Zoltan Kochan
@kochan.io
Developer, maker of @pnpm.io
Works on dependency management at bit.dev
Works on dependency management at bit.dev
Yeah, but i think almost no packages use provenance at the moment at all
November 11, 2025 at 7:25 PM
Yeah, but i think almost no packages use provenance at the moment at all
Yes, it will be possible to do both by name and version(s)
November 11, 2025 at 7:01 PM
Yes, it will be possible to do both by name and version(s)
There will be a setting to exclude packages from the rule. Although some believe it is a bad idea. Someone suggested to even ship a list of exceptions.
November 11, 2025 at 6:59 PM
There will be a setting to exclude packages from the rule. Although some believe it is a bad idea. Someone suggested to even ship a list of exceptions.
Yes, that’s the only safe way of doing it. We’re not fixing it only for the lockfile update case
November 11, 2025 at 6:51 PM
Yes, that’s the only safe way of doing it. We’re not fixing it only for the lockfile update case
I am not sure there’s a better way to do it.
November 11, 2025 at 5:07 PM
I am not sure there’s a better way to do it.
Sometimes I can’t tell if someone was using an agent or not but reviewing pull requests takes a lot of my time. I probably spend double the time on the review if they use agents.
November 10, 2025 at 2:52 PM
Sometimes I can’t tell if someone was using an agent or not but reviewing pull requests takes a lot of my time. I probably spend double the time on the review if they use agents.
I am not making any promises about the libraries. The major version is the major version of pnpm cli x100. So a library can have up to 99 breaking changes till the next pnpm cli comes out
September 27, 2025 at 9:46 PM
I am not making any promises about the libraries. The major version is the major version of pnpm cli x100. So a library can have up to 99 breaking changes till the next pnpm cli comes out
We need a versioning system that consists of 4 numbers, where the first one is used for marketing purposes
September 2, 2025 at 6:13 PM
We need a versioning system that consists of 4 numbers, where the first one is used for marketing purposes
There were no peer dependencies in 1985
August 20, 2025 at 12:15 AM
There were no peer dependencies in 1985
I am not sure we can call it a cache as these are files that are actually executed during runtime. We don't call the files inside node_modules "cache".
June 27, 2025 at 8:29 PM
I am not sure we can call it a cache as these are files that are actually executed during runtime. We don't call the files inside node_modules "cache".
For context, this is what I am talking about: pnpm.io/settings#ena...
Settings (pnpm-workspace.yaml) | pnpm
pnpm gets its configuration from the command line, environment variables, pnpm-workspace.yaml, and
pnpm.io
June 27, 2025 at 8:19 PM
For context, this is what I am talking about: pnpm.io/settings#ena...