pnpm

10.33.0 · active · verified Sat Apr 18

pnpm is a fast, disk-space efficient package manager that utilizes hard links and symlinks to save space and speed up installations. The current stable version is 10.33.0, with version 11.0.0 actively in release candidate phase, indicating a continuous and significant development cadence.

Common errors

```
Incompatible lockfile
```
cause The `pnpm-lock.yaml` file was created by a different pnpm version or has integrity issues.

fix Ensure your pnpm version matches the one used to generate the lockfile. In CI, use `pnpm install --frozen-lockfile` to strictly check compatibility, or `pnpm install --lockfile-only` if generating a new lockfile is intended.
```
pnpm: Node.js version is not supported
```
cause Attempting to run pnpm v11+ with an unsupported Node.js version (e.g., Node.js 18, 19, 20, or 21).

fix Upgrade your Node.js environment to version 22 or higher to meet pnpm v11's requirements.
```
Peer dependency issues found. Run 'pnpm peers check' to view details.
```
cause Your project's dependencies have unresolved or conflicting peer dependency requirements.

fix Execute `pnpm peers check` to get a detailed report of the issues and suggested fixes, then adjust your dependencies accordingly.
```
The setting 'auditConfig.ignoreCves' is no longer recognized.
```
cause You are using `auditConfig.ignoreCves` in pnpm v11+, which has been replaced by GitHub Advisory IDs (GHSAs).

fix Replace `auditConfig.ignoreCves` with `auditConfig.ignoreGhsas` in your pnpm configuration.
```
The setting 'managePackageManagerVersions' is no longer recognized.
```
cause You are using the deprecated `managePackageManagerVersions` setting in pnpm v11+.

fix Remove `managePackageManagerVersions` and use the `pmOnFail` setting instead.

Warnings

breaking pnpm v11 and later require Node.js 22 or higher. Support for Node.js 18, 19, 20, and 21 is dropped.
Fix: Upgrade your Node.js environment to version 22 or newer to use pnpm v11+.
breaking The `pnpm audit` command in v11+ now uses GitHub advisory IDs (GHSAs) instead of CVEs. The configuration setting `auditConfig.ignoreCves` is no longer recognized and must be replaced with `auditConfig.ignoreGhsas`.
Fix: Update your pnpm configuration to use `auditConfig.ignoreGhsas` for filtering audit results.
breaking Settings `managePackageManagerVersions`, `packageManagerStrict`, and `packageManagerStrictVersion` have been removed in pnpm v11. Their functionality is now subsumed by the `pmOnFail` setting.
Fix: Migrate your configuration to use the `pmOnFail` setting to control package manager strictness and failure behavior.
gotcha pnpm v11 enables supply-chain protection by default. `minimumReleaseAge` defaults to 1 day (preventing new package resolutions for 24h), and `blockExoticSubdeps` defaults to `true`.
Fix: If this behavior is not desired, explicitly configure `minimumReleaseAge` and `blockExoticSubdeps` to your preferred values in `.npmrc` or via CLI flags.
breaking pnpm v11 replaces old build-dependency settings (`onlyBuiltDependencies`, `onlyBuiltDependenciesFile`, `neverBuiltDependencies`) with a new `allowBuilds` setting.
Fix: Update your pnpm configuration to use the `allowBuilds` setting for managing build dependencies.

Install

npm install pnpm npm
yarn add pnpm yarn
pnpm add pnpm pnpm

Quickstart

Initialize a new project with a package.json and install dependencies using pnpm.

pnpm install

view raw JSON →