Add README install for Yarn 2+ using 'yarn dlx'

[joelparkerhenderson]

This commit brings the README up to date with yarn latest.

See https://yarnpkg.com/

Yarn 3 is the latest stable version of yarn,
such as installed by running this command:

$ yarn set version latest

Yarn 2 introduced the new command 'yarn dlx' which downloads and executes
a package in a temporary environment. This is the preferred way to work with
Yarn 2 and Yarn 3, as explained on the Yarn website page about 'yarn dlx'.

See https://yarnpkg.com/cli/dlx

Yarn 1 is helpful to still have in the instructions because some developers
still use it for historical reasons, such as needing to manage a third-party
package that has not been updated to work with Yarn 2 or Yarn 3.
However, the Yarn 1 instructions do not work correctly with Yarn latest.

[facebook-github-bot]

Hi @joelparkerhenderson!

Thank you for your pull request and welcome to our community.

Action Required

In order to merge any pull request (code, docs, etc.), we require contributors to sign our Contributor License Agreement, and we don't seem to have one on file for you.

Process

In order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA.

Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with CLA signed. The tagging process may take up to 1 hour after signing. Please give it that time before contacting us about it.

If you have received this in error or have any questions, please contact us at [email protected]. Thanks!

[facebook-github-bot]

Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Meta Open Source project. Thanks!

[facebook-github-bot]

Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Meta Open Source project. Thanks!

[merceyz]

We (Yarn) should update our documentation but you can still use yarn create in v2 and up, under the hood it calls yarn dlx create-

[joelparkerhenderson]

For what it's worth, I highly prefer the explicit yarn dlx create-react-app rather than yarn create react-app doing it under the hood.

Explicit security is a valuable feature IMHO.

My context is a pain point with a vendor where some developers are on older Yarn (not Yarn 3) and the vendor is pointing to this CRA repo saying yarn create react-app is the official CRA way, and there's no info on the CRA page about yarn dlx, so our vendor documentation is not adding any information about yarn dlx at this time. This is causing confusion among the developers on both sides. An easy compromise is to have CRA explain both ways.