{"id":10408,"library":"pnpm","title":"pnpm","description":"pnpm is a fast, disk-space efficient package manager that utilizes hard links and symlinks to save space and speed up installations. The current stable version is 10.33.0, with version 11.0.0 actively in release candidate phase, indicating a continuous and significant development cadence.","status":"active","version":"10.33.0","language":"javascript","source_language":"en","source_url":"https://github.com/pnpm/pnpm","tags":["javascript","pnpm","pnpm10","dependencies","dependency manager","efficient","fast","hardlinks","install"],"install":[{"cmd":"npm install pnpm","lang":"bash","label":"npm"},{"cmd":"yarn add pnpm","lang":"bash","label":"yarn"},{"cmd":"pnpm add pnpm","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[],"quickstart":{"code":"pnpm install","lang":"javascript","description":"Initialize a new project with a package.json and install dependencies using pnpm."},"warnings":[{"fix":"Upgrade your Node.js environment to version 22 or newer to use pnpm v11+.","message":"pnpm v11 and later require Node.js 22 or higher. Support for Node.js 18, 19, 20, and 21 is dropped.","severity":"breaking","affected_versions":">=11.0.0"},{"fix":"Update your pnpm configuration to use `auditConfig.ignoreGhsas` for filtering audit results.","message":"The `pnpm audit` command in v11+ now uses GitHub advisory IDs (GHSAs) instead of CVEs. The configuration setting `auditConfig.ignoreCves` is no longer recognized and must be replaced with `auditConfig.ignoreGhsas`.","severity":"breaking","affected_versions":">=11.0.0"},{"fix":"Migrate your configuration to use the `pmOnFail` setting to control package manager strictness and failure behavior.","message":"Settings `managePackageManagerVersions`, `packageManagerStrict`, and `packageManagerStrictVersion` have been removed in pnpm v11. Their functionality is now subsumed by the `pmOnFail` setting.","severity":"breaking","affected_versions":">=11.0.0"},{"fix":"If this behavior is not desired, explicitly configure `minimumReleaseAge` and `blockExoticSubdeps` to your preferred values in `.npmrc` or via CLI flags.","message":"pnpm v11 enables supply-chain protection by default. `minimumReleaseAge` defaults to 1 day (preventing new package resolutions for 24h), and `blockExoticSubdeps` defaults to `true`.","severity":"gotcha","affected_versions":">=11.0.0"},{"fix":"Update your pnpm configuration to use the `allowBuilds` setting for managing build dependencies.","message":"pnpm v11 replaces old build-dependency settings (`onlyBuiltDependencies`, `onlyBuiltDependenciesFile`, `neverBuiltDependencies`) with a new `allowBuilds` setting.","severity":"breaking","affected_versions":">=11.0.0"}],"env_vars":null,"last_verified":"2026-04-18T00:00:00.000Z","next_check":"2026-07-17T00:00:00.000Z","problems":[{"fix":"Ensure your pnpm version matches the one used to generate the lockfile. In CI, use `pnpm install --frozen-lockfile` to strictly check compatibility, or `pnpm install --lockfile-only` if generating a new lockfile is intended.","cause":"The `pnpm-lock.yaml` file was created by a different pnpm version or has integrity issues.","error":"Incompatible lockfile"},{"fix":"Upgrade your Node.js environment to version 22 or higher to meet pnpm v11's requirements.","cause":"Attempting to run pnpm v11+ with an unsupported Node.js version (e.g., Node.js 18, 19, 20, or 21).","error":"pnpm: Node.js version is not supported"},{"fix":"Execute `pnpm peers check` to get a detailed report of the issues and suggested fixes, then adjust your dependencies accordingly.","cause":"Your project's dependencies have unresolved or conflicting peer dependency requirements.","error":"Peer dependency issues found. Run 'pnpm peers check' to view details."},{"fix":"Replace `auditConfig.ignoreCves` with `auditConfig.ignoreGhsas` in your pnpm configuration.","cause":"You are using `auditConfig.ignoreCves` in pnpm v11+, which has been replaced by GitHub Advisory IDs (GHSAs).","error":"The setting 'auditConfig.ignoreCves' is no longer recognized."},{"fix":"Remove `managePackageManagerVersions` and use the `pmOnFail` setting instead.","cause":"You are using the deprecated `managePackageManagerVersions` setting in pnpm v11+.","error":"The setting 'managePackageManagerVersions' is no longer recognized."}],"ecosystem":"npm"}