šŸ“¦šŸš€ Fast, disk space efficient package manager

Related tags

Package Managers nodejs javascript npm package-manager node dependency-manager install modules
Overview

äø­ę–‡ | EspaƱol

Fast, disk space efficient package manager:

  • Fast. Up to 2x faster than the alternatives (see benchmark).
  • Efficient. Files inside node_modules are linked from a single content-addressable storage.
  • Great for monorepos.
  • Strict. A package can access only dependencies that are specified in its package.json.
  • Deterministic. Has a lockfile called pnpm-lock.yaml.
  • Works everywhere. Supports Windows, Linux, and macOS.
  • Battle-tested. Used in production by teams of all sizes since 2016.

To quote the Rush team:

Microsoft uses pnpm in Rush repos with hundreds of projects and hundreds of PRs per day, and weā€™ve found it to be very fast and reliable.

npm version Join the chat at Discord OpenCollective OpenCollective Twitter Follow

Background

pnpm uses a content-addressable filesystem to store all files from all module directories on a disk. When using npm or Yarn, if you have 100 projects using lodash, you will have 100 copies of lodash on disk. With pnpm, lodash will be stored in a content-addressable storage, so:

  1. If you depend on different versions of lodash, only the files that differ are added to the store. If lodash has 100 files, and a new version has a change only in one of those files, pnpm update will only add 1 new file to the storage.
  2. All the files are saved in a single place on the disk. When packages are installed, their files are linked from that single place consuming no additional disk space. Linking is performed using either hard-links or reflinks (copy-on-write).

As a result, you save gigabytes of space on your disk and you have a lot faster installations! If you'd like more details about the unique node_modules structure that pnpm creates and why it works fine with the Node.js ecosystem, read this small article: Flat node_modules is not the only way.

Installation

npm install -g pnpm

For other installation options visit our website.

Usage

Just use pnpm in place of npm/Yarn. E.g., install dependencies via:

pnpm install

Also, pnpx instead of npx:

pnpx create-react-app my-cool-new-app

For more advanced usage, read pnpm CLI on our website, or run pnpm help.

Benchmark

pnpm is up to 2x faster than npm and Yarn classic. See all benchmarks here.

Benchmarks on an app with lots of dependencies:

Support

Contributors

This project exists thanks to all the people who contribute. [Contribute].

Backers

Thank you to all our backers! šŸ™ [Become a backer]

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]

License

MIT

Like this project? Let people know with a tweet.

Comments
  • Best practices for using PNPM with docker monorepo

    Best practices for using PNPM with docker monorepo

    Hello @zkochan. I've seen many discussion related to docker and monorepos, but I would like to draw underline for best practices of pnpm usage for my particular cases, which is very common I guess. As desired result of this issue resolution, I would like to create PR with new recipe covering this topic for PNPM docs. I will start with description of use case.

    I have a monorepo based on pnpm workspaces. It contains some NodeJS services packaged in docker. Services has both workspace dependencies and external npm registry dependencies. In my CI I would like to trigger rebuild only for service that was modified, and this feature is available for Github actions, bitbucket pipelines and many other solutions.

    While working on this solution, I found the following needs:

    1. Need to generate individual lockfile which contains only stuff needed for particular docker service. This problem can be solved with @pnpm/make-dedicated-lockfile (please confirm if it's best way to achieve this result now, or you implemented this feature in pnpm already)
    2. Need to build project and it dependencies. It can be achieved by using pnpm filters as discussed in https://github.com/pnpm/pnpm/issues/3060
    3. Need to install workspace dependencies without using npm registry, because it quite convenient to have ability to build service with exactly same versions of dependencies from repository SHA. Also per my understanding, lockfile generated by @pnpm/make-dedicated-lockfile should respect dependencies of workspace dependencies.

    What options do I have to achieve last need? Also, would you consider PR to PNPM documentation with recipe?

    I think that this case is pretty common, so please feel free to throw any link to issues if I missed something.

    Thanks in advance.

    area: monorepo area: deploy 
    opened by georgyfarniev 63
  • Bundling up project for deployment

    Bundling up project for deployment

    Iā€™ve got a TypeScript monorepo with packages that are never published to any registry. I want to make a Docker image for one package. I need a way to bundle up a single package and its dependencies, along with either a whitelist of files or all files in the directory that arenā€™t in a blacklist (.npmignore would do fine, I guess) so that I can compile my code (maybe using something similar to a prepublish script), create a bundle, copy that bundle into my Node.JS-based imageā€”no symlinks involvedā€”and go.

    Thereā€™s some overlap here with #1637, but in my case, Iā€™m using a multi-stage Docker build: the build stage is where Iā€™d like to compile and prepare the bundle, and the deploy stage is where Iā€™d like to just copy that bundle over. If the end result were something that didnā€™t require pnpm, i.e. a regular Node.JS package, that would be even more convenient.

    (From Gitter.)

    type: feature area: monorepo 
    opened by Aankhen 62
  • pnpm as a service

    pnpm as a service

    If pnpm will be running in the background as a service, a pnpm install would just be a call to the service that already runs. It would:

    1. decrease startup time
    2. remove the need in locking the store and project

    The service would also keep the store warm. So it would be possible to make every install in offline mode.

    This would be not obligatory. pnpm would work with or without the service. On CI servers, for instance, such service wouldn't make any sense.

    area: performance 
    opened by zkochan 58
  • Fixing --preserve-symlinks. Enhancing node to exploit.

    Fixing --preserve-symlinks. Enhancing node to exploit.

    To all package managers, npm, yarn, ied, pnpm

    Are Symlinks The Problem?

    One day long ago, a version of node was released that purported to support symlinking of module directories. Its implementation was flawed. It offered no way to turn the "support" off. And thus the ecosystem proclaimed symlinks to be "a very bad thing", best avoided in practice, choosing to believe they could never possibly work well with, let alone actually improve node.

    This simple issue at nodejs/node challenges that by:

    • Fixing three critical problems with --preserve-symlinks:
      • Memory Bloat
      • Add-on Crashing
      • And "The Fundamental Flaw": That it always converts "main.js" to its real path
    • Backward compatibly enhancing node so modules can be stored separately from the directory structures that dictate their dependency version resolutions, while keeping those version-specifying structures coupled to a given top-level '/node_modules' root. This seamlessly enables:
      • Machine level stores
      • Simplified single-machine, concurrent development of dependent modules
      • 50x reduction in install times (after initial install)
      • A way out of symlink directory cycles

    To access a fork/branch with fixes, and to learn a little more about why and how, please visit the issue at nodejs/node. If you see the value, please offer your resolute support.

    opened by ghost 54
  • v5.2.4 Regression: Couldn't find a suitable global executables directory.

    v5.2.4 Regression: Couldn't find a suitable global executables directory.

    pnpm version:

    v5.2.4

    Code to reproduce the issue:

    Have pnpm bins installed in D:\Programs\NodeJS\pnpmā€‘global\

    Expected behavior:

    pnpm --global commands work correctly.

    Actual behavior:

    ā€‰ERRORā€‰ Couldn't find a suitable global executables directory.

    CausedĀ byĀ https://github.com/pnpm/pnpm/pull/2637, D:\Programs\NodeJS\pnpmā€‘global\ doesnā€™tĀ getĀ treated asĀ aĀ valid globalĀ binĀ directory.

    Additional information:

    • node -v prints: v14.4.0
    • Windows, OS X, or Linux?: Windows
    type: bug regression 
    opened by ExE-Boss 50
  • Frameworks/toolings don't resolve dependencies the way Node does

    Frameworks/toolings don't resolve dependencies the way Node does

    We have a lot of issues that happen because toolings like webpack, browserify and others don't resolve dependencies the way Node does. This is something that pnpm will never fix and the toolings should fix. And they should fix it not because of pnpm but because they should be Node-compatible.

    Open issues we currently have because of this:

    • [ ] webpack: #740
    • [x] browserify: #795
    • [x] angular (because of webpack): #769
    • [x] CRA (because of webpack configuration?): #581
    • [ ] eslint (actually just a plugin of it but a widely used one): #739
    • [x] jest: #1007
    • [ ] maybe karma: #720

    Help is highly appreciated here. If you have friends in those communities or are familiar with their codebase please try to make this happen faster.

    Also please reference this issue to make tracking of progress easier

    help wanted type: bug/ecosystem Hacktoberfest 
    opened by zkochan 49
  • feat: add git-branch-lockfile config to generate lockfile in each branch

    feat: add git-branch-lockfile config to generate lockfile in each branch

    Summary

    Ref https://github.com/pnpm/pnpm/discussions/4324

    Detail

    1. Add a new setting called git-branch-lockfile specified .npmrc to turn on lockfile assembly feature.
    2. When this feature is on, pnpm install will update pnpm-lock.<branch_name>.yaml instead of pnpm-lock.yaml, this helps avoiding PR conflicts on a single pnpm-lock.yaml file.
    3. Add a new arg called --merge-git-branch-lockfiles for pnpm install. After PR merged into the main branch, run pnpm install --merge-git-branch-lockfiles to update the main lockfile and remove the others.

    How to test it

    Unit tests are added to test this feature, including

    • lockfile-file: read, write, lockfileName
    • core/install: gitBranchLockfile & mergeGitBranchLockfiles
    opened by chengcyber 46
  • Don't run the pre/post scripts

    Don't run the pre/post scripts

    NOTE: It is possible to return how pre/post scripts worked by setting the enable-pre-post-scripts setting to true (since v6.1.0)

    When running pnpm run foo, don't run the prefoo script and the postfoo script.

    Yarn 2 already deprecated the pre/post scripts:

    In particular, we intentionally don't support arbitrary pre and post hooks for user-defined scripts (such as prestart). This behavior, inherited from npm, caused scripts to be implicit rather than explicit, obfuscating the execution flow. It also led to surprising executions with yarn serve also running yarn preserve.

    https://yarnpkg.com/advanced/lifecycle-scripts

    type: breaking change 
    opened by zkochan 44
  • integrity checksum failed when using sha1

    integrity checksum failed when using sha1

    pnpm version: 2.2.1

    Code to reproduce the issue:

    Don't have a shareable deterministic repro...

    Expected behavior:

    When performing an install pnpm should use the same SHA algorithm as server is using when checking for integrity.

    Actual behavior:

    We get an error like:

    ERRORā€‰ sha1-iPH9Gm3+vKXEGUAhCJubDn/BWkA= integrity checksum failed when using sha1: wanted sha1-iPH9Gm3+vKXEGUAhCJubDn/BWkA= but got sha512-L0FUxzgyBIaJrdc1DigatUZiZ9NbeCYNsW6gG/4ezLc/8Hv0EaHsSWGNRPCKBCkiatd3CUFSb6nWLvEVVc2qdg== sha1-sqnHrJmVkxa8tNfCe8ddecwx9LI=. (6553600 bytes)
at on                     ā€¦pnpm/lib/node_modules/ssri/index.js:310  const err = new Error(`${sri} integrity checksum failed when using ${algorithm}ā€¦
at emitNone               events.js:91
at emit                   events.js:185
at endReadableNT          _stream_readable.js:974
at _combinedTickCallback  internal/process/next_tick.js:74
at _tickCallback          internal/process/next_tick.js:98
Resolving: total 2430, reused 0, downloaded 2269

    We verified that our NPM registry is definitely returning SHA1 hashes that match the expected value. It appears that PNPM is sometimes comparing the wrong hash.

    Any ideas/logs I could provide?

    This has been affecting several members of our team, but not others. Sometimes we can fix it by cleaning out the store or not using the shrinkwrap file, but today we got a deterministic repro on 2 machines.

    Additional information:

    • node -v prints: 8.9.4
    • Windows, OS X, or Linux?: Windows
    type: bug 
    opened by nickpape 40
  • CI complains of outdated lockfile but says the lockfile is up to date

    CI complains of outdated lockfile but says the lockfile is up to date

    The CLI says the lockfile is up to date but it still failing when it runs on CI. Running pnpm i locally doesn't create any updates to the lockfile.

    pnpm version: 7.8.0

    The issue exists since the release of 7.6.0. It works fine in 7.5.2

    Expected behavior:

    CI doesn't complain about outdated file when the lockfile is updated.

    Actual behavior:

    CI complains the lockfile is outdated

    pnpm install --prefer-offline

Scope: all 21 workspace projects
Lockfile is up-to-date, resolution step is skipped
ā€‰ERR_PNPM_OUTDATED_LOCKFILEā€‰ Cannot install with "frozen-lockfile" because pnpm-lock.yaml is not up-to-date with packages/eslint-plugin/package.json

Note that in CI environments this setting is true by default. If you still need to run install in such cases, use "pnpm install --no-frozen-lockfile"

Exited with code exit status 1

    Additional information:

    • node -v prints: 16.16.0
    • Windows, macOS, or Linux?: OSX/Linux
    type: bug 
    opened by tleunen 39
  • Support audit

    Support audit

    There's a new command available called "audit" since NPM [email protected] and npm@6. It requires the presence of both package.json and package-lock.json meaning it cannot be just a pass through. It would be great if PNPM supported it as well.

    This version of npm adds a new command, npm audit, which will run a security audit of your project's dependency tree and notify you about any actions you may need to take.

    As part of this change, the npm CLI now sends scrubbed and cryptographically anonymized metadata about your dependency tree to your configured registry, to allow notifying you about the existence of critical security flaws.

    https://blog.npmjs.org/post/173719309445/npm-audit-identify-and-fix-insecure

    type: feature state: in progress size: XL priority: 3 
    opened by jiripospisil 39
  • Issue with styled component using pnpm 7 version

    Issue with styled component using pnpm 7 version

    What is happening?

    I have a monorepo (pnpm) When i use pnpm version 7 and node version 18, the styled component are not able to access the theme object that is passed to ThemeProvider

    <ThemeProvider theme={theme}>

    i can see that we are passing the theme object and the value, but when i console log the theme in the one of the styled components the theme object is empty

    Error message

    209021690-febc834c-6098-4526-bc19-f68f241cddcb

    I don't face that issue if i use pnpm 6

    type: bug 
    opened by YKalashnikov 0
  • pnpm i --fix-lockfile ā€‰ERR_PNPM_NO_MATCHING_VERSIONā€‰

    pnpm i --fix-lockfile ā€‰ERR_PNPM_NO_MATCHING_VERSIONā€‰

    pnpm version:

    7.22.0

    Code to reproduce the issue:

    I run pnpm i --fix-lockfile in my code. That is a workspace.

    Expected behavior:

    install successfully

    Actual behavior:

    image

    image

    Is that pnpm doesn't get the correct version with 4.0.4_uakuilq6iygkg5ll5cv37w4i7m?

    Here is my lock file pnpm-lock.yaml.txt

    Additional information:

    • node -v prints: v16.13.2
    • Windows, macOS, or Linux?: linux
    type: bug 
    opened by candy-Tong 0
  • pnpm 7.20.0 and later should maybe log which config file is changed when doing

    pnpm 7.20.0 and later should maybe log which config file is changed when doing "pnpm config set"

    So not really a bug, but still wanted to tell people about it, since this gave us quite a headache when deploying.

    Long story short, pnpm 7.20.0 and later makes modifications to local .npmrc file when doing config set, and that may not always be what you want. For instance if overriding store default. E.g. pnpm config set store-dir /home/travis/.cache/.pnpm-store. Before 7.20.0 this was done in the global settings file, e.g. Ė™~/.npmrc` on my machine.

    We use travis for builds, and most of the build is outside docker. But the final artifact is inside docker. In order to only have relevant artifact we use docker COPYand .dockerignore to get the right things in. This means we copy over .npmrc. However when we run the pnpm config set store-dir /home/travis/.cache/.pnpm-store on the travis instance, the modified file is copied into docker.

    We may have a non-standard setup. But we are many in our org which uses it, and we had some trouble debugging it.

    I am not sure this is a great idea, up to the project of course. But logging which file is changed when doing a pnpm config set ... probably would have helped us debug this a lot faster.

    Love pnpm, keep up the great work!

    For reference, the errors we got were of the following sort (if people search for solutions):

    Step 4/13 : RUN corepack pnpm install --prefer-frozen-lockfile --prod
---> Running in 4d42479840af
EACCESā€‰ EACCES: permission denied, mkdir '/home/travis'
    opened by stoyle 2
  • pnpm ā‰„ 7.20 runs `prepublishOnly` even on `--ignore-scripts`

    pnpm ā‰„ 7.20 runs `prepublishOnly` even on `--ignore-scripts`

    pnpm version:

    7.22.0

    Code to reproduce the issue:

    I canā€™t reproduce it locally, but see on CI: https://github.com/evilmartians/oklch-picker/actions/runs/3831016173/jobs/6519618073

    Expected behavior:

    No prepublishOnly logs on pnpm install --frozen-lockfile --ignore-scripts call

    Actual behavior:

    prepublishOnly records (and a build error, but the whole build script should not be run).

    Additional information:

    • node -v prints: 18.12.1
    • Windows, macOS, or Linux?: Linux
    type: bug 
    opened by ai 2
  • Corepack stuck on 7.1.7

    Corepack stuck on 7.1.7

    pnpm version: 7.1.7

    Code to reproduce the issue:

    corepack prepare [email protected] --activate; pnpm -v

    Expected behavior:

    It should output I'm on 7.22.0

    Actual behavior:

    Preparing [email protected] for immediate activation...
7.1.7

    Additional information:

    • node -v prints: v16.17.1
    • Windows, macOS, or Linux?: macOS, nvm
    which pnpm
~/.nvm/versions/node/v16.17.1/bin/pnpm
    type: bug 
    opened by hyperknot 0
  • fix(plugin-commands-script-runners): support diectory with path delimiter when running local bin

    fix(plugin-commands-script-runners): support diectory with path delimiter when running local bin

    close #5846

    For the following project:

     // test/test_pnpm:colon/package.json
 {
  "name": "test-pnpm-example",
  "version": "1.0.0",
  "scripts": {
    "test": "cowsay 'hi'"
  },
  "dependencies": {
    "cowsay": "^1.5.0"
  }
}

    After run pd install , pd exec cowsay hi or pd cowsay hi will executed successfully.

    However, currently, running the test script in package.json(pd test) still reports an command not found error. It seems to be consistent with the behavior of yarn classic.

    If we want to support pd test in this case , we may need to change @pnpm/npm-lifecycle?

    opened by await-ovo 0
Releases(v7.22.0)
Owner
pnpm
Fast, disk space efficient package manager
pnpm
GitHub https://pnpm.js.org
frontend package manager and build tool for modular web applications

THIS PROJECT IS DEPRECATED Component is not maintained anymore. See here #639 for more information. You can still use the component registry on compon

Component 4.6k Dec 30, 2022
A next-generation package manager for the front-end

Duo is a next-generation package manager that blends the best ideas from Component, Browserify and Go to make organizing and writing front-end code qu

Duo 3.4k Dec 28, 2022
JavaScript package manager - using a browser-focused and RequireJS compatible repository

****NOTE: this project is no longer active and not recommended for use. It is left here for reference. **** Jam was created at a time before Bower and

Caolan McMahon 1.5k Dec 10, 2022
Brand new static package manager.

spm Brand new static package manager for browser. spm 从 3.9 开始将äøå†ē®”ē†ē»„件ēš„ē”Ÿå‘½å‘Øꜟ, 即äøå†ęœ‰ spmjs.io. ꉀ仄ē›øåŗ”ēš„é€»č¾‘å…ØéƒØ去除. čÆ·ä½æē”Ø npm ę„ē®”ē†ē»„件. Install $ npm install spm -g Us

Static Package Manager 907 Sep 24, 2022
interplanetary package manager

interplanetary package manager

Nathan Ginnever 10 Oct 9, 2021
Move all the disks from the left hand post to the right hand post, only moving the disks one at a time and a bigger disk can never be placed on a smaller disk.

Hanoi Tower Description The Tower of Hanoi was a famous problem posed by a mathematician in 1883, The "puzzle" is to move all the disks from the left

Dustin J Sellers 1 Feb 5, 2022
"Space Traveler's Hub" is A web application that provides commercial and scientific space travelling services, We are working with real live data from the SpaceX API. The application will allow users to book rockets and join selected space missions. The Space Travelers' Hub consists of Rockets, Missions, and the My Profile section. builded by Ezekiel & Edward.

Space Travelers' Hub Table of Contents About the Project Built With Getting Started Contributing Authors Acknowledgements About Project "Space Travele

Ezekiel Utshudi Eteta 9 Jun 23, 2022
The Space Travelers' Hub consists of Rockets, Missions, and the My Profile section. We worked with the real-live data from the SpaceX API in this project. And build a web application for a company that provides commercial and scientific space travel services. The application allows users to book rockets and join selected space missions.

Space Travelers Hub The Space Travelers' Hub consists of Rockets, Missions, and the My Profile section. We worked with the real-live data from the Spa

Ahmad Zamir Yousufi 3 Jun 28, 2022
A devtool improve your pakage manager use experience no more care about what package manager is this repo use; one line, try all.

pi A devtool improve your pakage manager use experience no more care about what package manager is this repo use; one line, try all. Stargazers over t

tick 11 Nov 1, 2022
A demo to show how to re-use Eleventy Imageā€™s disk cache across Netlify builds.

Re-use Eleventy Image Disk Cache across Netlify Builds Live Demo This repository takes all of the high resolution browser logos and processes them thr

Eleventy 9 Apr 5, 2022
This project scans yandex disk folders that are open to public sharing and allows you to download their contents.

kitapbar.com Development start mongodb server docker-compose -f docker-compose.dev.yaml up -d yandex service cd services/yandex create a .env file by

Xinor 14 Oct 15, 2022
Space Travelers' Hub - a web application that facilitates booking rockets and join selected space missions

This is a web application that facilitates booking rockets and join selected space missions. It is built for a company that offers both commercial and scientific space travel services. The application also works with real live data from the SpaceX API.

Mong'are 6 Mar 29, 2022
"Space-Travelers-Hub" is a website that allows users to book rockets and join selected space missions by using data from the SpaceX API.

Space-Travelers-Hub This project was bootstrapped with Create React App. Description "Space-Travelers-Hub" is a website that allows users to book rock

Tresor Sawasawa 4 Mar 13, 2022
A web application for a company that provides commercial and scientific space travel services. The application will allow users to book rockets and join selected space missions.

Space Travelers A web application for a company that provides commercial and scientific space travel services. The application will allow users to boo

Hector Torres 2 Apr 6, 2022
Welcome to Space Traveler's HUB, this web app allows the user to take a fictional tour across the space.

Welcome to Space Traveler's HUB, this web app allows the user to take a fictional tour across the space. The user can choose a rocket from our catalog interface, and reserve it. Also, the user can see recent special missions and join them. Finally, the user will be able to keep track of all your rockets and mission they are subscribed to. Build with React, Redux, React-router, and Railwindcss.

Mihreteab Misganaw 3 Jan 27, 2022
A web application for a company that provides commercial and scientific space travel services. The application allows users to book rockets and join selected space missions.

Space Travelers' Hub A web application for a company that provides commercial and scientific space travel services. The application allows users to bo

Manel Hammouche 8 Oct 14, 2022
This web application provides commercial and scientific space travel services. The application allows users to book rockets and join selected space missions.

space-hub About Project "Space Traveler's Hub" is A web application that provides commercial and scientific space travelling services, We are working

Nicholas Emmanuel 7 Nov 2, 2022
This a web application for a company that provides commercial and scientific space travel services. The application will allow users to book rockets, dragons and join selected space missions.

Space Travelers' Hub In this project, we have worked with the real live data from the SpaceX API. Our task was to build a web application for a compan

Apuabi Titilope 4 Oct 31, 2022
The Space Traveler's Hub is an application where users can check out availble space rockets and book them or cancel the previously made booking. Also users can find a list of current missions along with their brief description and can join the selected mission or leave the mission the user joined earlier.

Space-Travelers-Hub The Space Traveler's Hub is an application where users can check out available space rockets and book them or cancel the previousl

Tiago Lelinski Marin 7 Sep 22, 2022
In this project we built a web application that consumes an SpaceX API. It provides commercial and scientific space travel services that allows users to book rockets and join selected space missions.

Space Travelers' Hub In this project we built a web application that consumes an SpaceX API. It provides commercial and scientific space travel servic

Diego Yon 7 Sep 30, 2022