pnpm
LightNews LightNews
banner
pnpm.io
pnpm
@pnpm.io
3.1K followers 24 following 56 posts
Fast, disk space efficient package manager

pnpm.io
Posts Replies Media Videos
Pinned
pnpm.io
pnpm @pnpm.io · 16d
The pnpm repository has 33K stars!
pnpm.io
🚀 pnpm v10.21 is out!
This release introduces two powerful new security & compatibility features:
1️⃣ Automatic Node.js runtime installation for dependencies
2️⃣ Configurable trust policy for detecting supply-chain downgrades

🧵👇
November 10, 2025 at 3:18 PM
pnpm.io
pnpm v10.19 is out!

pnpm.io/blog/release...
October 21, 2025 at 2:06 PM
Reposted by pnpm
softwaredaily.bsky.social
Zoltan Kochan is a full stack web developer and the creator of @pnpm.io. He joins the show with @joshuakgoldberg.com to talk about the state of package management for web dev.

@kochan.io

softwareengineeringdaily.com/2025/09/18/p...
pnpm with Zoltan Kochan - Software Engineering Daily
Traditional package management systems for JavaScript have faced several inefficiencies related to dependency storage, resolution, and project performance. pnpm is a fast, disk-efficient package manag...
softwareengineeringdaily.com
September 18, 2025 at 10:35 AM
pnpm.io
Published an article about mitigating supply chain attacks with pnpm
pnpm.io/supply-chain...
Mitigating supply chain attacks | pnpm
Sometimes npm packages are compromised and published with malware. Luckily, there are companies like [Socket], [Snyk], and [Aikido] that detect these compromised packages early. The npm registry usually removes the affected versions within hours. However, there is always a window of time between when the malware is published and when it is detected, during which you could be exposed. Fortunately, there are some things you can do with pnpm to minimize the risks.
pnpm.io
September 16, 2025 at 8:32 AM
Reposted by pnpm
socket.dev
After recent npm supply chain attacks, @pnpm.io 10.16 adds a setting for delayed dependency updates.

Tools like Taze and npm-check-updates are testing similar “maturity” options, hinting at a cautious new trend in #JavaScript package management.

socket.dev/blog/pnpm-10... #NodeJS
pnpm 10.16 Adds New Setting for Delayed Dependency Updates -...
pnpm's new minimumReleaseAge setting delays package updates to prevent supply chain attacks, with other tools like Taze and NCU following suit.
socket.dev
September 15, 2025 at 6:28 PM
pnpm.io
pnpm v10.14 is shipped with support for runtime engine installation. Node, Deno, and Bun are supported.

pnpm.io/blog/release...
July 31, 2025 at 2:30 PM
pnpm.io
The next version of pnpm will be able to lock your node.js version in the lockfile. Similarly to any other dependency of your project.
July 19, 2025 at 1:55 PM
pnpm.io
We have closed 3K issues on GitHub!

Only 1.8K issues left😆
July 19, 2025 at 1:53 PM
pnpm.io
pnpm v10.13 also added a workaround for ESM, when using enableGlobalVirtualStore

pnpm.io/settings#ena...
July 10, 2025 at 10:25 AM
pnpm.io
pnpm v10.13 shipped some DX improvements to config dependencies. Now it is simple to install pnpm plugins.

For instance, you can run "pnpm add --config @pnpm/plugin-types-fixer" to install a plugin that will fix some frequently happening typescript issues.
July 9, 2025 at 12:28 PM
Reposted by pnpm
antfu.me
💖 This May and June, we have forwarded our Open Collective fund to support

Maintainers:
@9romise.bsky.social @productdevbook.com @rzmu.bsky.social @edison1105.bsky.social

Projects:
@esm.sh @pnpm.io @cyberalien.dev

Join us to show appreciation for our dependencies and help them be sustainable!
Anthony Fu Fund Redistribution, May and June 2025 - Anthony Fu Fund
Hello everyone! In May and June 2025, we raised the fund of $1,970.34, thanks to our awesome sponsors!...
opencollective.com
July 1, 2025 at 5:15 AM
pnpm.io
By far our biggest and oldest sponsor released a product on product hunt.

bit install is pnpm install🙃

bsky.app/profile/koch...
June 25, 2025 at 4:45 PM
Reposted by pnpm
socket.dev
📦 Big news in the package management space this week: pnpm 10.12.1 is out with a new experimental global virtual store for near-instant installs and smarter version catalog controls.
socket.dev/blog/pnpm-in... @pnpm.io #NodeJS
pnpm 10.12 Introduces Global Virtual Store and Expanded Vers...
pnpm 10.12.1 introduces a global virtual store for faster installs and new options for managing dependencies with version catalogs.
socket.dev
June 11, 2025 at 6:38 PM
Reposted by pnpm
mael.dev
Package manager summit with @kochan.io at #JSNation !
Me and Zoltan
June 12, 2025 at 4:32 PM
pnpm.io
pnpm v10.12 is a huge release!

We’ve added many new features to the version catalogs system.

We also shipped a new experimental option that makes installation almost instant on most dev machines.

github.com/pnpm/pnpm/re...
Release pnpm 10.12.1 · pnpm/pnpm
Minor Changes Experimental. Added support for global virtual stores. When enabled, node_modules contains only symlinks to a central virtual store, rather to node_modules/.pnpm. By default, this c...
github.com
June 8, 2025 at 3:09 PM
Reposted by pnpm
kochan.io
So... I was working on making @pnpm.io a tad faster 😜

youtu.be/pNDFfJvaubY?...
A short demo of pnpm's speed with a new experimental option
YouTube video by pnpm
youtu.be
June 3, 2025 at 4:54 PM
pnpm.io
pnpm 10.11.1 is out!

github.com/pnpm/pnpm/re...
Release pnpm 10.11.1 · pnpm/pnpm
Patch Changes Fix an issue in which pnpm deploy --legacy creates unexpected directories when the root package.json has a workspace package as a peer dependency #9550. Dependencies specified via a ...
github.com
June 2, 2025 at 3:00 PM
pnpm.io
If you run into issues with typescript and pnpm, try this config dependency that we created.

Run:
pnpm add @pnpm/types-fixer --config
pnpm config set pnpmfile node_modules/.pnpm-config/@pnpm/types-fixer/pnpmfile.cjs --location=project
May 23, 2025 at 11:27 PM
Reposted by pnpm
kochan.io
I have copied over the list of trusted dependencies maintained by bun. So, you can use it with @pnpm.io if you want:

github.com/pnpm/trusted...
GitHub - pnpm/trusted-deps
Contribute to pnpm/trusted-deps development by creating an account on GitHub.
github.com
May 16, 2025 at 12:28 PM
Reposted by pnpm
aviv.sh
We’re excited to share that the @nodejs.org website (nodejs.org) now builds using @pnpm.io! This switch has led to faster CI builds and more efficient dependency management.
Node.js — Run JavaScript Everywhere
Node.js® is a JavaScript runtime built on Chrome's V8 JavaScript engine.
nodejs.org
May 2, 2025 at 11:04 PM
Reposted by pnpm
kochan.io
Now that we have a way to preload settings for
@pnpm.io, maybe we could create standard config dependencies for specific stacks. Like "@pnpm/angular-defaults"
April 29, 2025 at 1:24 PM
Reposted by pnpm
antfu.me
New blog post! Let's categorize our deps better with @pnpm.io catalogs!

antfu.me/posts/catego...
Categorize Your Dependencies
antfu.me
April 28, 2025 at 4:14 PM
Reposted by pnpm
jsr.io
You can now add JSR packages with @yarnpkg.dev and @pnpm.io with `jsr:` specifier

deno.com/blog/add-jsr...
Add JSR packages with pnpm and Yarn
You can now access JSR packages via pnpm and Yarn. Here's how.
deno.com
April 25, 2025 at 4:41 PM
pnpm.io
pnpm v10.9 is out with native support for the JSR registry!
You can now install packages from JSR using the "jsr:" protocol. For example:

pnpm add jsr:@hono/hono
April 21, 2025 at 9:16 AM
pnpm.io
We added support for a new hook in pnpm v10.8 for modifying its settings.

Together with configDependencies, this lets you share your settings across repositories.

To demonstrate it, we created a package with recommended pnpm settings:

github.com/pnpm/better-...
April 8, 2025 at 9:55 AM