pnpm
@pnpm.io
Fast, disk space efficient package manager
pnpm.io
pnpm.io
pnpm 10.26 is here!
This release focuses heavily on locking down supply chain security and giving you granular control over build scripts.
From stricter git defaults to the new allowBuilds config, here’s a breakdown of the changes. 🧵👇
#pnpm #javascript
This release focuses heavily on locking down supply chain security and giving you granular control over build scripts.
From stricter git defaults to the new allowBuilds config, here’s a breakdown of the changes. 🧵👇
#pnpm #javascript
December 16, 2025 at 1:13 PM
pnpm 10.26 is here!
This release focuses heavily on locking down supply chain security and giving you granular control over build scripts.
From stricter git defaults to the new allowBuilds config, here’s a breakdown of the changes. 🧵👇
#pnpm #javascript
This release focuses heavily on locking down supply chain security and giving you granular control over build scripts.
From stricter git defaults to the new allowBuilds config, here’s a breakdown of the changes. 🧵👇
#pnpm #javascript
The Seattle Times is piloting pnpm’s client-side defenses—blocked lifecycle scripts, release cooldowns, and trust policy—to stop worms like Shai-Hulud 2.0 before they land.
Read their story:
pnpm.io/blog/2025/12...
Read their story:
pnpm.io/blog/2025/12...
How We're Protecting Our Newsroom from npm Supply Chain Attacks | pnpm
We got lucky with Shai-Hulud 2.0.
pnpm.io
December 8, 2025 at 1:48 PM
The Seattle Times is piloting pnpm’s client-side defenses—blocked lifecycle scripts, release cooldowns, and trust policy—to stop worms like Shai-Hulud 2.0 before they land.
Read their story:
pnpm.io/blog/2025/12...
Read their story:
pnpm.io/blog/2025/12...
November 12, 2025 at 2:09 PM
🚀 pnpm v10.21 is out!
This release introduces two powerful new security & compatibility features:
1️⃣ Automatic Node.js runtime installation for dependencies
2️⃣ Configurable trust policy for detecting supply-chain downgrades
🧵👇
This release introduces two powerful new security & compatibility features:
1️⃣ Automatic Node.js runtime installation for dependencies
2️⃣ Configurable trust policy for detecting supply-chain downgrades
🧵👇
November 10, 2025 at 3:18 PM
🚀 pnpm v10.21 is out!
This release introduces two powerful new security & compatibility features:
1️⃣ Automatic Node.js runtime installation for dependencies
2️⃣ Configurable trust policy for detecting supply-chain downgrades
🧵👇
This release introduces two powerful new security & compatibility features:
1️⃣ Automatic Node.js runtime installation for dependencies
2️⃣ Configurable trust policy for detecting supply-chain downgrades
🧵👇
October 21, 2025 at 2:06 PM
Reposted by pnpm
Zoltan Kochan is a full stack web developer and the creator of @pnpm.io. He joins the show with @joshuakgoldberg.com to talk about the state of package management for web dev.
@kochan.io
softwareengineeringdaily.com/2025/09/18/p...
@kochan.io
softwareengineeringdaily.com/2025/09/18/p...
pnpm with Zoltan Kochan - Software Engineering Daily
Traditional package management systems for JavaScript have faced several inefficiencies related to dependency storage, resolution, and project performance. pnpm is a fast, disk-efficient package manag...
softwareengineeringdaily.com
September 18, 2025 at 10:35 AM
Zoltan Kochan is a full stack web developer and the creator of @pnpm.io. He joins the show with @joshuakgoldberg.com to talk about the state of package management for web dev.
@kochan.io
softwareengineeringdaily.com/2025/09/18/p...
@kochan.io
softwareengineeringdaily.com/2025/09/18/p...
Published an article about mitigating supply chain attacks with pnpm
pnpm.io/supply-chain...
pnpm.io/supply-chain...
Mitigating supply chain attacks | pnpm
Sometimes npm packages are compromised and published with malware. Luckily, there are companies like [Socket], [Snyk], and [Aikido] that detect these compromised packages early. The npm registry usually removes the affected versions within hours. However, there is always a window of time between when the malware is published and when it is detected, during which you could be exposed. Fortunately, there are some things you can do with pnpm to minimize the risks.
pnpm.io
September 16, 2025 at 8:32 AM
Published an article about mitigating supply chain attacks with pnpm
pnpm.io/supply-chain...
pnpm.io/supply-chain...
Reposted by pnpm
After recent npm supply chain attacks, @pnpm.io 10.16 adds a setting for delayed dependency updates.
Tools like Taze and npm-check-updates are testing similar “maturity” options, hinting at a cautious new trend in #JavaScript package management.
socket.dev/blog/pnpm-10... #NodeJS
Tools like Taze and npm-check-updates are testing similar “maturity” options, hinting at a cautious new trend in #JavaScript package management.
socket.dev/blog/pnpm-10... #NodeJS
pnpm 10.16 Adds New Setting for Delayed Dependency Updates -...
pnpm's new minimumReleaseAge setting delays package updates to prevent supply chain attacks, with other tools like Taze and NCU following suit.
socket.dev
September 15, 2025 at 6:28 PM
After recent npm supply chain attacks, @pnpm.io 10.16 adds a setting for delayed dependency updates.
Tools like Taze and npm-check-updates are testing similar “maturity” options, hinting at a cautious new trend in #JavaScript package management.
socket.dev/blog/pnpm-10... #NodeJS
Tools like Taze and npm-check-updates are testing similar “maturity” options, hinting at a cautious new trend in #JavaScript package management.
socket.dev/blog/pnpm-10... #NodeJS
pnpm v10.14 is shipped with support for runtime engine installation. Node, Deno, and Bun are supported.
pnpm.io/blog/release...
pnpm.io/blog/release...
July 31, 2025 at 2:30 PM
pnpm v10.14 is shipped with support for runtime engine installation. Node, Deno, and Bun are supported.
pnpm.io/blog/release...
pnpm.io/blog/release...
The next version of pnpm will be able to lock your node.js version in the lockfile. Similarly to any other dependency of your project.
July 19, 2025 at 1:55 PM
The next version of pnpm will be able to lock your node.js version in the lockfile. Similarly to any other dependency of your project.
pnpm v10.13 also added a workaround for ESM, when using enableGlobalVirtualStore
pnpm.io/settings#ena...
pnpm.io/settings#ena...
July 10, 2025 at 10:25 AM
pnpm v10.13 also added a workaround for ESM, when using enableGlobalVirtualStore
pnpm.io/settings#ena...
pnpm.io/settings#ena...
pnpm v10.13 shipped some DX improvements to config dependencies. Now it is simple to install pnpm plugins.
For instance, you can run "pnpm add --config @pnpm/plugin-types-fixer" to install a plugin that will fix some frequently happening typescript issues.
For instance, you can run "pnpm add --config @pnpm/plugin-types-fixer" to install a plugin that will fix some frequently happening typescript issues.
July 9, 2025 at 12:28 PM
pnpm v10.13 shipped some DX improvements to config dependencies. Now it is simple to install pnpm plugins.
For instance, you can run "pnpm add --config @pnpm/plugin-types-fixer" to install a plugin that will fix some frequently happening typescript issues.
For instance, you can run "pnpm add --config @pnpm/plugin-types-fixer" to install a plugin that will fix some frequently happening typescript issues.
Reposted by pnpm
💖 This May and June, we have forwarded our Open Collective fund to support
Maintainers:
@9romise.bsky.social @productdevbook.com @rzmu.bsky.social @edison1105.bsky.social
Projects:
@esm.sh @pnpm.io @cyberalien.dev
Join us to show appreciation for our dependencies and help them be sustainable!
Maintainers:
@9romise.bsky.social @productdevbook.com @rzmu.bsky.social @edison1105.bsky.social
Projects:
@esm.sh @pnpm.io @cyberalien.dev
Join us to show appreciation for our dependencies and help them be sustainable!
Anthony Fu Fund Redistribution, May and June 2025 - Anthony Fu Fund
Hello everyone! In May and June 2025, we raised the fund of $1,970.34, thanks to our awesome sponsors!...
opencollective.com
July 1, 2025 at 5:15 AM
💖 This May and June, we have forwarded our Open Collective fund to support
Maintainers:
@9romise.bsky.social @productdevbook.com @rzmu.bsky.social @edison1105.bsky.social
Projects:
@esm.sh @pnpm.io @cyberalien.dev
Join us to show appreciation for our dependencies and help them be sustainable!
Maintainers:
@9romise.bsky.social @productdevbook.com @rzmu.bsky.social @edison1105.bsky.social
Projects:
@esm.sh @pnpm.io @cyberalien.dev
Join us to show appreciation for our dependencies and help them be sustainable!
By far our biggest and oldest sponsor released a product on product hunt.
bit install is pnpm install🙃
bsky.app/profile/koch...
bit install is pnpm install🙃
bsky.app/profile/koch...
🚀 Check out what we’ve been building at Bit:
Hope AI: Architect agent that builds professional software
www.producthunt.com/products/hop...
Hope AI: Architect agent that builds professional software
www.producthunt.com/products/hop...
Hope AI: Architect agent that builds professional software | Product Hunt
Build maintainable, production-grade applications. Control generation at component-level with prompts and design sketches. Compose with design system and reusable components. Deploy instantly. Generat...
www.producthunt.com
June 25, 2025 at 4:45 PM
By far our biggest and oldest sponsor released a product on product hunt.
bit install is pnpm install🙃
bsky.app/profile/koch...
bit install is pnpm install🙃
bsky.app/profile/koch...
Reposted by pnpm
📦 Big news in the package management space this week: pnpm 10.12.1 is out with a new experimental global virtual store for near-instant installs and smarter version catalog controls.
socket.dev/blog/pnpm-in... @pnpm.io #NodeJS
socket.dev/blog/pnpm-in... @pnpm.io #NodeJS
pnpm 10.12 Introduces Global Virtual Store and Expanded Vers...
pnpm 10.12.1 introduces a global virtual store for faster installs and new options for managing dependencies with version catalogs.
socket.dev
June 11, 2025 at 6:38 PM
📦 Big news in the package management space this week: pnpm 10.12.1 is out with a new experimental global virtual store for near-instant installs and smarter version catalog controls.
socket.dev/blog/pnpm-in... @pnpm.io #NodeJS
socket.dev/blog/pnpm-in... @pnpm.io #NodeJS
Reposted by pnpm
Package manager summit with @kochan.io at #JSNation !
June 12, 2025 at 4:32 PM
Package manager summit with @kochan.io at #JSNation !
pnpm v10.12 is a huge release!
We’ve added many new features to the version catalogs system.
We also shipped a new experimental option that makes installation almost instant on most dev machines.
github.com/pnpm/pnpm/re...
We’ve added many new features to the version catalogs system.
We also shipped a new experimental option that makes installation almost instant on most dev machines.
github.com/pnpm/pnpm/re...
Release pnpm 10.12.1 · pnpm/pnpm
Minor Changes
Experimental. Added support for global virtual stores. When enabled, node_modules contains only symlinks to a central virtual store, rather to node_modules/.pnpm. By default, this c...
github.com
June 8, 2025 at 3:09 PM
pnpm v10.12 is a huge release!
We’ve added many new features to the version catalogs system.
We also shipped a new experimental option that makes installation almost instant on most dev machines.
github.com/pnpm/pnpm/re...
We’ve added many new features to the version catalogs system.
We also shipped a new experimental option that makes installation almost instant on most dev machines.
github.com/pnpm/pnpm/re...
Reposted by pnpm
A short demo of pnpm's speed with a new experimental option
YouTube video by pnpm
youtu.be
June 3, 2025 at 4:54 PM
If you run into issues with typescript and pnpm, try this config dependency that we created.
Run:
pnpm add @pnpm/types-fixer --config
pnpm config set pnpmfile node_modules/.pnpm-config/@pnpm/types-fixer/pnpmfile.cjs --location=project
Run:
pnpm add @pnpm/types-fixer --config
pnpm config set pnpmfile node_modules/.pnpm-config/@pnpm/types-fixer/pnpmfile.cjs --location=project
May 23, 2025 at 11:27 PM
If you run into issues with typescript and pnpm, try this config dependency that we created.
Run:
pnpm add @pnpm/types-fixer --config
pnpm config set pnpmfile node_modules/.pnpm-config/@pnpm/types-fixer/pnpmfile.cjs --location=project
Run:
pnpm add @pnpm/types-fixer --config
pnpm config set pnpmfile node_modules/.pnpm-config/@pnpm/types-fixer/pnpmfile.cjs --location=project
Reposted by pnpm
I have copied over the list of trusted dependencies maintained by bun. So, you can use it with @pnpm.io if you want:
github.com/pnpm/trusted...
github.com/pnpm/trusted...
GitHub - pnpm/trusted-deps
Contribute to pnpm/trusted-deps development by creating an account on GitHub.
github.com
May 16, 2025 at 12:28 PM
I have copied over the list of trusted dependencies maintained by bun. So, you can use it with @pnpm.io if you want:
github.com/pnpm/trusted...
github.com/pnpm/trusted...
Reposted by pnpm
We’re excited to share that the @nodejs.org website (nodejs.org) now builds using @pnpm.io! This switch has led to faster CI builds and more efficient dependency management.
Node.js — Run JavaScript Everywhere
Node.js® is a JavaScript runtime built on Chrome's V8 JavaScript engine.
nodejs.org
May 2, 2025 at 11:04 PM
We’re excited to share that the @nodejs.org website (nodejs.org) now builds using @pnpm.io! This switch has led to faster CI builds and more efficient dependency management.
Reposted by pnpm
Now that we have a way to preload settings for
@pnpm.io, maybe we could create standard config dependencies for specific stacks. Like "@pnpm/angular-defaults"
@pnpm.io, maybe we could create standard config dependencies for specific stacks. Like "@pnpm/angular-defaults"
April 29, 2025 at 1:24 PM
Now that we have a way to preload settings for
@pnpm.io, maybe we could create standard config dependencies for specific stacks. Like "@pnpm/angular-defaults"
@pnpm.io, maybe we could create standard config dependencies for specific stacks. Like "@pnpm/angular-defaults"
Reposted by pnpm
