this branch is based on a worktree that has the (not-yet-on-develop) "Convert package manager from yarn to npm" commit cherry-picked in for tooling. The only commit that is this task's work is the single README change (Clarify npm (not yarn) usage in README setup); the npm-migration diff will disappear from this PR once that change lands on develop.

CHANGELOG

Does this branch warrant an entry to the CHANGELOG?

• Yes
• No

Dependencies

none

Requirements

If you have made any visual changes to the GUI. Make sure you have:

• Tested on iOS device
• Tested on Android device
• Tested on small-screen device (iPod Touch)
• Tested on large-screen device (tablet)

No GUI changes — documentation only.

---

Note

Low Risk
Changes are limited to install/CI configuration and documentation; no auth, payment, or app runtime logic is modified.

Overview
This PR standardizes the repo on npm instead of Yarn for installs, scripts, and CI.

Configuration: .npmrc gains ignore-scripts=true and legacy-peer-deps=true (behavior previously in .yarnrc, which is removed). package.json already pins packageManager to npm.

CI / automation: Travis and the Jenkinsfile switch from yarn / yarn install to npm ci, npm run prepare, npm test, and related npm script invocations (including dev sucrase via npm install --save-dev).

Docs & onboarding: README, AGENTS.md, docs/MAESTRO.md, and maestro.sh replace Yarn commands and drop global Yarn installation from the Maestro bootstrap script; README adds a note that the project migrated from Yarn to npm.

No application/runtime wallet code changes—tooling and contributor docs only.

^{Reviewed by Cursor Bugbot for commit e7bcbe8. Bugbot is set up for automated code reviews on this repo. Configure here.}

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	react-native-custom-tabs@​0.1.8 ⏵ 0.1.8
	react-native-store-review@​0.4.3 ⏵ 0.4.3
	patch-package@​6.4.7 ⏵ 8.0.1			+1
	react-native-reanimated@​3.19.1 ⏵ 3.19.5	+1		+1	+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Low adoption: npm hashes-grs Location: Package overview From: package-lock.json → npm/edge-currency-plugins@3.9.0 → npm/hashes-grs@1.2.0 ℹ Read more on: This package | This alert | What are unpopular packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Unpopular packages may have less maintenance and contain other problems. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/hashes-grs@1.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[j0ntz]

Closing — this was an end-to-end orchestration smoke test on a newly provisioned machine, not a real change. The large diff (+28k/-19k) is the in-flight yarn→npm migration commit that setup-task-workspace cherry-picks into every agent worktree; since that migration isn't on develop yet, it leaked into the PR. The actual task was a one-line README note. No merge intended.