Package Manager

pnpm

Overview

pnpm (performant npm) is a fast and disk-efficient JavaScript/TypeScript package manager developed as an alternative to npm and Yarn. By utilizing hard links and symbolic links to store packages in a single global store and sharing disk space between projects, it achieves 3x faster installation speeds and up to 50% disk space savings. While maintaining complete compatibility with npm/Yarn, it provides strict dependency management, efficient monorepo support, and enhanced security as a next-generation package manager.

Details

pnpm was developed by Zoltan Kochan in 2017 to solve existing package manager problems. Its main feature is the Content-Addressable Store (CAS) approach, where all package versions are stored only once in a global store and shared between projects via hard links. This ensures only one copy exists on disk even when the same package is used across multiple projects. It also places packages in a flat structure within the node_modules/.pnpm directory and builds proper dependency trees using symbolic links. This solves phantom dependencies and npm doppelgängers problems, achieving safer and more consistent dependency management.

Pros and Cons

Pros

• Disk efficiency: Space savings through hard links (up to 50% reduction)
• Fast installation: 3x faster through reuse of existing packages
• Strict dependencies: Safe structure preventing phantom dependencies
• Monorepo support: Efficient workspace functionality
• npm compatibility: Immediate usability with existing npm projects
• Security: Improved package isolation and access control

Cons

• Symbolic links: Some tools may not support symbolic links properly
• Windows limitations: Hard link restrictions on older Windows versions
• Learning curve: Need to understand .pnpm directory structure
• Debug complexity: Debugging difficulties due to complex link structure

Reference Links

• pnpm Official Site
• pnpm Documentation
• pnpm GitHub
• Workspaces Feature
• CLI Reference
• Configuration

Code Examples

Basic Package Management

# Install pnpm
npm install -g pnpm
# or
curl -fsSL https://get.pnpm.io/install.sh | sh -

# Initialize project
pnpm init

# Install packages
pnpm install

# Add packages
pnpm add react react-dom
pnpm add -D typescript @types/react
pnpm add -g nodemon

# Remove packages
pnpm remove lodash
pnpm remove -D webpack

Workspace (Monorepo) Setup

# pnpm-workspace.yaml
packages:
  - 'packages/*'
  - 'apps/*'
  - '!**/test/**'

// Root package.json
{
  "name": "my-monorepo",
  "private": true,
  "scripts": {
    "build": "pnpm -r run build",
    "test": "pnpm -r run test"
  }
}

# Run commands across all workspaces
pnpm -r run build
pnpm -r run test

# Run in specific workspace
pnpm --filter @myorg/app run dev
pnpm --filter "./packages/utils" run build

# Run only in packages with changed dependencies
pnpm --filter "...[HEAD~1]" run test

# Add dependencies between workspaces
pnpm --filter @myorg/app add @myorg/utils@workspace:*

Advanced Filtering and Task Management

# Pattern-based filtering
pnpm --filter "*app*" run build
pnpm --filter "@myorg/*" run lint

# Dependency-based filtering
pnpm --filter ...@myorg/core run build  # All depending on core
pnpm --filter @myorg/core^... run test   # All that core depends on

# Parallel execution control
pnpm -r --parallel run dev
pnpm -r run build --workspace-concurrency=2

# Skip with specific conditions
pnpm --filter "!@myorg/legacy" -r run test

Package Information and Store Management

# Display package information
pnpm list
pnpm list --depth=0
pnpm list --global

# Check dependency reasons
pnpm why lodash
pnpm audit

# Store management
pnpm store status
pnpm store prune  # Remove unused packages
pnpm store path   # Display store path

.npmrc Configuration and Customization

# .npmrc
# Specify store location
store-dir=~/.pnpm-store

# Disable hard links (if needed)
package-import-method=copy

# Workspace settings
link-workspace-packages=true
prefer-workspace-packages=true

# Log level settings
loglevel=warn

# Enable auto installation
auto-install-peers=true

# Strict dependency resolution
strict-peer-dependencies=true

CI/CD Environment Optimization

# Fast installation in CI
pnpm install --frozen-lockfile
pnpm install --prefer-offline

# Cache utilization
pnpm install --ignore-scripts
pnpm rebuild

# Production build
pnpm install --prod --frozen-lockfile
pnpm prune --prod

# Docker environment
# Copy only package.json and pnpm-lock.yaml, then install
COPY package.json pnpm-lock.yaml ./
RUN pnpm install --frozen-lockfile

Advanced Features and Troubleshooting

# Patch management
pnpm patch [email protected]
# After editing patch file
pnpm patch-commit /tmp/patch-dir

# Link management
pnpm link --global
pnpm link ../local-package

# Deduplication and optimization
pnpm dedupe
pnpm install --fix-lockfile

# Environment variables and scripts
PNPM_HOME=/custom/path pnpm install
pnpm exec -- jest --coverage
pnpm dlx create-react-app my-app  # Equivalent to npx